diff options
author | cvs2hg <devnull@localhost> | 2004-01-07 13:36:20 +0000 |
---|---|---|
committer | cvs2hg <devnull@localhost> | 2004-01-07 13:36:20 +0000 |
commit | cdcbe4d57affae2f0db0bb0eeaea3fddc2f28afe (patch) | |
tree | 60f187758cdcdb3e315b5d9b7730e9310b00e5ff /security/nss/cmd | |
parent | 550b26306b0ab09ebb342981c9ccedd7d9c190ff (diff) | |
download | nss-hg-cdcbe4d57affae2f0db0bb0eeaea3fddc2f28afe.tar.gz |
fixup commit for tag 'PACKAGING_20030906_BASE'PACKAGING_20030906_BASE
Diffstat (limited to 'security/nss/cmd')
482 files changed, 0 insertions, 84057 deletions
diff --git a/security/nss/cmd/.cvsignore b/security/nss/cmd/.cvsignore deleted file mode 100644 index 6329db22e..000000000 --- a/security/nss/cmd/.cvsignore +++ /dev/null @@ -1 +0,0 @@ -.gdbinit diff --git a/security/nss/cmd/Makefile b/security/nss/cmd/Makefile deleted file mode 100644 index 5e716b9b3..000000000 --- a/security/nss/cmd/Makefile +++ /dev/null @@ -1,182 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -CORE_DEPTH = ../.. -DEPTH = ../.. - -include manifest.mn -include $(CORE_DEPTH)/coreconf/config.mk - -# These sources were once in this directory, but now are gone. -MISSING_SOURCES = \ - addcert.c \ - berparse.c \ - cert.c \ - key.c \ - key_rand.c \ - keygen.c \ - sec_fe.c \ - sec_read.c \ - secarb.c \ - secutil.c \ - $(NULL) - -# we don't build these any more, but the sources are still here -OBSOLETE = \ - berdec.c \ - berdump.c \ - cypher.c \ - dumpcert.c \ - listcerts.c \ - mkdongle.c \ - p12exprt.c \ - p12imprt.c \ - rc4.c \ - sign.c \ - unwrap.c \ - vector.c \ - verify.c \ - wrap.c \ - $(NULL) - -# the base files for the executables -# hey -- keep these alphabetical, please -EXEC_SRCS = \ - $(NULL) - -# files that generate two separate objects and executables -# BI_SRCS = \ -# keyutil.c \ -# p7env.c \ -# tstclnt.c \ -# $(NULL) - -# -I$(CORE_DEPTH)/security/lib/cert \ -# -I$(CORE_DEPTH)/security/lib/key \ -# -I$(CORE_DEPTH)/security/lib/util \ - -INCLUDES += \ - -I$(DIST)/../public/security \ - -I./include \ - $(NULL) - -TBD_DIRS = rsh rshd rdist ssld - -# For the time being, sec stuff is export only -# US_FLAGS = -DEXPORT_VERSION -DUS_VERSION - -US_FLAGS = -DEXPORT_VERSION -EXPORT_FLAGS = -DEXPORT_VERSION - -BASE_LIBS = \ - $(DIST)/lib/libdbm.$(LIB_SUFFIX) \ - $(DIST)/lib/libxp.$(LIB_SUFFIX) \ - $(DIST)/lib/libnspr.$(LIB_SUFFIX) \ - $(NULL) - -# $(DIST)/lib/libpurenspr.$(LIB_SUFFIX) \ - -#There is a circular dependancy in security/lib, and here is a gross fix -SEC_LIBS = \ - $(DIST)/lib/libsecnav.$(LIB_SUFFIX) \ - $(DIST)/lib/libssl.$(LIB_SUFFIX) \ - $(DIST)/lib/libpkcs7.$(LIB_SUFFIX) \ - $(DIST)/lib/libcert.$(LIB_SUFFIX) \ - $(DIST)/lib/libkey.$(LIB_SUFFIX) \ - $(DIST)/lib/libsecmod.$(LIB_SUFFIX) \ - $(DIST)/lib/libcrypto.$(LIB_SUFFIX) \ - $(DIST)/lib/libsecutil.$(LIB_SUFFIX) \ - $(DIST)/lib/libssl.$(LIB_SUFFIX) \ - $(DIST)/lib/libpkcs7.$(LIB_SUFFIX) \ - $(DIST)/lib/libcert.$(LIB_SUFFIX) \ - $(DIST)/lib/libkey.$(LIB_SUFFIX) \ - $(DIST)/lib/libsecmod.$(LIB_SUFFIX) \ - $(DIST)/lib/libcrypto.$(LIB_SUFFIX) \ - $(DIST)/lib/libsecutil.$(LIB_SUFFIX) \ - $(DIST)/lib/libhash.$(LIB_SUFFIX) \ - $(NULL) - -MYLIB = lib/$(OBJDIR)/libsectool.$(LIB_SUFFIX) - -US_LIBS = $(MYLIB) $(SEC_LIBS) $(BASE_LIBS) $(MYLIB) $(BASE_LIBS) -EX_LIBS = $(MYLIB) $(SEC_LIBS) $(BASE_LIBS) $(MYLIB) $(BASE_LIBS) - -REQUIRES = libxp nspr security - -CSRCS = $(EXEC_SRCS) $(BI_SRCS) - -OBJS = $(CSRCS:.c=.o) $(BI_SRCS:.c=-us.o) $(BI_SRCS:.c=-ex.o) - -PROGS = $(addprefix $(OBJDIR)/, $(EXEC_SRCS:.c=$(BIN_SUFFIX))) -US_PROGS = $(addprefix $(OBJDIR)/, $(BI_SRCS:.c=-us$(BIN_SUFFIX))) -EX_PROGS = $(addprefix $(OBJDIR)/, $(BI_SRCS:.c=-ex$(BIN_SUFFIX))) - - -NON_DIRS = $(PROGS) $(US_PROGS) $(EX_PROGS) -TARGETS = $(NON_DIRS) - -include $(CORE_DEPTH)/coreconf/rules.mk - - -ifneq ($(OS_TARGET),OS2) -$(OBJDIR)/%-us.o: %.c - @$(MAKE_OBJDIR) - $(CCF) -o $@ $(US_FLAGS) -c $*.c - -$(OBJDIR)/%-ex.o: %.c - @$(MAKE_OBJDIR) - $(CCF) -o $@ $(EXPORT_FLAGS) -c $*.c - -$(OBJDIR)/%.o: %.c - @$(MAKE_OBJDIR) - $(CCF) -o $@ $(EXPORT_FLAGS) -c $*.c - -$(US_PROGS):$(OBJDIR)/%-us: $(OBJDIR)/%-us.o $(US_LIBS) - @$(MAKE_OBJDIR) - $(CCF) -o $@ $(OBJDIR)/$*-us.o $(LDFLAGS) $(US_LIBS) $(OS_LIBS) - -$(EX_PROGS):$(OBJDIR)/%-ex: $(OBJDIR)/%-ex.o $(EX_LIBS) - @$(MAKE_OBJDIR) - $(CCF) -o $@ $(OBJDIR)/$*-ex.o $(LDFLAGS) $(EX_LIBS) $(OS_LIBS) - -$(PROGS):$(OBJDIR)/%: $(OBJDIR)/%.o $(EX_LIBS) - @$(MAKE_OBJDIR) - $(CCF) -o $@ $@.o $(LDFLAGS) $(EX_LIBS) $(OS_LIBS) - -#install:: $(TARGETS) -# $(INSTALL) $(TARGETS) $(DIST)/bin -endif - -symbols:: - @echo "TARGETS = $(TARGETS)" diff --git a/security/nss/cmd/SSLsample/Makefile b/security/nss/cmd/SSLsample/Makefile deleted file mode 100644 index cf741f387..000000000 --- a/security/nss/cmd/SSLsample/Makefile +++ /dev/null @@ -1,44 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -# do these once for each target program -all default export libs program install release_export:: - $(MAKE) -f make.client $@ - $(MAKE) -f make.server $@ - -# only do these things once for the whole directory -depend dependclean clean clobber realclean clobber_all release_classes release_clean release_cpdistdir release_export release_jars release_md release_policy show:: - $(MAKE) -f make.client $@ - - diff --git a/security/nss/cmd/SSLsample/Makefile.NSS b/security/nss/cmd/SSLsample/Makefile.NSS deleted file mode 100644 index 0a3545f4f..000000000 --- a/security/nss/cmd/SSLsample/Makefile.NSS +++ /dev/null @@ -1,58 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -ARCH := $(shell uname) - -ifeq ($(ARCH), SunOS) - DEFINES = -KPIC -DSVR4 -DSOLARIS -DSYSV -D__svr4 -D__svr4__ \ - -D_REENTRANT -DSOLARIS2_5 -D_SVID_GETTOD -DXP_UNIX -UDEBUG -DNDEBUG \ - -DXP_UNIX - INCPATH = -I. -I../include/dbm -I../include/nspr -I../include/security - LIBPATH = -L../lib - LIBS = -lnss -lssl -lpkcs7 -lpkcs12 -lsecmod -lcert -lkey \ - -lcrypto -lsecutil -lhash -ldbm -lplc4 -lplds4 -lnspr4 -lsocket -lnsl - CFLAGS = -g - CC = cc -endif # SunOS - -# The rules to build the sample apps appear below. - -server: - $(CC) $(CFLAGS) $@.c -o $@ $(DEFINES) $(INCPATH) $(LIBPATH) $(LIBS) - -client: - $(CC) $(CFLAGS) $@.c -o $@ $(DEFINES) $(INCPATH) $(LIBPATH) $(LIBS) - -clean: - rm -fr server client server.o client.o - diff --git a/security/nss/cmd/SSLsample/NSPRerrs.h b/security/nss/cmd/SSLsample/NSPRerrs.h deleted file mode 100644 index bacdef6b2..000000000 --- a/security/nss/cmd/SSLsample/NSPRerrs.h +++ /dev/null @@ -1,133 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ -/* General NSPR 2.0 errors */ -/* Caller must #include "prerror.h" */ - -ER2( PR_OUT_OF_MEMORY_ERROR, "Memory allocation attempt failed." ) -ER2( PR_BAD_DESCRIPTOR_ERROR, "Invalid file descriptor." ) -ER2( PR_WOULD_BLOCK_ERROR, "The operation would have blocked." ) -ER2( PR_ACCESS_FAULT_ERROR, "Invalid memory address argument." ) -ER2( PR_INVALID_METHOD_ERROR, "Invalid function for file type." ) -ER2( PR_ILLEGAL_ACCESS_ERROR, "Invalid memory address argument." ) -ER2( PR_UNKNOWN_ERROR, "Some unknown error has occurred." ) -ER2( PR_PENDING_INTERRUPT_ERROR,"Operation interrupted by another thread." ) -ER2( PR_NOT_IMPLEMENTED_ERROR, "function not implemented." ) -ER2( PR_IO_ERROR, "I/O function error." ) -ER2( PR_IO_TIMEOUT_ERROR, "I/O operation timed out." ) -ER2( PR_IO_PENDING_ERROR, "I/O operation on busy file descriptor." ) -ER2( PR_DIRECTORY_OPEN_ERROR, "The directory could not be opened." ) -ER2( PR_INVALID_ARGUMENT_ERROR, "Invalid function argument." ) -ER2( PR_ADDRESS_NOT_AVAILABLE_ERROR, "Network address not available (in use?)." ) -ER2( PR_ADDRESS_NOT_SUPPORTED_ERROR, "Network address type not supported." ) -ER2( PR_IS_CONNECTED_ERROR, "Already connected." ) -ER2( PR_BAD_ADDRESS_ERROR, "Network address is invalid." ) -ER2( PR_ADDRESS_IN_USE_ERROR, "Local Network address is in use." ) -ER2( PR_CONNECT_REFUSED_ERROR, "Connection refused by peer." ) -ER2( PR_NETWORK_UNREACHABLE_ERROR, "Network address is presently unreachable." ) -ER2( PR_CONNECT_TIMEOUT_ERROR, "Connection attempt timed out." ) -ER2( PR_NOT_CONNECTED_ERROR, "Network file descriptor is not connected." ) -ER2( PR_LOAD_LIBRARY_ERROR, "Failure to load dynamic library." ) -ER2( PR_UNLOAD_LIBRARY_ERROR, "Failure to unload dynamic library." ) -ER2( PR_FIND_SYMBOL_ERROR, -"Symbol not found in any of the loaded dynamic libraries." ) -ER2( PR_INSUFFICIENT_RESOURCES_ERROR, "Insufficient system resources." ) -ER2( PR_DIRECTORY_LOOKUP_ERROR, -"A directory lookup on a network address has failed." ) -ER2( PR_TPD_RANGE_ERROR, -"Attempt to access a TPD key that is out of range." ) -ER2( PR_PROC_DESC_TABLE_FULL_ERROR, "Process open FD table is full." ) -ER2( PR_SYS_DESC_TABLE_FULL_ERROR, "System open FD table is full." ) -ER2( PR_NOT_SOCKET_ERROR, -"Network operation attempted on non-network file descriptor." ) -ER2( PR_NOT_TCP_SOCKET_ERROR, -"TCP-specific function attempted on a non-TCP file descriptor." ) -ER2( PR_SOCKET_ADDRESS_IS_BOUND_ERROR, "TCP file descriptor is already bound." ) -ER2( PR_NO_ACCESS_RIGHTS_ERROR, "Access Denied." ) -ER2( PR_OPERATION_NOT_SUPPORTED_ERROR, -"The requested operation is not supported by the platform." ) -ER2( PR_PROTOCOL_NOT_SUPPORTED_ERROR, -"The host operating system does not support the protocol requested." ) -ER2( PR_REMOTE_FILE_ERROR, "Access to the remote file has been severed." ) -ER2( PR_BUFFER_OVERFLOW_ERROR, -"The value requested is too large to be stored in the data buffer provided." ) -ER2( PR_CONNECT_RESET_ERROR, "TCP connection reset by peer." ) -ER2( PR_RANGE_ERROR, "Unused." ) -ER2( PR_DEADLOCK_ERROR, "The operation would have deadlocked." ) -ER2( PR_FILE_IS_LOCKED_ERROR, "The file is already locked." ) -ER2( PR_FILE_TOO_BIG_ERROR, -"Write would result in file larger than the system allows." ) -ER2( PR_NO_DEVICE_SPACE_ERROR, "The device for storing the file is full." ) -ER2( PR_PIPE_ERROR, "Unused." ) -ER2( PR_NO_SEEK_DEVICE_ERROR, "Unused." ) -ER2( PR_IS_DIRECTORY_ERROR, -"Cannot perform a normal file operation on a directory." ) -ER2( PR_LOOP_ERROR, "Symbolic link loop." ) -ER2( PR_NAME_TOO_LONG_ERROR, "File name is too long." ) -ER2( PR_FILE_NOT_FOUND_ERROR, "File not found." ) -ER2( PR_NOT_DIRECTORY_ERROR, -"Cannot perform directory operation on a normal file." ) -ER2( PR_READ_ONLY_FILESYSTEM_ERROR, -"Cannot write to a read-only file system." ) -ER2( PR_DIRECTORY_NOT_EMPTY_ERROR, -"Cannot delete a directory that is not empty." ) -ER2( PR_FILESYSTEM_MOUNTED_ERROR, -"Cannot delete or rename a file object while the file system is busy." ) -ER2( PR_NOT_SAME_DEVICE_ERROR, -"Cannot rename a file to a file system on another device." ) -ER2( PR_DIRECTORY_CORRUPTED_ERROR, -"The directory object in the file system is corrupted." ) -ER2( PR_FILE_EXISTS_ERROR, -"Cannot create or rename a filename that already exists." ) -ER2( PR_MAX_DIRECTORY_ENTRIES_ERROR, -"Directory is full. No additional filenames may be added." ) -ER2( PR_INVALID_DEVICE_STATE_ERROR, -"The required device was in an invalid state." ) -ER2( PR_DEVICE_IS_LOCKED_ERROR, "The device is locked." ) -ER2( PR_NO_MORE_FILES_ERROR, "No more entries in the directory." ) -ER2( PR_END_OF_FILE_ERROR, "Encountered end of file." ) -ER2( PR_FILE_SEEK_ERROR, "Seek error." ) -ER2( PR_FILE_IS_BUSY_ERROR, "The file is busy." ) -ER2( PR_IN_PROGRESS_ERROR, -"Operation is still in progress (probably a non-blocking connect)." ) -ER2( PR_ALREADY_INITIATED_ERROR, -"Operation has already been initiated (probably a non-blocking connect)." ) - -#ifdef PR_GROUP_EMPTY_ERROR -ER2( PR_GROUP_EMPTY_ERROR, "The wait group is empty." ) -#endif - -#ifdef PR_INVALID_STATE_ERROR -ER2( PR_INVALID_STATE_ERROR, "Object state improper for request." ) -#endif - -ER2( PR_MAX_ERROR, "Placeholder for the end of the list" ) diff --git a/security/nss/cmd/SSLsample/README b/security/nss/cmd/SSLsample/README deleted file mode 100644 index 2c4c09110..000000000 --- a/security/nss/cmd/SSLsample/README +++ /dev/null @@ -1,43 +0,0 @@ -These sample programs can be built in either of two ways: -1) is the NSS source tree, using the coreconf build system, and -2) stand alone (as part of the NSS distribution). - -The following makefiles are used only when building in the NSS source tree -using coreconf. These are NOT part of the distribution. - -Makefile -client.mn -server.mn -config.mk -make.client -make.server - -The following makefiles are used only when building in the NSS distribution. -These files are part of the distribution. - -Makefile.NSS -nmakefile95.nss -nmakefilent.nss - - -The following source files are common to both build environments and are -part of the distribution. - -NSPRerrs.h -SECerrs.h -SSLerrs.h -client.c -getopt.c -server.c -sslerror.h - -In the NSS 2.0 distribution, the sample code and makefiles are in a -directory named "samples". The directories relevant to building -in the distributed tree are: - -./samples -./include/dbm -./include/nspr -./include/security -./lib - diff --git a/security/nss/cmd/SSLsample/SECerrs.h b/security/nss/cmd/SSLsample/SECerrs.h deleted file mode 100644 index 2059df6a2..000000000 --- a/security/nss/cmd/SSLsample/SECerrs.h +++ /dev/null @@ -1,441 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -/* General security error codes */ -/* Caller must #include "secerr.h" */ - -ER3(SEC_ERROR_IO, SEC_ERROR_BASE + 0, -"An I/O error occurred during security authorization.") - -ER3(SEC_ERROR_LIBRARY_FAILURE, SEC_ERROR_BASE + 1, -"security library failure.") - -ER3(SEC_ERROR_BAD_DATA, SEC_ERROR_BASE + 2, -"security library: received bad data.") - -ER3(SEC_ERROR_OUTPUT_LEN, SEC_ERROR_BASE + 3, -"security library: output length error.") - -ER3(SEC_ERROR_INPUT_LEN, SEC_ERROR_BASE + 4, -"security library has experienced an input length error.") - -ER3(SEC_ERROR_INVALID_ARGS, SEC_ERROR_BASE + 5, -"security library: invalid arguments.") - -ER3(SEC_ERROR_INVALID_ALGORITHM, SEC_ERROR_BASE + 6, -"security library: invalid algorithm.") - -ER3(SEC_ERROR_INVALID_AVA, SEC_ERROR_BASE + 7, -"security library: invalid AVA.") - -ER3(SEC_ERROR_INVALID_TIME, SEC_ERROR_BASE + 8, -"Improperly formatted time string.") - -ER3(SEC_ERROR_BAD_DER, SEC_ERROR_BASE + 9, -"security library: improperly formatted DER-encoded message.") - -ER3(SEC_ERROR_BAD_SIGNATURE, SEC_ERROR_BASE + 10, -"Peer's certificate has an invalid signature.") - -ER3(SEC_ERROR_EXPIRED_CERTIFICATE, SEC_ERROR_BASE + 11, -"Peer's Certificate has expired.") - -ER3(SEC_ERROR_REVOKED_CERTIFICATE, SEC_ERROR_BASE + 12, -"Peer's Certificate has been revoked.") - -ER3(SEC_ERROR_UNKNOWN_ISSUER, SEC_ERROR_BASE + 13, -"Peer's Certificate issuer is not recognized.") - -ER3(SEC_ERROR_BAD_KEY, SEC_ERROR_BASE + 14, -"Peer's public key is invalid.") - -ER3(SEC_ERROR_BAD_PASSWORD, SEC_ERROR_BASE + 15, -"The security password entered is incorrect.") - -ER3(SEC_ERROR_RETRY_PASSWORD, SEC_ERROR_BASE + 16, -"New password entered incorrectly. Please try again.") - -ER3(SEC_ERROR_NO_NODELOCK, SEC_ERROR_BASE + 17, -"security library: no nodelock.") - -ER3(SEC_ERROR_BAD_DATABASE, SEC_ERROR_BASE + 18, -"security library: bad database.") - -ER3(SEC_ERROR_NO_MEMORY, SEC_ERROR_BASE + 19, -"security library: memory allocation failure.") - -ER3(SEC_ERROR_UNTRUSTED_ISSUER, SEC_ERROR_BASE + 20, -"Peer's certificate issuer has been marked as not trusted by the user.") - -ER3(SEC_ERROR_UNTRUSTED_CERT, SEC_ERROR_BASE + 21, -"Peer's certificate has been marked as not trusted by the user.") - -ER3(SEC_ERROR_DUPLICATE_CERT, (SEC_ERROR_BASE + 22), -"Certificate already exists in your database.") - -ER3(SEC_ERROR_DUPLICATE_CERT_NAME, (SEC_ERROR_BASE + 23), -"Downloaded certificate's name duplicates one already in your database.") - -ER3(SEC_ERROR_ADDING_CERT, (SEC_ERROR_BASE + 24), -"Error adding certificate to database.") - -ER3(SEC_ERROR_FILING_KEY, (SEC_ERROR_BASE + 25), -"Error refiling the key for this certificate.") - -ER3(SEC_ERROR_NO_KEY, (SEC_ERROR_BASE + 26), -"The private key for this certificate cannot be found in key database") - -ER3(SEC_ERROR_CERT_VALID, (SEC_ERROR_BASE + 27), -"This certificate is valid.") - -ER3(SEC_ERROR_CERT_NOT_VALID, (SEC_ERROR_BASE + 28), -"This certificate is not valid.") - -ER3(SEC_ERROR_CERT_NO_RESPONSE, (SEC_ERROR_BASE + 29), -"Cert Library: No Response") - -ER3(SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE, (SEC_ERROR_BASE + 30), -"The certificate issuer's certificate has expired. Check your system date and time.") - -ER3(SEC_ERROR_CRL_EXPIRED, (SEC_ERROR_BASE + 31), -"The CRL for the certificate's issuer has expired. Update it or check your system data and time.") - -ER3(SEC_ERROR_CRL_BAD_SIGNATURE, (SEC_ERROR_BASE + 32), -"The CRL for the certificate's issuer has an invalid signature.") - -ER3(SEC_ERROR_CRL_INVALID, (SEC_ERROR_BASE + 33), -"New CRL has an invalid format.") - -ER3(SEC_ERROR_EXTENSION_VALUE_INVALID, (SEC_ERROR_BASE + 34), -"Certificate extension value is invalid.") - -ER3(SEC_ERROR_EXTENSION_NOT_FOUND, (SEC_ERROR_BASE + 35), -"Certificate extension not found.") - -ER3(SEC_ERROR_CA_CERT_INVALID, (SEC_ERROR_BASE + 36), -"Issuer certificate is invalid.") - -ER3(SEC_ERROR_PATH_LEN_CONSTRAINT_INVALID, (SEC_ERROR_BASE + 37), -"Certificate path length constraint is invalid.") - -ER3(SEC_ERROR_CERT_USAGES_INVALID, (SEC_ERROR_BASE + 38), -"Certificate usages field is invalid.") - -ER3(SEC_INTERNAL_ONLY, (SEC_ERROR_BASE + 39), -"**Internal ONLY module**") - -ER3(SEC_ERROR_INVALID_KEY, (SEC_ERROR_BASE + 40), -"The key does not support the requested operation.") - -ER3(SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION, (SEC_ERROR_BASE + 41), -"Certificate contains unknown critical extension.") - -ER3(SEC_ERROR_OLD_CRL, (SEC_ERROR_BASE + 42), -"New CRL is not later than the current one.") - -ER3(SEC_ERROR_NO_EMAIL_CERT, (SEC_ERROR_BASE + 43), -"Not encrypted or signed: you do not yet have an email certificate.") - -ER3(SEC_ERROR_NO_RECIPIENT_CERTS_QUERY, (SEC_ERROR_BASE + 44), -"Not encrypted: you do not have certificates for each of the recipients.") - -ER3(SEC_ERROR_NOT_A_RECIPIENT, (SEC_ERROR_BASE + 45), -"Cannot decrypt: you are not a recipient, or matching certificate and \ -private key not found.") - -ER3(SEC_ERROR_PKCS7_KEYALG_MISMATCH, (SEC_ERROR_BASE + 46), -"Cannot decrypt: key encryption algorithm does not match your certificate.") - -ER3(SEC_ERROR_PKCS7_BAD_SIGNATURE, (SEC_ERROR_BASE + 47), -"Signature verification failed: no signer found, too many signers found, \ -or improper or corrupted data.") - -ER3(SEC_ERROR_UNSUPPORTED_KEYALG, (SEC_ERROR_BASE + 48), -"Unsupported or unknown key algorithm.") - -ER3(SEC_ERROR_DECRYPTION_DISALLOWED, (SEC_ERROR_BASE + 49), -"Cannot decrypt: encrypted using a disallowed algorithm or key size.") - - -/* Fortezza Alerts */ -ER3(XP_SEC_FORTEZZA_BAD_CARD, (SEC_ERROR_BASE + 50), -"Fortezza card has not been properly initialized. \ -Please remove it and return it to your issuer.") - -ER3(XP_SEC_FORTEZZA_NO_CARD, (SEC_ERROR_BASE + 51), -"No Fortezza cards Found") - -ER3(XP_SEC_FORTEZZA_NONE_SELECTED, (SEC_ERROR_BASE + 52), -"No Fortezza card selected") - -ER3(XP_SEC_FORTEZZA_MORE_INFO, (SEC_ERROR_BASE + 53), -"Please select a personality to get more info on") - -ER3(XP_SEC_FORTEZZA_PERSON_NOT_FOUND, (SEC_ERROR_BASE + 54), -"Personality not found") - -ER3(XP_SEC_FORTEZZA_NO_MORE_INFO, (SEC_ERROR_BASE + 55), -"No more information on that Personality") - -ER3(XP_SEC_FORTEZZA_BAD_PIN, (SEC_ERROR_BASE + 56), -"Invalid Pin") - -ER3(XP_SEC_FORTEZZA_PERSON_ERROR, (SEC_ERROR_BASE + 57), -"Couldn't initialize Fortezza personalities.") -/* end fortezza alerts. */ - -ER3(SEC_ERROR_NO_KRL, (SEC_ERROR_BASE + 58), -"No KRL for this site's certificate has been found.") - -ER3(SEC_ERROR_KRL_EXPIRED, (SEC_ERROR_BASE + 59), -"The KRL for this site's certificate has expired.") - -ER3(SEC_ERROR_KRL_BAD_SIGNATURE, (SEC_ERROR_BASE + 60), -"The KRL for this site's certificate has an invalid signature.") - -ER3(SEC_ERROR_REVOKED_KEY, (SEC_ERROR_BASE + 61), -"The key for this site's certificate has been revoked.") - -ER3(SEC_ERROR_KRL_INVALID, (SEC_ERROR_BASE + 62), -"New KRL has an invalid format.") - -ER3(SEC_ERROR_NEED_RANDOM, (SEC_ERROR_BASE + 63), -"security library: need random data.") - -ER3(SEC_ERROR_NO_MODULE, (SEC_ERROR_BASE + 64), -"security library: no security module can perform the requested operation.") - -ER3(SEC_ERROR_NO_TOKEN, (SEC_ERROR_BASE + 65), -"The security card or token does not exist, needs to be initialized, or has been removed.") - -ER3(SEC_ERROR_READ_ONLY, (SEC_ERROR_BASE + 66), -"security library: read-only database.") - -ER3(SEC_ERROR_NO_SLOT_SELECTED, (SEC_ERROR_BASE + 67), -"No slot or token was selected.") - -ER3(SEC_ERROR_CERT_NICKNAME_COLLISION, (SEC_ERROR_BASE + 68), -"A certificate with the same nickname already exists.") - -ER3(SEC_ERROR_KEY_NICKNAME_COLLISION, (SEC_ERROR_BASE + 69), -"A key with the same nickname already exists.") - -ER3(SEC_ERROR_SAFE_NOT_CREATED, (SEC_ERROR_BASE + 70), -"error while creating safe object") - -ER3(SEC_ERROR_BAGGAGE_NOT_CREATED, (SEC_ERROR_BASE + 71), -"error while creating baggage object") - -ER3(XP_JAVA_REMOVE_PRINCIPAL_ERROR, (SEC_ERROR_BASE + 72), -"Couldn't remove the principal") - -ER3(XP_JAVA_DELETE_PRIVILEGE_ERROR, (SEC_ERROR_BASE + 73), -"Couldn't delete the privilege") - -ER3(XP_JAVA_CERT_NOT_EXISTS_ERROR, (SEC_ERROR_BASE + 74), -"This principal doesn't have a certificate") - -ER3(SEC_ERROR_BAD_EXPORT_ALGORITHM, (SEC_ERROR_BASE + 75), -"Required algorithm is not allowed.") - -ER3(SEC_ERROR_EXPORTING_CERTIFICATES, (SEC_ERROR_BASE + 76), -"Error attempting to export certificates.") - -ER3(SEC_ERROR_IMPORTING_CERTIFICATES, (SEC_ERROR_BASE + 77), -"Error attempting to import certificates.") - -ER3(SEC_ERROR_PKCS12_DECODING_PFX, (SEC_ERROR_BASE + 78), -"Unable to import. Decoding error. File not valid.") - -ER3(SEC_ERROR_PKCS12_INVALID_MAC, (SEC_ERROR_BASE + 79), -"Unable to import. Invalid MAC. Incorrect password or corrupt file.") - -ER3(SEC_ERROR_PKCS12_UNSUPPORTED_MAC_ALGORITHM, (SEC_ERROR_BASE + 80), -"Unable to import. MAC algorithm not supported.") - -ER3(SEC_ERROR_PKCS12_UNSUPPORTED_TRANSPORT_MODE,(SEC_ERROR_BASE + 81), -"Unable to import. Only password integrity and privacy modes supported.") - -ER3(SEC_ERROR_PKCS12_CORRUPT_PFX_STRUCTURE, (SEC_ERROR_BASE + 82), -"Unable to import. File structure is corrupt.") - -ER3(SEC_ERROR_PKCS12_UNSUPPORTED_PBE_ALGORITHM, (SEC_ERROR_BASE + 83), -"Unable to import. Encryption algorithm not supported.") - -ER3(SEC_ERROR_PKCS12_UNSUPPORTED_VERSION, (SEC_ERROR_BASE + 84), -"Unable to import. File version not supported.") - -ER3(SEC_ERROR_PKCS12_PRIVACY_PASSWORD_INCORRECT,(SEC_ERROR_BASE + 85), -"Unable to import. Incorrect privacy password.") - -ER3(SEC_ERROR_PKCS12_CERT_COLLISION, (SEC_ERROR_BASE + 86), -"Unable to import. Same nickname already exists in database.") - -ER3(SEC_ERROR_USER_CANCELLED, (SEC_ERROR_BASE + 87), -"The user pressed cancel.") - -ER3(SEC_ERROR_PKCS12_DUPLICATE_DATA, (SEC_ERROR_BASE + 88), -"Not imported, already in database.") - -ER3(SEC_ERROR_MESSAGE_SEND_ABORTED, (SEC_ERROR_BASE + 89), -"Message not sent.") - -ER3(SEC_ERROR_INADEQUATE_KEY_USAGE, (SEC_ERROR_BASE + 90), -"Certificate key usage inadequate for attempted operation.") - -ER3(SEC_ERROR_INADEQUATE_CERT_TYPE, (SEC_ERROR_BASE + 91), -"Certificate type not approved for application.") - -ER3(SEC_ERROR_CERT_ADDR_MISMATCH, (SEC_ERROR_BASE + 92), -"Address in signing certificate does not match address in message headers.") - -ER3(SEC_ERROR_PKCS12_UNABLE_TO_IMPORT_KEY, (SEC_ERROR_BASE + 93), -"Unable to import. Error attempting to import private key.") - -ER3(SEC_ERROR_PKCS12_IMPORTING_CERT_CHAIN, (SEC_ERROR_BASE + 94), -"Unable to import. Error attempting to import certificate chain.") - -ER3(SEC_ERROR_PKCS12_UNABLE_TO_LOCATE_OBJECT_BY_NAME, (SEC_ERROR_BASE + 95), -"Unable to export. Unable to locate certificate or key by nickname.") - -ER3(SEC_ERROR_PKCS12_UNABLE_TO_EXPORT_KEY, (SEC_ERROR_BASE + 96), -"Unable to export. Private Key could not be located and exported.") - -ER3(SEC_ERROR_PKCS12_UNABLE_TO_WRITE, (SEC_ERROR_BASE + 97), -"Unable to export. Unable to write the export file.") - -ER3(SEC_ERROR_PKCS12_UNABLE_TO_READ, (SEC_ERROR_BASE + 98), -"Unable to import. Unable to read the import file.") - -ER3(SEC_ERROR_PKCS12_KEY_DATABASE_NOT_INITIALIZED, (SEC_ERROR_BASE + 99), -"Unable to export. Key database corrupt or deleted.") - -ER3(SEC_ERROR_KEYGEN_FAIL, (SEC_ERROR_BASE + 100), -"Unable to generate public/private key pair.") - -ER3(SEC_ERROR_INVALID_PASSWORD, (SEC_ERROR_BASE + 101), -"Password entered is invalid. Please pick a different one.") - -ER3(SEC_ERROR_RETRY_OLD_PASSWORD, (SEC_ERROR_BASE + 102), -"Old password entered incorrectly. Please try again.") - -ER3(SEC_ERROR_BAD_NICKNAME, (SEC_ERROR_BASE + 103), -"Certificate nickname already in use.") - -ER3(SEC_ERROR_NOT_FORTEZZA_ISSUER, (SEC_ERROR_BASE + 104), -"Peer FORTEZZA chain has a non-FORTEZZA Certificate.") - -/* ER3(SEC_ERROR_UNKNOWN, (SEC_ERROR_BASE + 105), */ - -ER3(SEC_ERROR_JS_INVALID_MODULE_NAME, (SEC_ERROR_BASE + 106), -"Invalid module name.") - -ER3(SEC_ERROR_JS_INVALID_DLL, (SEC_ERROR_BASE + 107), -"Invalid module path/filename") - -ER3(SEC_ERROR_JS_ADD_MOD_FAILURE, (SEC_ERROR_BASE + 108), -"Unable to add module") - -ER3(SEC_ERROR_JS_DEL_MOD_FAILURE, (SEC_ERROR_BASE + 109), -"Unable to delete module") - -ER3(SEC_ERROR_OLD_KRL, (SEC_ERROR_BASE + 110), -"New KRL is not later than the current one.") - -ER3(SEC_ERROR_CKL_CONFLICT, (SEC_ERROR_BASE + 111), -"New CKL has different issuer than current CKL. Delete current CKL.") - -ER3(SEC_ERROR_CERT_NOT_IN_NAME_SPACE, (SEC_ERROR_BASE + 112), -"The Certifying Authority for this certificate is not permitted to issue a \ -certificate with this name.") - -ER3(SEC_ERROR_KRL_NOT_YET_VALID, (SEC_ERROR_BASE + 113), -"The key revocation list for this certificate is not yet valid.") - -ER3(SEC_ERROR_CRL_NOT_YET_VALID, (SEC_ERROR_BASE + 114), -"The certificate revocation list for this certificate is not yet valid.") - -ER3(SEC_ERROR_UNKNOWN_CERT, (SEC_ERROR_BASE + 115), -"The requested certificate could not be found.") - -ER3(SEC_ERROR_UNKNOWN_SIGNER, (SEC_ERROR_BASE + 116), -"The signer's certificate could not be found.") - -ER3(SEC_ERROR_CERT_BAD_ACCESS_LOCATION, (SEC_ERROR_BASE + 117), -"The location for the certificate status server has invalid format.") - -ER3(SEC_ERROR_OCSP_UNKNOWN_RESPONSE_TYPE, (SEC_ERROR_BASE + 118), -"The OCSP response cannot be fully decoded; it is of an unknown type.") - -ER3(SEC_ERROR_OCSP_BAD_HTTP_RESPONSE, (SEC_ERROR_BASE + 119), -"The OCSP server returned unexpected/invalid HTTP data.") - -ER3(SEC_ERROR_OCSP_MALFORMED_REQUEST, (SEC_ERROR_BASE + 120), -"The OCSP server found the request to be corrupted or improperly formed.") - -ER3(SEC_ERROR_OCSP_SERVER_ERROR, (SEC_ERROR_BASE + 121), -"The OCSP server experienced an internal error.") - -ER3(SEC_ERROR_OCSP_TRY_SERVER_LATER, (SEC_ERROR_BASE + 122), -"The OCSP server suggests trying again later.") - -ER3(SEC_ERROR_OCSP_REQUEST_NEEDS_SIG, (SEC_ERROR_BASE + 123), -"The OCSP server requires a signature on this request.") - -ER3(SEC_ERROR_OCSP_UNAUTHORIZED_REQUEST, (SEC_ERROR_BASE + 124), -"The OCSP server has refused this request as unauthorized.") - -ER3(SEC_ERROR_OCSP_UNKNOWN_RESPONSE_STATUS, (SEC_ERROR_BASE + 125), -"The OCSP server returned an unrecognizable status.") - -ER3(SEC_ERROR_OCSP_UNKNOWN_CERT, (SEC_ERROR_BASE + 126), -"The OCSP server has no status for the certificate.") - -ER3(SEC_ERROR_OCSP_NOT_ENABLED, (SEC_ERROR_BASE + 127), -"You must enable OCSP before performing this operation.") - -ER3(SEC_ERROR_OCSP_NO_DEFAULT_RESPONDER, (SEC_ERROR_BASE + 128), -"You must set the OCSP default responder before performing this operation.") - -ER3(SEC_ERROR_OCSP_MALFORMED_RESPONSE, (SEC_ERROR_BASE + 129), -"The response from the OCSP server was corrupted or improperly formed.") - -ER3(SEC_ERROR_OCSP_UNAUTHORIZED_RESPONSE, (SEC_ERROR_BASE + 130), -"The signer of the OCSP response is not authorized to give status for \ -this certificate.") - -ER3(SEC_ERROR_OCSP_FUTURE_RESPONSE, (SEC_ERROR_BASE + 131), -"The OCSP response is not yet valid (contains a date in the future).") - -ER3(SEC_ERROR_OCSP_OLD_RESPONSE, (SEC_ERROR_BASE + 132), -"The OCSP response contains out-of-date information.") diff --git a/security/nss/cmd/SSLsample/SSLerrs.h b/security/nss/cmd/SSLsample/SSLerrs.h deleted file mode 100644 index 06803b849..000000000 --- a/security/nss/cmd/SSLsample/SSLerrs.h +++ /dev/null @@ -1,366 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -/* SSL-specific security error codes */ -/* caller must include "sslerr.h" */ - -ER3(SSL_ERROR_EXPORT_ONLY_SERVER, SSL_ERROR_BASE + 0, -"Unable to communicate securely. Peer does not support high-grade encryption.") - -ER3(SSL_ERROR_US_ONLY_SERVER, SSL_ERROR_BASE + 1, -"Unable to communicate securely. Peer requires high-grade encryption which is not supported.") - -ER3(SSL_ERROR_NO_CYPHER_OVERLAP, SSL_ERROR_BASE + 2, -"Cannot communicate securely with peer: no common encryption algorithm(s).") - -ER3(SSL_ERROR_NO_CERTIFICATE, SSL_ERROR_BASE + 3, -"Unable to find the certificate or key necessary for authentication.") - -ER3(SSL_ERROR_BAD_CERTIFICATE, SSL_ERROR_BASE + 4, -"Unable to communicate securely with peer: peers's certificate was rejected.") - -/* unused (SSL_ERROR_BASE + 5),*/ - -ER3(SSL_ERROR_BAD_CLIENT, SSL_ERROR_BASE + 6, -"The server has encountered bad data from the client.") - -ER3(SSL_ERROR_BAD_SERVER, SSL_ERROR_BASE + 7, -"The client has encountered bad data from the server.") - -ER3(SSL_ERROR_UNSUPPORTED_CERTIFICATE_TYPE, SSL_ERROR_BASE + 8, -"Unsupported certificate type.") - -ER3(SSL_ERROR_UNSUPPORTED_VERSION, SSL_ERROR_BASE + 9, -"Peer using unsupported version of security protocol.") - -/* unused (SSL_ERROR_BASE + 10),*/ - -ER3(SSL_ERROR_WRONG_CERTIFICATE, SSL_ERROR_BASE + 11, -"Client authentication failed: private key in key database does not match public key in certificate database.") - -ER3(SSL_ERROR_BAD_CERT_DOMAIN, SSL_ERROR_BASE + 12, -"Unable to communicate securely with peer: requested domain name does not match the server's certificate.") - -/* SSL_ERROR_POST_WARNING (SSL_ERROR_BASE + 13), - defined in sslerr.h -*/ - -ER3(SSL_ERROR_SSL2_DISABLED, (SSL_ERROR_BASE + 14), -"Peer only supports SSL version 2, which is locally disabled.") - - -ER3(SSL_ERROR_BAD_MAC_READ, (SSL_ERROR_BASE + 15), -"SSL received a record with an incorrect Message Authentication Code.") - -ER3(SSL_ERROR_BAD_MAC_ALERT, (SSL_ERROR_BASE + 16), -"SSL peer reports incorrect Message Authentication Code.") - -ER3(SSL_ERROR_BAD_CERT_ALERT, (SSL_ERROR_BASE + 17), -"SSL peer cannot verify your certificate.") - -ER3(SSL_ERROR_REVOKED_CERT_ALERT, (SSL_ERROR_BASE + 18), -"SSL peer rejected your certificate as revoked.") - -ER3(SSL_ERROR_EXPIRED_CERT_ALERT, (SSL_ERROR_BASE + 19), -"SSL peer rejected your certificate as expired.") - -ER3(SSL_ERROR_SSL_DISABLED, (SSL_ERROR_BASE + 20), -"Cannot connect: SSL is disabled.") - -ER3(SSL_ERROR_FORTEZZA_PQG, (SSL_ERROR_BASE + 21), -"Cannot connect: SSL peer is in another FORTEZZA domain.") - - -ER3(SSL_ERROR_UNKNOWN_CIPHER_SUITE , (SSL_ERROR_BASE + 22), -"An unknown SSL cipher suite has been requested.") - -ER3(SSL_ERROR_NO_CIPHERS_SUPPORTED , (SSL_ERROR_BASE + 23), -"No cipher suites are present and enabled in this program.") - -ER3(SSL_ERROR_BAD_BLOCK_PADDING , (SSL_ERROR_BASE + 24), -"SSL received a record with bad block padding.") - -ER3(SSL_ERROR_RX_RECORD_TOO_LONG , (SSL_ERROR_BASE + 25), -"SSL received a record that exceeded the maximum permissible length.") - -ER3(SSL_ERROR_TX_RECORD_TOO_LONG , (SSL_ERROR_BASE + 26), -"SSL attempted to send a record that exceeded the maximum permissible length.") - -/* - * Received a malformed (too long or short or invalid content) SSL handshake. - */ -ER3(SSL_ERROR_RX_MALFORMED_HELLO_REQUEST , (SSL_ERROR_BASE + 27), -"SSL received a malformed Hello Request handshake message.") - -ER3(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO , (SSL_ERROR_BASE + 28), -"SSL received a malformed Client Hello handshake message.") - -ER3(SSL_ERROR_RX_MALFORMED_SERVER_HELLO , (SSL_ERROR_BASE + 29), -"SSL received a malformed Server Hello handshake message.") - -ER3(SSL_ERROR_RX_MALFORMED_CERTIFICATE , (SSL_ERROR_BASE + 30), -"SSL received a malformed Certificate handshake message.") - -ER3(SSL_ERROR_RX_MALFORMED_SERVER_KEY_EXCH , (SSL_ERROR_BASE + 31), -"SSL received a malformed Server Key Exchange handshake message.") - -ER3(SSL_ERROR_RX_MALFORMED_CERT_REQUEST , (SSL_ERROR_BASE + 32), -"SSL received a malformed Certificate Request handshake message.") - -ER3(SSL_ERROR_RX_MALFORMED_HELLO_DONE , (SSL_ERROR_BASE + 33), -"SSL received a malformed Server Hello Done handshake message.") - -ER3(SSL_ERROR_RX_MALFORMED_CERT_VERIFY , (SSL_ERROR_BASE + 34), -"SSL received a malformed Certificate Verify handshake message.") - -ER3(SSL_ERROR_RX_MALFORMED_CLIENT_KEY_EXCH , (SSL_ERROR_BASE + 35), -"SSL received a malformed Client Key Exchange handshake message.") - -ER3(SSL_ERROR_RX_MALFORMED_FINISHED , (SSL_ERROR_BASE + 36), -"SSL received a malformed Finished handshake message.") - -/* - * Received a malformed (too long or short) SSL record. - */ -ER3(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER , (SSL_ERROR_BASE + 37), -"SSL received a malformed Change Cipher Spec record.") - -ER3(SSL_ERROR_RX_MALFORMED_ALERT , (SSL_ERROR_BASE + 38), -"SSL received a malformed Alert record.") - -ER3(SSL_ERROR_RX_MALFORMED_HANDSHAKE , (SSL_ERROR_BASE + 39), -"SSL received a malformed Handshake record.") - -ER3(SSL_ERROR_RX_MALFORMED_APPLICATION_DATA , (SSL_ERROR_BASE + 40), -"SSL received a malformed Application Data record.") - -/* - * Received an SSL handshake that was inappropriate for the state we're in. - * E.g. Server received message from server, or wrong state in state machine. - */ -ER3(SSL_ERROR_RX_UNEXPECTED_HELLO_REQUEST , (SSL_ERROR_BASE + 41), -"SSL received an unexpected Hello Request handshake message.") - -ER3(SSL_ERROR_RX_UNEXPECTED_CLIENT_HELLO , (SSL_ERROR_BASE + 42), -"SSL received an unexpected Client Hello handshake message.") - -ER3(SSL_ERROR_RX_UNEXPECTED_SERVER_HELLO , (SSL_ERROR_BASE + 43), -"SSL received an unexpected Server Hello handshake message.") - -ER3(SSL_ERROR_RX_UNEXPECTED_CERTIFICATE , (SSL_ERROR_BASE + 44), -"SSL received an unexpected Certificate handshake message.") - -ER3(SSL_ERROR_RX_UNEXPECTED_SERVER_KEY_EXCH , (SSL_ERROR_BASE + 45), -"SSL received an unexpected Server Key Exchange handshake message.") - -ER3(SSL_ERROR_RX_UNEXPECTED_CERT_REQUEST , (SSL_ERROR_BASE + 46), -"SSL received an unexpected Certificate Request handshake message.") - -ER3(SSL_ERROR_RX_UNEXPECTED_HELLO_DONE , (SSL_ERROR_BASE + 47), -"SSL received an unexpected Server Hello Done handshake message.") - -ER3(SSL_ERROR_RX_UNEXPECTED_CERT_VERIFY , (SSL_ERROR_BASE + 48), -"SSL received an unexpected Certificate Verify handshake message.") - -ER3(SSL_ERROR_RX_UNEXPECTED_CLIENT_KEY_EXCH , (SSL_ERROR_BASE + 49), -"SSL received an unexpected Cllient Key Exchange handshake message.") - -ER3(SSL_ERROR_RX_UNEXPECTED_FINISHED , (SSL_ERROR_BASE + 50), -"SSL received an unexpected Finished handshake message.") - -/* - * Received an SSL record that was inappropriate for the state we're in. - */ -ER3(SSL_ERROR_RX_UNEXPECTED_CHANGE_CIPHER , (SSL_ERROR_BASE + 51), -"SSL received an unexpected Change Cipher Spec record.") - -ER3(SSL_ERROR_RX_UNEXPECTED_ALERT , (SSL_ERROR_BASE + 52), -"SSL received an unexpected Alert record.") - -ER3(SSL_ERROR_RX_UNEXPECTED_HANDSHAKE , (SSL_ERROR_BASE + 53), -"SSL received an unexpected Handshake record.") - -ER3(SSL_ERROR_RX_UNEXPECTED_APPLICATION_DATA, (SSL_ERROR_BASE + 54), -"SSL received an unexpected Application Data record.") - -/* - * Received record/message with unknown discriminant. - */ -ER3(SSL_ERROR_RX_UNKNOWN_RECORD_TYPE , (SSL_ERROR_BASE + 55), -"SSL received a record with an unknown content type.") - -ER3(SSL_ERROR_RX_UNKNOWN_HANDSHAKE , (SSL_ERROR_BASE + 56), -"SSL received a handshake message with an unknown message type.") - -ER3(SSL_ERROR_RX_UNKNOWN_ALERT , (SSL_ERROR_BASE + 57), -"SSL received an alert record with an unknown alert description.") - -/* - * Received an alert reporting what we did wrong. (more alerts above) - */ -ER3(SSL_ERROR_CLOSE_NOTIFY_ALERT , (SSL_ERROR_BASE + 58), -"SSL peer has closed this connection.") - -ER3(SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT , (SSL_ERROR_BASE + 59), -"SSL peer was not expecting a handshake message it received.") - -ER3(SSL_ERROR_DECOMPRESSION_FAILURE_ALERT , (SSL_ERROR_BASE + 60), -"SSL peer was unable to succesfully decompress an SSL record it received.") - -ER3(SSL_ERROR_HANDSHAKE_FAILURE_ALERT , (SSL_ERROR_BASE + 61), -"SSL peer was unable to negotiate an acceptable set of security parameters.") - -ER3(SSL_ERROR_ILLEGAL_PARAMETER_ALERT , (SSL_ERROR_BASE + 62), -"SSL peer rejected a handshake message for unacceptable content.") - -ER3(SSL_ERROR_UNSUPPORTED_CERT_ALERT , (SSL_ERROR_BASE + 63), -"SSL peer does not support certificates of the type it received.") - -ER3(SSL_ERROR_CERTIFICATE_UNKNOWN_ALERT , (SSL_ERROR_BASE + 64), -"SSL peer had some unspecified issue with the certificate it received.") - - -ER3(SSL_ERROR_GENERATE_RANDOM_FAILURE , (SSL_ERROR_BASE + 65), -"SSL experienced a failure of its random number generator.") - -ER3(SSL_ERROR_SIGN_HASHES_FAILURE , (SSL_ERROR_BASE + 66), -"Unable to digitally sign data required to verify your certificate.") - -ER3(SSL_ERROR_EXTRACT_PUBLIC_KEY_FAILURE , (SSL_ERROR_BASE + 67), -"SSL was unable to extract the public key from the peer's certificate.") - -ER3(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE , (SSL_ERROR_BASE + 68), -"Unspecified failure while processing SSL Server Key Exchange handshake.") - -ER3(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE , (SSL_ERROR_BASE + 69), -"Unspecified failure while processing SSL Client Key Exchange handshake.") - -ER3(SSL_ERROR_ENCRYPTION_FAILURE , (SSL_ERROR_BASE + 70), -"Bulk data encryption algorithm failed in selected cipher suite.") - -ER3(SSL_ERROR_DECRYPTION_FAILURE , (SSL_ERROR_BASE + 71), -"Bulk data decryption algorithm failed in selected cipher suite.") - -ER3(SSL_ERROR_SOCKET_WRITE_FAILURE , (SSL_ERROR_BASE + 72), -"Attempt to write encrypted data to underlying socket failed.") - -ER3(SSL_ERROR_MD5_DIGEST_FAILURE , (SSL_ERROR_BASE + 73), -"MD5 digest function failed.") - -ER3(SSL_ERROR_SHA_DIGEST_FAILURE , (SSL_ERROR_BASE + 74), -"SHA-1 digest function failed.") - -ER3(SSL_ERROR_MAC_COMPUTATION_FAILURE , (SSL_ERROR_BASE + 75), -"MAC computation failed.") - -ER3(SSL_ERROR_SYM_KEY_CONTEXT_FAILURE , (SSL_ERROR_BASE + 76), -"Failure to create Symmetric Key context.") - -ER3(SSL_ERROR_SYM_KEY_UNWRAP_FAILURE , (SSL_ERROR_BASE + 77), -"Failure to unwrap the Symmetric key in Client Key Exchange message.") - -ER3(SSL_ERROR_PUB_KEY_SIZE_LIMIT_EXCEEDED , (SSL_ERROR_BASE + 78), -"SSL Server attempted to use domestic-grade public key with export cipher suite.") - -ER3(SSL_ERROR_IV_PARAM_FAILURE , (SSL_ERROR_BASE + 79), -"PKCS11 code failed to translate an IV into a param.") - -ER3(SSL_ERROR_INIT_CIPHER_SUITE_FAILURE , (SSL_ERROR_BASE + 80), -"Failed to initialize the selected cipher suite.") - -ER3(SSL_ERROR_SESSION_KEY_GEN_FAILURE , (SSL_ERROR_BASE + 81), -"Client failed to generate session keys for SSL session.") - -ER3(SSL_ERROR_NO_SERVER_KEY_FOR_ALG , (SSL_ERROR_BASE + 82), -"Server has no key for the attempted key exchange algorithm.") - -ER3(SSL_ERROR_TOKEN_INSERTION_REMOVAL , (SSL_ERROR_BASE + 83), -"PKCS#11 token was inserted or removed while operation was in progress.") - -ER3(SSL_ERROR_TOKEN_SLOT_NOT_FOUND , (SSL_ERROR_BASE + 84), -"No PKCS#11 token could be found to do a required operation.") - -ER3(SSL_ERROR_NO_COMPRESSION_OVERLAP , (SSL_ERROR_BASE + 85), -"Cannot communicate securely with peer: no common compression algorithm(s).") - -ER3(SSL_ERROR_HANDSHAKE_NOT_COMPLETED , (SSL_ERROR_BASE + 86), -"Cannot initiate another SSL handshake until current handshake is complete.") - -ER3(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE , (SSL_ERROR_BASE + 87), -"Received incorrect handshakes hash values from peer.") - -ER3(SSL_ERROR_CERT_KEA_MISMATCH , (SSL_ERROR_BASE + 88), -"The certificate provided cannot be used with the selected key exchange algorithm.") - -ER3(SSL_ERROR_NO_TRUSTED_SSL_CLIENT_CA , (SSL_ERROR_BASE + 89), -"No certificate authority is trusted for SSL client authentication.") - -ER3(SSL_ERROR_SESSION_NOT_FOUND , (SSL_ERROR_BASE + 90), -"Client's SSL session ID not found in server's session cache.") - -ER3(SSL_ERROR_DECRYPTION_FAILED_ALERT , (SSL_ERROR_BASE + 91), -"Peer was unable to decrypt an SSL record it received.") - -ER3(SSL_ERROR_RECORD_OVERFLOW_ALERT , (SSL_ERROR_BASE + 92), -"Peer received an SSL record that was longer than is permitted.") - -ER3(SSL_ERROR_UNKNOWN_CA_ALERT , (SSL_ERROR_BASE + 93), -"Peer does not recognize and trust the CA that issued your certificate.") - -ER3(SSL_ERROR_ACCESS_DENIED_ALERT , (SSL_ERROR_BASE + 94), -"Peer received a valid certificate, but access was denied.") - -ER3(SSL_ERROR_DECODE_ERROR_ALERT , (SSL_ERROR_BASE + 95), -"Peer could not decode an SSL handshake message.") - -ER3(SSL_ERROR_DECRYPT_ERROR_ALERT , (SSL_ERROR_BASE + 96), -"Peer reports failure of signature verification or key exchange.") - -ER3(SSL_ERROR_EXPORT_RESTRICTION_ALERT , (SSL_ERROR_BASE + 97), -"Peer reports negotiation not in compliance with export regulations.") - -ER3(SSL_ERROR_PROTOCOL_VERSION_ALERT , (SSL_ERROR_BASE + 98), -"Peer reports incompatible or unsupported protocol version.") - -ER3(SSL_ERROR_INSUFFICIENT_SECURITY_ALERT , (SSL_ERROR_BASE + 99), -"Server requires ciphers more secure than those supported by client.") - -ER3(SSL_ERROR_INTERNAL_ERROR_ALERT , (SSL_ERROR_BASE + 100), -"Peer reports it experienced an internal error.") - -ER3(SSL_ERROR_USER_CANCELED_ALERT , (SSL_ERROR_BASE + 101), -"Peer user canceled handshake.") - -ER3(SSL_ERROR_NO_RENEGOTIATION_ALERT , (SSL_ERROR_BASE + 102), -"Peer does not permit renegotiation of SSL security parameters.") - diff --git a/security/nss/cmd/SSLsample/client.c b/security/nss/cmd/SSLsample/client.c deleted file mode 100644 index e5cd1013c..000000000 --- a/security/nss/cmd/SSLsample/client.c +++ /dev/null @@ -1,453 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -/**************************************************************************** - * SSL client program that sets up a connection to SSL server, transmits * - * some data and then reads the reply * - ****************************************************************************/ - -#include <stdio.h> -#include <string.h> - -#if defined(XP_UNIX) -#include <unistd.h> -#endif - -#include "prerror.h" - -#include "pk11func.h" -#include "secitem.h" - - -#include <stdlib.h> -#include <errno.h> -#include <fcntl.h> -#include <stdarg.h> - -#include "nspr.h" -#include "plgetopt.h" -#include "prio.h" -#include "prnetdb.h" -#include "nss.h" - -#include "sslsample.h" - -#define RD_BUF_SIZE (60 * 1024) - -extern int ssl2CipherSuites[]; -extern int ssl3CipherSuites[]; - -GlobalThreadMgr threadMGR; -char *certNickname = NULL; -char *hostName = NULL; -char *password = NULL; -unsigned short port = 0; - -static void -Usage(const char *progName) -{ - fprintf(stderr, - "Usage: %s [-n rsa_nickname] [-p port] [-d dbdir] [-c connections]\n" - " [-w dbpasswd] [-C cipher(s)] hostname\n", - progName); - exit(1); -} - -PRFileDesc * -setupSSLSocket(PRNetAddr *addr) -{ - PRFileDesc *tcpSocket; - PRFileDesc *sslSocket; - PRSocketOptionData socketOption; - PRStatus prStatus; - SECStatus secStatus; - -#if 0 -retry: -#endif - - tcpSocket = PR_NewTCPSocket(); - if (tcpSocket == NULL) { - errWarn("PR_NewTCPSocket"); - } - - /* Make the socket blocking. */ - socketOption.option = PR_SockOpt_Nonblocking; - socketOption.value.non_blocking = PR_FALSE; - - prStatus = PR_SetSocketOption(tcpSocket, &socketOption); - if (prStatus != PR_SUCCESS) { - errWarn("PR_SetSocketOption"); - goto loser; - } - -#if 0 - /* Verify that a connection can be made to the socket. */ - prStatus = PR_Connect(tcpSocket, addr, PR_INTERVAL_NO_TIMEOUT); - if (prStatus != PR_SUCCESS) { - PRErrorCode err = PR_GetError(); - if (err == PR_CONNECT_REFUSED_ERROR) { - PR_Close(tcpSocket); - PR_Sleep(PR_MillisecondsToInterval(10)); - fprintf(stderr, "Connection to port refused, retrying.\n"); - goto retry; - } - errWarn("PR_Connect"); - goto loser; - } -#endif - - /* Import the socket into the SSL layer. */ - sslSocket = SSL_ImportFD(NULL, tcpSocket); - if (!sslSocket) { - errWarn("SSL_ImportFD"); - goto loser; - } - - /* Set configuration options. */ - secStatus = SSL_OptionSet(sslSocket, SSL_SECURITY, PR_TRUE); - if (secStatus != SECSuccess) { - errWarn("SSL_OptionSet:SSL_SECURITY"); - goto loser; - } - - secStatus = SSL_OptionSet(sslSocket, SSL_HANDSHAKE_AS_CLIENT, PR_TRUE); - if (secStatus != SECSuccess) { - errWarn("SSL_OptionSet:SSL_HANDSHAKE_AS_CLIENT"); - goto loser; - } - - /* Set SSL callback routines. */ - secStatus = SSL_GetClientAuthDataHook(sslSocket, - (SSLGetClientAuthData)myGetClientAuthData, - (void *)certNickname); - if (secStatus != SECSuccess) { - errWarn("SSL_GetClientAuthDataHook"); - goto loser; - } - - secStatus = SSL_AuthCertificateHook(sslSocket, - (SSLAuthCertificate)myAuthCertificate, - (void *)CERT_GetDefaultCertDB()); - if (secStatus != SECSuccess) { - errWarn("SSL_AuthCertificateHook"); - goto loser; - } - - secStatus = SSL_BadCertHook(sslSocket, - (SSLBadCertHandler)myBadCertHandler, NULL); - if (secStatus != SECSuccess) { - errWarn("SSL_BadCertHook"); - goto loser; - } - - secStatus = SSL_HandshakeCallback(sslSocket, - (SSLHandshakeCallback)myHandshakeCallback, - NULL); - if (secStatus != SECSuccess) { - errWarn("SSL_HandshakeCallback"); - goto loser; - } - - return sslSocket; - -loser: - - PR_Close(tcpSocket); - return NULL; -} - - -const char requestString[] = {"GET /testfile HTTP/1.0\r\n\r\n" }; - -SECStatus -handle_connection(PRFileDesc *sslSocket, int connection) -{ - int countRead = 0; - PRInt32 numBytes; - char *readBuffer; - - readBuffer = PORT_Alloc(RD_BUF_SIZE); - if (!readBuffer) { - exitErr("PORT_Alloc"); - } - - /* compose the http request here. */ - - numBytes = PR_Write(sslSocket, requestString, strlen(requestString)); - if (numBytes <= 0) { - errWarn("PR_Write"); - PR_Free(readBuffer); - readBuffer = NULL; - return SECFailure; - } - - /* read until EOF */ - while (PR_TRUE) { - numBytes = PR_Read(sslSocket, readBuffer, RD_BUF_SIZE); - if (numBytes == 0) { - break; /* EOF */ - } - if (numBytes < 0) { - errWarn("PR_Read"); - break; - } - countRead += numBytes; - fprintf(stderr, "***** Connection %d read %d bytes (%d total).\n", - connection, numBytes, countRead ); - readBuffer[numBytes] = '\0'; - fprintf(stderr, "************\n%s\n************\n", readBuffer); - } - - printSecurityInfo(sslSocket); - - PR_Free(readBuffer); - readBuffer = NULL; - - /* Caller closes the socket. */ - - fprintf(stderr, - "***** Connection %d read %d bytes total.\n", - connection, countRead); - - return SECSuccess; /* success */ -} - -/* one copy of this function is launched in a separate thread for each -** connection to be made. -*/ -SECStatus -do_connects(void *a, int connection) -{ - PRNetAddr *addr = (PRNetAddr *)a; - PRFileDesc *sslSocket; - PRHostEnt hostEntry; - char buffer[PR_NETDB_BUF_SIZE]; - PRStatus prStatus; - PRIntn hostenum; - SECStatus secStatus; - - /* Set up SSL secure socket. */ - sslSocket = setupSSLSocket(addr); - if (sslSocket == NULL) { - errWarn("setupSSLSocket"); - return SECFailure; - } - - secStatus = SSL_SetPKCS11PinArg(sslSocket, password); - if (secStatus != SECSuccess) { - errWarn("SSL_SetPKCS11PinArg"); - return secStatus; - } - - secStatus = SSL_SetURL(sslSocket, hostName); - if (secStatus != SECSuccess) { - errWarn("SSL_SetURL"); - return secStatus; - } - - /* Prepare and setup network connection. */ - prStatus = PR_GetHostByName(hostName, buffer, sizeof(buffer), &hostEntry); - if (prStatus != PR_SUCCESS) { - errWarn("PR_GetHostByName"); - return SECFailure; - } - - hostenum = PR_EnumerateHostEnt(0, &hostEntry, port, addr); - if (hostenum == -1) { - errWarn("PR_EnumerateHostEnt"); - return SECFailure; - } - - prStatus = PR_Connect(sslSocket, addr, PR_INTERVAL_NO_TIMEOUT); - if (prStatus != PR_SUCCESS) { - errWarn("PR_Connect"); - return SECFailure; - } - - /* Established SSL connection, ready to send data. */ -#if 0 - secStatus = SSL_ForceHandshake(sslSocket); - if (secStatus != SECSuccess) { - errWarn("SSL_ForceHandshake"); - return secStatus; - } -#endif - - secStatus = SSL_ResetHandshake(sslSocket, /* asServer */ PR_FALSE); - if (secStatus != SECSuccess) { - errWarn("SSL_ResetHandshake"); - prStatus = PR_Close(sslSocket); - if (prStatus != PR_SUCCESS) { - errWarn("PR_Close"); - } - return secStatus; - } - - secStatus = handle_connection(sslSocket, connection); - if (secStatus != SECSuccess) { - errWarn("handle_connection"); - return secStatus; - } - - PR_Close(sslSocket); - return SECSuccess; -} - -void -client_main(unsigned short port, - int connections, - const char * hostName) -{ - int i; - SECStatus secStatus; - PRStatus prStatus; - PRInt32 rv; - PRNetAddr addr; - PRHostEnt hostEntry; - char buffer[256]; - - /* Setup network connection. */ - prStatus = PR_GetHostByName(hostName, buffer, 256, &hostEntry); - if (prStatus != PR_SUCCESS) { - exitErr("PR_GetHostByName"); - } - - rv = PR_EnumerateHostEnt(0, &hostEntry, port, &addr); - if (rv < 0) { - exitErr("PR_EnumerateHostEnt"); - } - - secStatus = launch_thread(&threadMGR, do_connects, &addr, 1); - if (secStatus != SECSuccess) { - exitErr("launch_thread"); - } - - if (connections > 1) { - /* wait for the first connection to terminate, then launch the rest. */ - reap_threads(&threadMGR); - /* Start up the connections */ - for (i = 2; i <= connections; ++i) { - secStatus = launch_thread(&threadMGR, do_connects, &addr, i); - if (secStatus != SECSuccess) { - errWarn("launch_thread"); - } - } - } - - reap_threads(&threadMGR); - destroy_thread_data(&threadMGR); -} - -int -main(int argc, char **argv) -{ - char * certDir = "."; - char * progName = NULL; - int connections = 1; - char * cipherString = NULL; - SECStatus secStatus; - PLOptState * optstate; - PLOptStatus status; - - /* Call the NSPR initialization routines */ - PR_Init( PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1); - - progName = PL_strdup(argv[0]); - - hostName = NULL; - optstate = PL_CreateOptState(argc, argv, "C:c:d:n:p:w:"); - while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) { - switch(optstate->option) { - case 'C' : cipherString = PL_strdup(optstate->value); break; - case 'c' : connections = PORT_Atoi(optstate->value); break; - case 'd' : certDir = PL_strdup(optstate->value); break; - case 'n' : certNickname = PL_strdup(optstate->value); break; - case 'p' : port = PORT_Atoi(optstate->value); break; - case 'w' : password = PL_strdup(optstate->value); break; - case '\0': hostName = PL_strdup(optstate->value); break; - default : Usage(progName); - } - } - - if (port == 0 || hostName == NULL) - Usage(progName); - - if (certDir == NULL) { - certDir = PR_smprintf("%s/.netscape", getenv("HOME")); - } - - /* Set our password function callback. */ - PK11_SetPasswordFunc(myPasswd); - - /* Initialize the NSS libraries. */ - secStatus = NSS_Init(certDir); - if (secStatus != SECSuccess) { - exitErr("NSS_Init"); - } - - /* All cipher suites except RSA_NULL_MD5 are enabled by Domestic Policy. */ - NSS_SetDomesticPolicy(); - SSL_CipherPrefSetDefault(SSL_RSA_WITH_NULL_MD5, PR_TRUE); - - /* all the SSL2 and SSL3 cipher suites are enabled by default. */ - if (cipherString) { - int ndx; - - /* disable all the ciphers, then enable the ones we want. */ - disableAllSSLCiphers(); - - while (0 != (ndx = *cipherString++)) { - int *cptr; - int cipher; - - if (! isalpha(ndx)) - Usage(progName); - cptr = islower(ndx) ? ssl3CipherSuites : ssl2CipherSuites; - for (ndx &= 0x1f; (cipher = *cptr++) != 0 && --ndx > 0; ) - /* do nothing */; - if (cipher) { - SSL_CipherPrefSetDefault(cipher, PR_TRUE); - } - } - } - - client_main(port, connections, hostName); - - if (NSS_Shutdown() != SECSuccess) { - exit(1); - } - PR_Cleanup(); - return 0; -} - diff --git a/security/nss/cmd/SSLsample/client.mn b/security/nss/cmd/SSLsample/client.mn deleted file mode 100644 index 5c7fa3d7c..000000000 --- a/security/nss/cmd/SSLsample/client.mn +++ /dev/null @@ -1,50 +0,0 @@ -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -CORE_DEPTH = ../../.. - -MODULE = nss - -EXPORTS = - -CSRCS = client.c \ - sslsample.c \ - $(NULL) - -PROGRAM = client - -REQUIRES = dbm - -IMPORTS = nss/lib/nss - -DEFINES = -DNSPR20 - diff --git a/security/nss/cmd/SSLsample/gencerts b/security/nss/cmd/SSLsample/gencerts deleted file mode 100755 index 80be66a43..000000000 --- a/security/nss/cmd/SSLsample/gencerts +++ /dev/null @@ -1,79 +0,0 @@ -#!/bin/sh -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# -# -# Script to generate sample db files neccessary for SSL. - -# Directory for db's, use in all subsequent -d flags. -rm -rf SampleCertDBs -mkdir SampleCertDBs - -# Password to use. -echo sample > passfile - -# Generate the db files, using the above password. -certutil -N -d SampleCertDBs -f passfile - -# Generate the CA cert. This cert is self-signed and only useful for -# test purposes. Set the trust bits to allow it to sign SSL client/server -# certs. -certutil -S -n SampleRootCA -x -t "CTu,CTu,CTu" \ - -s "CN=My Sample Root CA, O=My Organization" \ - -m 25000 -o ./SampleCertDBs/SampleRootCA.crt \ - -d SampleCertDBs -f passfile - -# Generate the server cert. This cert is signed by the CA cert generated -# above. The CN must be hostname.domain.[com|org|net|...]. -certutil -S -n SampleSSLServerCert -c SampleRootCA -t "u,u,u" \ - -s "CN=$HOSTNAME.$MYDOMAIN, O=$HOSTNAME Corp." \ - -m 25001 -o ./SampleCertDBs/SampleSSLServer.crt \ - -d SampleCertDBs -f passfile - -# Generate the client cert. This cert is signed by the CA cert generated -# above. -certutil -S -n SampleSSLClientCert -c SampleRootCA -t "u,u,u" \ - -s "CN=My Client Cert, O=Client Organization" \ - -m 25002 -o ./SampleCertDBs/SampleSSLClient.crt \ - -d SampleCertDBs -f passfile - -# Verify the certificates. -certutil -V -u V -n SampleSSLServerCert -d SampleCertDBs -certutil -V -u C -n SampleSSLClientCert -d SampleCertDBs - -# Remove unneccessary files. -rm -f passfile -rm -f tempcert* - -# You are now ready to run your client/server! Example command lines: -# server -n SampleSSLServerCert -p 8080 -d SampleCertDBs -w sample -c e -R -# client -n SampleSSLClientCert -p 8080 -d SampleCertDBs -w sample -c 2 trane.mcom.com diff --git a/security/nss/cmd/SSLsample/make.client b/security/nss/cmd/SSLsample/make.client deleted file mode 100644 index 3dd7705e3..000000000 --- a/security/nss/cmd/SSLsample/make.client +++ /dev/null @@ -1,78 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# -# - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include client.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - -#include $(CORE_DEPTH)/$(MODULE)/config/config.mk - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - -include ../platlibs.mk - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - -#CC = cc - - diff --git a/security/nss/cmd/SSLsample/make.server b/security/nss/cmd/SSLsample/make.server deleted file mode 100644 index 7969df798..000000000 --- a/security/nss/cmd/SSLsample/make.server +++ /dev/null @@ -1,77 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# -# - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include server.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - -#include $(CORE_DEPTH)/$(MODULE)/config/config.mk - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - -include ../platlibs.mk - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - - - diff --git a/security/nss/cmd/SSLsample/nmakefile95.nss b/security/nss/cmd/SSLsample/nmakefile95.nss deleted file mode 100755 index 5684478cd..000000000 --- a/security/nss/cmd/SSLsample/nmakefile95.nss +++ /dev/null @@ -1,60 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -# NSS 2.6.2 Sample Win95 Makefile -# -# -# This nmake file will build server.c and client.c on Windows 95. -# - -DEFINES=-D_X86_ -DXP_PC -UDEBUG -U_DEBUG -DNDEBUG -DWIN32 -D_WINDOWS - -INCPATH=/I. /I..\include\dbm /I..\include\nspr /I..\include\security - -LIBS=nss.lib ssl.lib pkcs7.lib pkcs12.lib secmod.lib cert.lib key.lib crypto.lib secutil.lib hash.lib dbm.lib libplc3.lib libplds3.lib libnspr3.lib wsock32.lib - -CFLAGS=-O2 -MD -W3 -nologo - -CC=cl - -LDOPTIONS=/link /LIBPATH:..\lib /nodefaultlib:libcd.lib /subsystem:console - -server: - $(CC) $(CFLAGS) $(INCPATH) /Feserver server.c getopt.c $(LIBS) $(DEFINES) $(LDOPTIONS) - -client: - $(CC) $(CFLAGS) $(INCPATH) /Feclient client.c getopt.c $(LIBS) $(DEFINES) $(LDOPTIONS) - -clean: - del /S server.exe client.exe server.lib server.exp client.lib client.exp server.obj client.obj getopt.obj - diff --git a/security/nss/cmd/SSLsample/nmakefilent.nss b/security/nss/cmd/SSLsample/nmakefilent.nss deleted file mode 100755 index 9d2d1ccc4..000000000 --- a/security/nss/cmd/SSLsample/nmakefilent.nss +++ /dev/null @@ -1,59 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -# NSS 2.6.2 Sample NT Makefile -# -# -# This nmake file will build server.c and client.c on Windows NT 4 SP3. -# - -DEFINES=-D_X86_ -GT -DWINNT -DXP_PC -UDEBUG -U_DEBUG -DNDEBUG -DWIN32 -D_WINDOWS -INCPATH=-I. -I..\include\dbm -I..\include\nspr -I..\include\security - -LIBS=nss.lib ssl.lib pkcs7.lib pkcs12.lib secmod.lib cert.lib key.lib crypto.lib secutil.lib hash.lib dbm.lib libplc3.lib libplds3.lib libnspr3.lib wsock32.lib - -CFLAGS=-O2 -MD -W3 -nologo - -CC=cl - -LDOPTIONS=/link /LIBPATH:..\lib /nodefaultlib:libcd.lib /subsystem:console - -server: - $(CC) $(CFLAGS) /Feserver server.c getopt.c $(LIBS) $(DEFINES) $(INCPATH) $(LDOPTIONS) - -client: - $(CC) $(CFLAGS) /Feclient client.c getopt.c $(LIBS) $(DEFINES) $(INCPATH) $(LDOPTIONS) - -clean: - del /S server.exe client.exe server.lib server.exp client.lib client.exp server.obj client.obj getopt.obj - diff --git a/security/nss/cmd/SSLsample/server.c b/security/nss/cmd/SSLsample/server.c deleted file mode 100644 index 1cc364e3a..000000000 --- a/security/nss/cmd/SSLsample/server.c +++ /dev/null @@ -1,821 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -/**************************************************************************** - * SSL server program listens on a port, accepts client connection, reads * - * request and responds to it * - ****************************************************************************/ - -/* Generic header files */ - -#include <stdio.h> -#include <string.h> - -/* NSPR header files */ - -#include "nspr.h" -#include "plgetopt.h" -#include "prerror.h" -#include "prnetdb.h" - -/* NSS header files */ - -#include "pk11func.h" -#include "secitem.h" -#include "ssl.h" -#include "certt.h" -#include "nss.h" -#include "secder.h" -#include "key.h" -#include "sslproto.h" - -/* Custom header files */ - -#include "sslsample.h" - -#ifndef PORT_Sprintf -#define PORT_Sprintf sprintf -#endif - -#define REQUEST_CERT_ONCE 1 -#define REQUIRE_CERT_ONCE 2 -#define REQUEST_CERT_ALL 3 -#define REQUIRE_CERT_ALL 4 - -/* Global variables */ -GlobalThreadMgr threadMGR; -char *password = NULL; -CERTCertificate *cert = NULL; -SECKEYPrivateKey *privKey = NULL; -int stopping; - -static void -Usage(const char *progName) -{ - fprintf(stderr, - -"Usage: %s -n rsa_nickname -p port [-3RFrf] [-w password]\n" -" [-c ciphers] [-d dbdir] \n" -"-3 means disable SSL v3\n" -"-r means request certificate on first handshake.\n" -"-f means require certificate on first handshake.\n" -"-R means request certificate on all handshakes.\n" -"-F means require certificate on all handshakes.\n" -"-c ciphers Letter(s) chosen from the following list\n" -"A SSL2 RC4 128 WITH MD5\n" -"B SSL2 RC4 128 EXPORT40 WITH MD5\n" -"C SSL2 RC2 128 CBC WITH MD5\n" -"D SSL2 RC2 128 CBC EXPORT40 WITH MD5\n" -"E SSL2 DES 64 CBC WITH MD5\n" -"F SSL2 DES 192 EDE3 CBC WITH MD5\n" -"\n" -"a SSL3 FORTEZZA DMS WITH FORTEZZA CBC SHA\n" -"b SSL3 FORTEZZA DMS WITH RC4 128 SHA\n" -"c SSL3 RSA WITH RC4 128 MD5\n" -"d SSL3 RSA WITH 3DES EDE CBC SHA\n" -"e SSL3 RSA WITH DES CBC SHA\n" -"f SSL3 RSA EXPORT WITH RC4 40 MD5\n" -"g SSL3 RSA EXPORT WITH RC2 CBC 40 MD5\n" -"h SSL3 FORTEZZA DMS WITH NULL SHA\n" -"i SSL3 RSA WITH NULL MD5\n" -"j SSL3 RSA FIPS WITH 3DES EDE CBC SHA\n" -"k SSL3 RSA FIPS WITH DES CBC SHA\n" -"l SSL3 RSA EXPORT WITH DES CBC SHA\t(new)\n" -"m SSL3 RSA EXPORT WITH RC4 56 SHA\t(new)\n", - progName); - exit(1); -} - -/* Function: readDataFromSocket() - * - * Purpose: Parse an HTTP request by reading data from a GET or POST. - * - */ -SECStatus -readDataFromSocket(PRFileDesc *sslSocket, DataBuffer *buffer, char **fileName) -{ - char *post; - int numBytes = 0; - int newln = 0; /* # of consecutive newlns */ - - /* Read data while it comes in from the socket. */ - while (PR_TRUE) { - buffer->index = 0; - newln = 0; - - /* Read the buffer. */ - numBytes = PR_Read(sslSocket, &buffer->data[buffer->index], - buffer->remaining); - if (numBytes <= 0) { - errWarn("PR_Read"); - return SECFailure; - } - buffer->dataEnd = buffer->dataStart + numBytes; - - /* Parse the input, starting at the beginning of the buffer. - * Stop when we detect two consecutive \n's (or \r\n's) - * as this signifies the end of the GET or POST portion. - * The posted data follows. - */ - while (buffer->index < buffer->dataEnd && newln < 2) { - int octet = buffer->data[buffer->index++]; - if (octet == '\n') { - newln++; - } else if (octet != '\r') { - newln = 0; - } - } - - /* Came to the end of the buffer, or second newline. - * If we didn't get an empty line ("\r\n\r\n"), then keep on reading. - */ - if (newln < 2) - continue; - - /* we're at the end of the HTTP request. - * If the request is a POST, then there will be one more - * line of data. - * This parsing is a hack, but ok for SSL test purposes. - */ - post = PORT_Strstr(buffer->data, "POST "); - if (!post || *post != 'P') - break; - - /* It's a post, so look for the next and final CR/LF. */ - /* We should parse content length here, but ... */ - while (buffer->index < buffer->dataEnd && newln < 3) { - int octet = buffer->data[buffer->index++]; - if (octet == '\n') { - newln++; - } - } - - if (newln == 3) - break; - } - - /* Have either (a) a complete get, (b) a complete post, (c) EOF */ - - /* Execute a "GET " operation. */ - if (buffer->index > 0 && PORT_Strncmp(buffer->data, "GET ", 4) == 0) { - int fnLength; - - /* File name is the part after "GET ". */ - fnLength = strcspn(buffer->data + 5, " \r\n"); - *fileName = (char *)PORT_Alloc(fnLength + 1); - PORT_Strncpy(*fileName, buffer->data + 5, fnLength); - (*fileName)[fnLength] = '\0'; - } - - return SECSuccess; -} - -/* Function: authenticateSocket() - * - * Purpose: Configure a socket for SSL. - * - * - */ -PRFileDesc * -setupSSLSocket(PRFileDesc *tcpSocket, int requestCert) -{ - PRFileDesc *sslSocket; - SSLKEAType certKEA; - int certErr = 0; - SECStatus secStatus; - - /* Set the appropriate flags. */ - - sslSocket = SSL_ImportFD(NULL, tcpSocket); - if (sslSocket == NULL) { - errWarn("SSL_ImportFD"); - goto loser; - } - - secStatus = SSL_OptionSet(sslSocket, SSL_SECURITY, PR_TRUE); - if (secStatus != SECSuccess) { - errWarn("SSL_OptionSet SSL_SECURITY"); - goto loser; - } - - secStatus = SSL_OptionSet(sslSocket, SSL_HANDSHAKE_AS_SERVER, PR_TRUE); - if (secStatus != SECSuccess) { - errWarn("SSL_OptionSet:SSL_HANDSHAKE_AS_SERVER"); - goto loser; - } - - secStatus = SSL_OptionSet(sslSocket, SSL_REQUEST_CERTIFICATE, - (requestCert >= REQUEST_CERT_ONCE)); - if (secStatus != SECSuccess) { - errWarn("SSL_OptionSet:SSL_REQUEST_CERTIFICATE"); - goto loser; - } - - secStatus = SSL_OptionSet(sslSocket, SSL_REQUIRE_CERTIFICATE, - (requestCert == REQUIRE_CERT_ONCE)); - if (secStatus != SECSuccess) { - errWarn("SSL_OptionSet:SSL_REQUIRE_CERTIFICATE"); - goto loser; - } - - /* Set the appropriate callback routines. */ - - secStatus = SSL_AuthCertificateHook(sslSocket, myAuthCertificate, - CERT_GetDefaultCertDB()); - if (secStatus != SECSuccess) { - errWarn("SSL_AuthCertificateHook"); - goto loser; - } - - secStatus = SSL_BadCertHook(sslSocket, - (SSLBadCertHandler)myBadCertHandler, &certErr); - if (secStatus != SECSuccess) { - errWarn("SSL_BadCertHook"); - goto loser; - } - - secStatus = SSL_HandshakeCallback(sslSocket, - (SSLHandshakeCallback)myHandshakeCallback, - NULL); - if (secStatus != SECSuccess) { - errWarn("SSL_HandshakeCallback"); - goto loser; - } - - secStatus = SSL_SetPKCS11PinArg(sslSocket, password); - if (secStatus != SECSuccess) { - errWarn("SSL_HandshakeCallback"); - goto loser; - } - - certKEA = NSS_FindCertKEAType(cert); - - secStatus = SSL_ConfigSecureServer(sslSocket, cert, privKey, certKEA); - if (secStatus != SECSuccess) { - errWarn("SSL_ConfigSecureServer"); - goto loser; - } - - return sslSocket; - -loser: - - PR_Close(tcpSocket); - return NULL; -} - -/* Function: authenticateSocket() - * - * Purpose: Perform client authentication on the socket. - * - */ -SECStatus -authenticateSocket(PRFileDesc *sslSocket, PRBool requireCert) -{ - CERTCertificate *cert; - SECStatus secStatus; - - /* Returns NULL if client authentication is not enabled or if the - * client had no certificate. */ - cert = SSL_PeerCertificate(sslSocket); - if (cert) { - /* Client had a certificate, so authentication is through. */ - CERT_DestroyCertificate(cert); - return SECSuccess; - } - - /* Request client to authenticate itself. */ - secStatus = SSL_OptionSet(sslSocket, SSL_REQUEST_CERTIFICATE, PR_TRUE); - if (secStatus != SECSuccess) { - errWarn("SSL_OptionSet:SSL_REQUEST_CERTIFICATE"); - return SECFailure; - } - - /* If desired, require client to authenticate itself. Note - * SSL_REQUEST_CERTIFICATE must also be on, as above. */ - secStatus = SSL_OptionSet(sslSocket, SSL_REQUIRE_CERTIFICATE, requireCert); - if (secStatus != SECSuccess) { - errWarn("SSL_OptionSet:SSL_REQUIRE_CERTIFICATE"); - return SECFailure; - } - - /* Having changed socket configuration parameters, redo handshake. */ - secStatus = SSL_ReHandshake(sslSocket, PR_TRUE); - if (secStatus != SECSuccess) { - errWarn("SSL_ReHandshake"); - return SECFailure; - } - - /* Force the handshake to complete before moving on. */ - secStatus = SSL_ForceHandshake(sslSocket); - if (secStatus != SECSuccess) { - errWarn("SSL_ForceHandshake"); - return SECFailure; - } - - return SECSuccess; -} - -/* Function: writeDataToSocket - * - * Purpose: Write the client's request back to the socket. If the client - * requested a file, dump it to the socket. - * - */ -SECStatus -writeDataToSocket(PRFileDesc *sslSocket, DataBuffer *buffer, char *fileName) -{ - int headerLength; - int numBytes; - char messageBuffer[120]; - PRFileDesc *local_file_fd = NULL; - char header[] = "<html><body><h1>Sample SSL server</h1><br><br>"; - char filehd[] = "<h2>The file you requested:</h2><br>"; - char reqhd[] = "<h2>This is your request:</h2><br>"; - char link[] = "Try getting a <a HREF=\"../testfile\">file</a><br>"; - char footer[] = "<br><h2>End of request.</h2><br></body></html>"; - - headerLength = PORT_Strlen(defaultHeader); - - /* Write a header to the socket. */ - numBytes = PR_Write(sslSocket, header, PORT_Strlen(header)); - if (numBytes < 0) { - errWarn("PR_Write"); - goto loser; - } - - if (fileName) { - PRFileInfo info; - PRStatus prStatus; - - /* Try to open the local file named. - * If successful, then write it to the client. - */ - prStatus = PR_GetFileInfo(fileName, &info); - if (prStatus != PR_SUCCESS || - info.type != PR_FILE_FILE || - info.size < 0) { - PORT_Free(fileName); - /* Maybe a GET not sent from client.c? */ - goto writerequest; - } - - local_file_fd = PR_Open(fileName, PR_RDONLY, 0); - if (local_file_fd == NULL) { - PORT_Free(fileName); - goto writerequest; - } - - /* Write a header to the socket. */ - numBytes = PR_Write(sslSocket, filehd, PORT_Strlen(filehd)); - if (numBytes < 0) { - errWarn("PR_Write"); - goto loser; - } - - /* Transmit the local file prepended by the default header - * across the socket. - */ - numBytes = PR_TransmitFile(sslSocket, local_file_fd, - defaultHeader, headerLength, - PR_TRANSMITFILE_KEEP_OPEN, - PR_INTERVAL_NO_TIMEOUT); - - /* Error in transmission. */ - if (numBytes < 0) { - errWarn("PR_TransmitFile"); - /* - i = PORT_Strlen(errString); - PORT_Memcpy(buf, errString, i); - */ - /* Transmitted bytes successfully. */ - } else { - numBytes -= headerLength; - fprintf(stderr, "PR_TransmitFile wrote %d bytes from %s\n", - numBytes, fileName); - } - - PORT_Free(fileName); - PR_Close(local_file_fd); - } - -writerequest: - - /* Write a header to the socket. */ - numBytes = PR_Write(sslSocket, reqhd, PORT_Strlen(reqhd)); - if (numBytes < 0) { - errWarn("PR_Write"); - goto loser; - } - - /* Write the buffer data to the socket. */ - if (buffer->index <= 0) { - /* Reached the EOF. Report incomplete transaction to socket. */ - PORT_Sprintf(messageBuffer, - "GET or POST incomplete after %d bytes.\r\n", - buffer->dataEnd); - numBytes = PR_Write(sslSocket, messageBuffer, - PORT_Strlen(messageBuffer)); - if (numBytes < 0) { - errWarn("PR_Write"); - goto loser; - } - } else { - /* Display the buffer data. */ - fwrite(buffer->data, 1, buffer->index, stdout); - /* Write the buffer data to the socket. */ - numBytes = PR_Write(sslSocket, buffer->data, buffer->index); - if (numBytes < 0) { - errWarn("PR_Write"); - goto loser; - } - /* Display security information for the socket. */ - printSecurityInfo(sslSocket); - /* Write any discarded data out to the socket. */ - if (buffer->index < buffer->dataEnd) { - PORT_Sprintf(buffer->data, "Discarded %d characters.\r\n", - buffer->dataEnd - buffer->index); - numBytes = PR_Write(sslSocket, buffer->data, - PORT_Strlen(buffer->data)); - if (numBytes < 0) { - errWarn("PR_Write"); - goto loser; - } - } - } - - /* Write a footer to the socket. */ - numBytes = PR_Write(sslSocket, footer, PORT_Strlen(footer)); - if (numBytes < 0) { - errWarn("PR_Write"); - goto loser; - } - - /* Write a link to the socket. */ - numBytes = PR_Write(sslSocket, link, PORT_Strlen(link)); - if (numBytes < 0) { - errWarn("PR_Write"); - goto loser; - } - - /* Complete the HTTP transaction. */ - numBytes = PR_Write(sslSocket, "EOF\r\n\r\n\r\n", 9); - if (numBytes < 0) { - errWarn("PR_Write"); - goto loser; - } - - /* Do a nice shutdown if asked. */ - if (!strncmp(buffer->data, stopCmd, strlen(stopCmd))) { - stopping = 1; - } - return SECSuccess; - -loser: - - /* Do a nice shutdown if asked. */ - if (!strncmp(buffer->data, stopCmd, strlen(stopCmd))) { - stopping = 1; - } - return SECFailure; -} - -/* Function: int handle_connection() - * - * Purpose: Thread to handle a connection to a socket. - * - */ -SECStatus -handle_connection(void *tcp_sock, int requestCert) -{ - PRFileDesc * tcpSocket = (PRFileDesc *)tcp_sock; - PRFileDesc * sslSocket = NULL; - SECStatus secStatus = SECFailure; - PRStatus prStatus; - PRSocketOptionData socketOption; - DataBuffer buffer; - char * fileName = NULL; - - /* Initialize the data buffer. */ - memset(buffer.data, 0, BUFFER_SIZE); - buffer.remaining = BUFFER_SIZE; - buffer.index = 0; - buffer.dataStart = 0; - buffer.dataEnd = 0; - - /* Make sure the socket is blocking. */ - socketOption.option = PR_SockOpt_Nonblocking; - socketOption.value.non_blocking = PR_FALSE; - PR_SetSocketOption(tcpSocket, &socketOption); - - sslSocket = setupSSLSocket(tcpSocket, requestCert); - if (sslSocket == NULL) { - errWarn("setupSSLSocket"); - goto cleanup; - } - - secStatus = SSL_ResetHandshake(sslSocket, /* asServer */ PR_TRUE); - if (secStatus != SECSuccess) { - errWarn("SSL_ResetHandshake"); - goto cleanup; - } - - /* Read data from the socket, parse it for HTTP content. - * If the user is requesting/requiring authentication, authenticate - * the socket. Then write the result back to the socket. */ - fprintf(stdout, "\nReading data from socket...\n\n"); - secStatus = readDataFromSocket(sslSocket, &buffer, &fileName); - if (secStatus != SECSuccess) { - goto cleanup; - } - if (requestCert >= REQUEST_CERT_ALL) { - fprintf(stdout, "\nAuthentication requested.\n\n"); - secStatus = authenticateSocket(sslSocket, - (requestCert == REQUIRE_CERT_ALL)); - if (secStatus != SECSuccess) { - goto cleanup; - } - } - - fprintf(stdout, "\nWriting data to socket...\n\n"); - secStatus = writeDataToSocket(sslSocket, &buffer, fileName); - -cleanup: - - /* Close down the socket. */ - prStatus = PR_Close(tcpSocket); - if (prStatus != PR_SUCCESS) { - errWarn("PR_Close"); - } - - return secStatus; -} - -/* Function: int accept_connection() - * - * Purpose: Thread to accept a connection to the socket. - * - */ -SECStatus -accept_connection(void *listener, int requestCert) -{ - PRFileDesc *listenSocket = (PRFileDesc*)listener; - PRNetAddr addr; - PRStatus prStatus; - - /* XXX need an SSL socket here? */ - while (!stopping) { - PRFileDesc *tcpSocket; - SECStatus result; - - fprintf(stderr, "\n\n\nAbout to call accept.\n"); - - /* Accept a connection to the socket. */ - tcpSocket = PR_Accept(listenSocket, &addr, PR_INTERVAL_NO_TIMEOUT); - if (tcpSocket == NULL) { - errWarn("PR_Accept"); - break; - } - - /* Accepted the connection, now handle it. */ - result = launch_thread(&threadMGR, handle_connection, - tcpSocket, requestCert); - - if (result != SECSuccess) { - prStatus = PR_Close(tcpSocket); - if (prStatus != PR_SUCCESS) { - exitErr("PR_Close"); - } - break; - } - } - - fprintf(stderr, "Closing listen socket.\n"); - - prStatus = PR_Close(listenSocket); - if (prStatus != PR_SUCCESS) { - exitErr("PR_Close"); - } - return SECSuccess; -} - -/* Function: void server_main() - * - * Purpose: This is the server's main function. It configures a socket - * and listens to it. - * - */ -void -server_main( - unsigned short port, - int requestCert, - SECKEYPrivateKey * privKey, - CERTCertificate * cert, - PRBool disableSSL3) -{ - SECStatus secStatus; - PRStatus prStatus; - PRFileDesc * listenSocket; - PRNetAddr addr; - PRSocketOptionData socketOption; - - /* Create a new socket. */ - listenSocket = PR_NewTCPSocket(); - if (listenSocket == NULL) { - exitErr("PR_NewTCPSocket"); - } - - /* Set socket to be blocking - - * on some platforms the default is nonblocking. - */ - socketOption.option = PR_SockOpt_Nonblocking; - socketOption.value.non_blocking = PR_FALSE; - - prStatus = PR_SetSocketOption(listenSocket, &socketOption); - if (prStatus != PR_SUCCESS) { - exitErr("PR_SetSocketOption"); - } - - /* This cipher is not on by default. The Acceptance test - * would like it to be. Turn this cipher on. - */ - secStatus = SSL_CipherPrefSetDefault(SSL_RSA_WITH_NULL_MD5, PR_TRUE); - if (secStatus != SECSuccess) { - exitErr("SSL_CipherPrefSetDefault:SSL_RSA_WITH_NULL_MD5"); - } - - /* Configure the network connection. */ - addr.inet.family = PR_AF_INET; - addr.inet.ip = PR_INADDR_ANY; - addr.inet.port = PR_htons(port); - - /* Bind the address to the listener socket. */ - prStatus = PR_Bind(listenSocket, &addr); - if (prStatus != PR_SUCCESS) { - exitErr("PR_Bind"); - } - - /* Listen for connection on the socket. The second argument is - * the maximum size of the queue for pending connections. - */ - prStatus = PR_Listen(listenSocket, 5); - if (prStatus != PR_SUCCESS) { - exitErr("PR_Listen"); - } - - /* Launch thread to handle connections to the socket. */ - secStatus = launch_thread(&threadMGR, accept_connection, - listenSocket, requestCert); - if (secStatus != SECSuccess) { - PR_Close(listenSocket); - } else { - reap_threads(&threadMGR); - destroy_thread_data(&threadMGR); - } -} - -/* Function: int main() - * - * Purpose: Parses command arguments and configures SSL server. - * - */ -int -main(int argc, char **argv) -{ - char * progName = NULL; - char * nickName = NULL; - char * cipherString = NULL; - char * dir = "."; - int requestCert = 0; - unsigned short port = 0; - SECStatus secStatus; - PRBool disableSSL3 = PR_FALSE; - PLOptState * optstate; - PLOptStatus status; - - /* Zero out the thread manager. */ - PORT_Memset(&threadMGR, 0, sizeof(threadMGR)); - - progName = PL_strdup(argv[0]); - - optstate = PL_CreateOptState(argc, argv, "3FRc:d:fp:n:rw:"); - while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) { - switch(optstate->option) { - case '3': disableSSL3 = PR_TRUE; break; - case 'F': requestCert = REQUIRE_CERT_ALL; break; - case 'R': requestCert = REQUEST_CERT_ALL; break; - case 'c': cipherString = PL_strdup(optstate->value); break; - case 'd': dir = PL_strdup(optstate->value); break; - case 'f': requestCert = REQUIRE_CERT_ONCE; break; - case 'n': nickName = PL_strdup(optstate->value); break; - case 'p': port = PORT_Atoi(optstate->value); break; - case 'r': requestCert = REQUEST_CERT_ONCE; break; - case 'w': password = PL_strdup(optstate->value); break; - default: - case '?': Usage(progName); - } - } - - if (nickName == NULL || port == 0) - Usage(progName); - - /* Call the NSPR initialization routines. */ - PR_Init( PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1); - - /* Set the cert database password callback. */ - PK11_SetPasswordFunc(myPasswd); - - /* Initialize NSS. */ - secStatus = NSS_Init(dir); - if (secStatus != SECSuccess) { - exitErr("NSS_Init"); - } - - /* Set the policy for this server (REQUIRED - no default). */ - secStatus = NSS_SetDomesticPolicy(); - if (secStatus != SECSuccess) { - exitErr("NSS_SetDomesticPolicy"); - } - - /* XXX keep this? */ - /* all the SSL2 and SSL3 cipher suites are enabled by default. */ - if (cipherString) { - int ndx; - - /* disable all the ciphers, then enable the ones we want. */ - disableAllSSLCiphers(); - - while (0 != (ndx = *cipherString++)) { - int *cptr; - int cipher; - - if (! isalpha(ndx)) - Usage(progName); - cptr = islower(ndx) ? ssl3CipherSuites : ssl2CipherSuites; - for (ndx &= 0x1f; (cipher = *cptr++) != 0 && --ndx > 0; ) - /* do nothing */; - if (cipher) { - SECStatus status; - status = SSL_CipherPrefSetDefault(cipher, PR_TRUE); - if (status != SECSuccess) - errWarn("SSL_CipherPrefSetDefault()"); - } - } - } - - /* Get own certificate and private key. */ - cert = PK11_FindCertFromNickname(nickName, password); - if (cert == NULL) { - exitErr("PK11_FindCertFromNickname"); - } - - privKey = PK11_FindKeyByAnyCert(cert, password); - if (privKey == NULL) { - exitErr("PK11_FindKeyByAnyCert"); - } - - /* Configure the server's cache for a multi-process application - * using default timeout values (24 hrs) and directory location (/tmp). - */ - SSL_ConfigMPServerSIDCache(256, 0, 0, NULL); - - /* Launch server. */ - server_main(port, requestCert, privKey, cert, disableSSL3); - - /* Shutdown NSS and exit NSPR gracefully. */ - if (NSS_Shutdown() != SECSuccess) { - exit(1); - } - PR_Cleanup(); - return 0; -} diff --git a/security/nss/cmd/SSLsample/server.mn b/security/nss/cmd/SSLsample/server.mn deleted file mode 100644 index 3ce1181d9..000000000 --- a/security/nss/cmd/SSLsample/server.mn +++ /dev/null @@ -1,48 +0,0 @@ -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -CORE_DEPTH = ../../.. - -MODULE = nss - -EXPORTS = - -CSRCS = server.c \ - sslsample.c \ - $(NULL) - -PROGRAM = server - -REQUIRES = dbm - -DEFINES = -DNSPR20 - diff --git a/security/nss/cmd/SSLsample/sslerror.h b/security/nss/cmd/SSLsample/sslerror.h deleted file mode 100644 index 8ad908569..000000000 --- a/security/nss/cmd/SSLsample/sslerror.h +++ /dev/null @@ -1,110 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -#include <stdio.h> -#include <string.h> -#include "nspr.h" - -struct tuple_str { - PRErrorCode errNum; - const char * errString; -}; - -typedef struct tuple_str tuple_str; - -#define ER2(a,b) {a, b}, -#define ER3(a,b,c) {a, c}, - -#include "secerr.h" -#include "sslerr.h" - -const tuple_str errStrings[] = { - -/* keep this list in asceding order of error numbers */ -#include "SSLerrs.h" -#include "SECerrs.h" -#include "NSPRerrs.h" - -}; - -const PRInt32 numStrings = sizeof(errStrings) / sizeof(tuple_str); - -/* Returns a UTF-8 encoded constant error string for "errNum". - * Returns NULL of errNum is unknown. - */ -const char * -SSL_Strerror(PRErrorCode errNum) { - PRInt32 low = 0; - PRInt32 high = numStrings - 1; - PRInt32 i; - PRErrorCode num; - static int initDone; - - /* make sure table is in ascending order. - * binary search depends on it. - */ - if (!initDone) { - PRErrorCode lastNum = (PRInt32)0x80000000; - for (i = low; i <= high; ++i) { - num = errStrings[i].errNum; - if (num <= lastNum) { - fprintf(stderr, -"sequence error in error strings at item %d\n" -"error %d (%s)\n" -"should come after \n" -"error %d (%s)\n", - i, lastNum, errStrings[i-1].errString, - num, errStrings[i].errString); - } - lastNum = num; - } - initDone = 1; - } - - /* Do binary search of table. */ - while (low + 1 < high) { - i = (low + high) / 2; - num = errStrings[i].errNum; - if (errNum == num) - return errStrings[i].errString; - if (errNum < num) - high = i; - else - low = i; - } - if (errNum == errStrings[low].errNum) - return errStrings[low].errString; - if (errNum == errStrings[high].errNum) - return errStrings[high].errString; - return NULL; -} diff --git a/security/nss/cmd/SSLsample/sslsample.c b/security/nss/cmd/SSLsample/sslsample.c deleted file mode 100644 index f0b520cb9..000000000 --- a/security/nss/cmd/SSLsample/sslsample.c +++ /dev/null @@ -1,591 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -#include "sslsample.h" -#include "sslerror.h" - -/* Declare SSL cipher suites. */ - -int ssl2CipherSuites[] = { - SSL_EN_RC4_128_WITH_MD5, /* A */ - SSL_EN_RC4_128_EXPORT40_WITH_MD5, /* B */ - SSL_EN_RC2_128_CBC_WITH_MD5, /* C */ - SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5, /* D */ - SSL_EN_DES_64_CBC_WITH_MD5, /* E */ - SSL_EN_DES_192_EDE3_CBC_WITH_MD5, /* F */ - 0 -}; - -int ssl3CipherSuites[] = { - SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA, /* a */ - SSL_FORTEZZA_DMS_WITH_RC4_128_SHA, /* b */ - SSL_RSA_WITH_RC4_128_MD5, /* c */ - SSL_RSA_WITH_3DES_EDE_CBC_SHA, /* d */ - SSL_RSA_WITH_DES_CBC_SHA, /* e */ - SSL_RSA_EXPORT_WITH_RC4_40_MD5, /* f */ - SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, /* g */ - SSL_FORTEZZA_DMS_WITH_NULL_SHA, /* h */ - SSL_RSA_WITH_NULL_MD5, /* i */ - SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, /* j */ - SSL_RSA_FIPS_WITH_DES_CBC_SHA, /* k */ - TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, /* l */ - TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, /* m */ - 0 -}; - -/************************************************************************** -** -** SSL callback routines. -** -**************************************************************************/ - -/* Function: char * myPasswd() - * - * Purpose: This function is our custom password handler that is called by - * SSL when retreiving private certs and keys from the database. Returns a - * pointer to a string that with a password for the database. Password pointer - * should point to dynamically allocated memory that will be freed later. - */ -char * -myPasswd(PK11SlotInfo *info, PRBool retry, void *arg) -{ - char * passwd = NULL; - - if ( (!retry) && arg ) { - passwd = PORT_Strdup((char *)arg); - } - - return passwd; -} - -/* Function: SECStatus myAuthCertificate() - * - * Purpose: This function is our custom certificate authentication handler. - * - * Note: This implementation is essentially the same as the default - * SSL_AuthCertificate(). - */ -SECStatus -myAuthCertificate(void *arg, PRFileDesc *socket, - PRBool checksig, PRBool isServer) -{ - - SECCertUsage certUsage; - CERTCertificate * cert; - void * pinArg; - char * hostName; - SECStatus secStatus; - - if (!arg || !socket) { - errWarn("myAuthCertificate"); - return SECFailure; - } - - /* Define how the cert is being used based upon the isServer flag. */ - - certUsage = isServer ? certUsageSSLClient : certUsageSSLServer; - - cert = SSL_PeerCertificate(socket); - - pinArg = SSL_RevealPinArg(socket); - - secStatus = CERT_VerifyCertNow((CERTCertDBHandle *)arg, - cert, - checksig, - certUsage, - pinArg); - - /* If this is a server, we're finished. */ - if (isServer || secStatus != SECSuccess) { - CERT_DestroyCertificate(cert); - return secStatus; - } - - /* Certificate is OK. Since this is the client side of an SSL - * connection, we need to verify that the name field in the cert - * matches the desired hostname. This is our defense against - * man-in-the-middle attacks. - */ - - /* SSL_RevealURL returns a hostName, not an URL. */ - hostName = SSL_RevealURL(socket); - - if (hostName && hostName[0]) { - secStatus = CERT_VerifyCertName(cert, hostName); - } else { - PR_SetError(SSL_ERROR_BAD_CERT_DOMAIN, 0); - secStatus = SECFailure; - } - - if (hostName) - PR_Free(hostName); - - CERT_DestroyCertificate(cert); - return secStatus; -} - -/* Function: SECStatus myBadCertHandler() - * - * Purpose: This callback is called when the incoming certificate is not - * valid. We define a certain set of parameters that still cause the - * certificate to be "valid" for this session, and return SECSuccess to cause - * the server to continue processing the request when any of these conditions - * are met. Otherwise, SECFailure is return and the server rejects the - * request. - */ -SECStatus -myBadCertHandler(void *arg, PRFileDesc *socket) -{ - - SECStatus secStatus = SECFailure; - PRErrorCode err; - - /* log invalid cert here */ - - if (!arg) { - return secStatus; - } - - *(PRErrorCode *)arg = err = PORT_GetError(); - - /* If any of the cases in the switch are met, then we will proceed */ - /* with the processing of the request anyway. Otherwise, the default */ - /* case will be reached and we will reject the request. */ - - switch (err) { - case SEC_ERROR_INVALID_AVA: - case SEC_ERROR_INVALID_TIME: - case SEC_ERROR_BAD_SIGNATURE: - case SEC_ERROR_EXPIRED_CERTIFICATE: - case SEC_ERROR_UNKNOWN_ISSUER: - case SEC_ERROR_UNTRUSTED_CERT: - case SEC_ERROR_CERT_VALID: - case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE: - case SEC_ERROR_CRL_EXPIRED: - case SEC_ERROR_CRL_BAD_SIGNATURE: - case SEC_ERROR_EXTENSION_VALUE_INVALID: - case SEC_ERROR_CA_CERT_INVALID: - case SEC_ERROR_CERT_USAGES_INVALID: - case SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION: - secStatus = SECSuccess; - break; - default: - secStatus = SECFailure; - break; - } - - printf("Bad certificate: %d, %s\n", err, SSL_Strerror(err)); - - return secStatus; -} - -/* Function: SECStatus ownGetClientAuthData() - * - * Purpose: This callback is used by SSL to pull client certificate - * information upon server request. - */ -SECStatus -myGetClientAuthData(void *arg, - PRFileDesc *socket, - struct CERTDistNamesStr *caNames, - struct CERTCertificateStr **pRetCert, - struct SECKEYPrivateKeyStr **pRetKey) -{ - - CERTCertificate * cert; - SECKEYPrivateKey * privKey; - char * chosenNickName = (char *)arg; - void * proto_win = NULL; - SECStatus secStatus = SECFailure; - - proto_win = SSL_RevealPinArg(socket); - - if (chosenNickName) { - cert = PK11_FindCertFromNickname(chosenNickName, proto_win); - if (cert) { - privKey = PK11_FindKeyByAnyCert(cert, proto_win); - if (privKey) { - secStatus = SECSuccess; - } else { - CERT_DestroyCertificate(cert); - } - } - } else { /* no nickname given, automatically find the right cert */ - CERTCertNicknames *names; - int i; - - names = CERT_GetCertNicknames(CERT_GetDefaultCertDB(), - SEC_CERT_NICKNAMES_USER, proto_win); - - if (names != NULL) { - for(i = 0; i < names->numnicknames; i++ ) { - - cert = PK11_FindCertFromNickname(names->nicknames[i], - proto_win); - if (!cert) { - continue; - } - - /* Only check unexpired certs */ - if (CERT_CheckCertValidTimes(cert, PR_Now(), PR_FALSE) - != secCertTimeValid ) { - CERT_DestroyCertificate(cert); - continue; - } - - secStatus = NSS_CmpCertChainWCANames(cert, caNames); - if (secStatus == SECSuccess) { - privKey = PK11_FindKeyByAnyCert(cert, proto_win); - if (privKey) { - break; - } - secStatus = SECFailure; - break; - } - } /* for loop */ - CERT_FreeNicknames(names); - } - } - - if (secStatus == SECSuccess) { - *pRetCert = cert; - *pRetKey = privKey; - } - - return secStatus; -} - -/* Function: SECStatus myHandshakeCallback() - * - * Purpose: Called by SSL to inform application that the handshake is - * complete. This function is mostly used on the server side of an SSL - * connection, although it is provided for a client as well. - * Useful when a non-blocking SSL_ReHandshake or SSL_ResetHandshake - * is used to initiate a handshake. - * - * A typical scenario would be: - * - * 1. Server accepts an SSL connection from the client without client auth. - * 2. Client sends a request. - * 3. Server determines that to service request it needs to authenticate the - * client and initiates another handshake requesting client auth. - * 4. While handshake is in progress, server can do other work or spin waiting - * for the handshake to complete. - * 5. Server is notified that handshake has been successfully completed by - * the custom handshake callback function and it can service the client's - * request. - * - * Note: This function is not implemented in this sample, as we are using - * blocking sockets. - */ -SECStatus -myHandshakeCallback(PRFileDesc *socket, void *arg) -{ - printf("Handshake has completed, ready to send data securely.\n"); - return SECSuccess; -} - - -/************************************************************************** -** -** Routines for disabling SSL ciphers. -** -**************************************************************************/ - -void -disableAllSSLCiphers(void) -{ - const PRUint16 *cipherSuites = SSL_ImplementedCiphers; - int i = SSL_NumImplementedCiphers; - SECStatus rv; - - /* disable all the SSL3 cipher suites */ - while (--i >= 0) { - PRUint16 suite = cipherSuites[i]; - rv = SSL_CipherPrefSetDefault(suite, PR_FALSE); - if (rv != SECSuccess) { - printf("SSL_CipherPrefSetDefault didn't like value 0x%04x (i = %d)\n", - suite, i); - errWarn("SSL_CipherPrefSetDefault"); - exit(2); - } - } -} - -/************************************************************************** -** -** Error and information routines. -** -**************************************************************************/ - -void -errWarn(char *function) -{ - PRErrorCode errorNumber = PR_GetError(); - const char * errorString = SSL_Strerror(errorNumber); - - printf("Error in function %s: %d\n - %s\n", - function, errorNumber, errorString); -} - -void -exitErr(char *function) -{ - errWarn(function); - /* Exit gracefully. */ - /* ignoring return value of NSS_Shutdown as code exits with 1*/ - (void) NSS_Shutdown(); - PR_Cleanup(); - exit(1); -} - -void -printSecurityInfo(PRFileDesc *fd) -{ - char * cp; /* bulk cipher name */ - char * ip; /* cert issuer DN */ - char * sp; /* cert subject DN */ - int op; /* High, Low, Off */ - int kp0; /* total key bits */ - int kp1; /* secret key bits */ - int result; - SSL3Statistics * ssl3stats = SSL_GetStatistics(); - - result = SSL_SecurityStatus(fd, &op, &cp, &kp0, &kp1, &ip, &sp); - if (result != SECSuccess) - return; - printf("bulk cipher %s, %d secret key bits, %d key bits, status: %d\n" - "subject DN: %s\n" - "issuer DN: %s\n", cp, kp1, kp0, op, sp, ip); - PR_Free(cp); - PR_Free(ip); - PR_Free(sp); - - printf("%ld cache hits; %ld cache misses, %ld cache not reusable\n", - ssl3stats->hch_sid_cache_hits, ssl3stats->hch_sid_cache_misses, - ssl3stats->hch_sid_cache_not_ok); - -} - - -/************************************************************************** -** Begin thread management routines and data. -**************************************************************************/ - -void -thread_wrapper(void * arg) -{ - GlobalThreadMgr *threadMGR = (GlobalThreadMgr *)arg; - perThread *slot = &threadMGR->threads[threadMGR->index]; - - /* wait for parent to finish launching us before proceeding. */ - PR_Lock(threadMGR->threadLock); - PR_Unlock(threadMGR->threadLock); - - slot->rv = (* slot->startFunc)(slot->a, slot->b); - - PR_Lock(threadMGR->threadLock); - slot->running = rs_zombie; - - /* notify the thread exit handler. */ - PR_NotifyCondVar(threadMGR->threadEndQ); - - PR_Unlock(threadMGR->threadLock); -} - -SECStatus -launch_thread(GlobalThreadMgr *threadMGR, - startFn *startFunc, - void *a, - int b) -{ - perThread *slot; - int i; - - if (!threadMGR->threadStartQ) { - threadMGR->threadLock = PR_NewLock(); - threadMGR->threadStartQ = PR_NewCondVar(threadMGR->threadLock); - threadMGR->threadEndQ = PR_NewCondVar(threadMGR->threadLock); - } - PR_Lock(threadMGR->threadLock); - while (threadMGR->numRunning >= MAX_THREADS) { - PR_WaitCondVar(threadMGR->threadStartQ, PR_INTERVAL_NO_TIMEOUT); - } - for (i = 0; i < threadMGR->numUsed; ++i) { - slot = &threadMGR->threads[i]; - if (slot->running == rs_idle) - break; - } - if (i >= threadMGR->numUsed) { - if (i >= MAX_THREADS) { - /* something's really wrong here. */ - PORT_Assert(i < MAX_THREADS); - PR_Unlock(threadMGR->threadLock); - return SECFailure; - } - ++(threadMGR->numUsed); - PORT_Assert(threadMGR->numUsed == i + 1); - slot = &threadMGR->threads[i]; - } - - slot->a = a; - slot->b = b; - slot->startFunc = startFunc; - - threadMGR->index = i; - - slot->prThread = PR_CreateThread(PR_USER_THREAD, - thread_wrapper, threadMGR, - PR_PRIORITY_NORMAL, PR_GLOBAL_THREAD, - PR_JOINABLE_THREAD, 0); - - if (slot->prThread == NULL) { - PR_Unlock(threadMGR->threadLock); - printf("Failed to launch thread!\n"); - return SECFailure; - } - - slot->inUse = 1; - slot->running = 1; - ++(threadMGR->numRunning); - PR_Unlock(threadMGR->threadLock); - printf("Launched thread in slot %d \n", threadMGR->index); - - return SECSuccess; -} - -SECStatus -reap_threads(GlobalThreadMgr *threadMGR) -{ - perThread * slot; - int i; - - if (!threadMGR->threadLock) - return 0; - PR_Lock(threadMGR->threadLock); - while (threadMGR->numRunning > 0) { - PR_WaitCondVar(threadMGR->threadEndQ, PR_INTERVAL_NO_TIMEOUT); - for (i = 0; i < threadMGR->numUsed; ++i) { - slot = &threadMGR->threads[i]; - if (slot->running == rs_zombie) { - /* Handle cleanup of thread here. */ - printf("Thread in slot %d returned %d\n", i, slot->rv); - - /* Now make sure the thread has ended OK. */ - PR_JoinThread(slot->prThread); - slot->running = rs_idle; - --threadMGR->numRunning; - - /* notify the thread launcher. */ - PR_NotifyCondVar(threadMGR->threadStartQ); - } - } - } - - /* Safety Sam sez: make sure count is right. */ - for (i = 0; i < threadMGR->numUsed; ++i) { - slot = &threadMGR->threads[i]; - if (slot->running != rs_idle) { - fprintf(stderr, "Thread in slot %d is in state %d!\n", - i, slot->running); - } - } - PR_Unlock(threadMGR->threadLock); - return 0; -} - -void -destroy_thread_data(GlobalThreadMgr *threadMGR) -{ - PORT_Memset(threadMGR->threads, 0, sizeof(threadMGR->threads)); - - if (threadMGR->threadEndQ) { - PR_DestroyCondVar(threadMGR->threadEndQ); - threadMGR->threadEndQ = NULL; - } - if (threadMGR->threadStartQ) { - PR_DestroyCondVar(threadMGR->threadStartQ); - threadMGR->threadStartQ = NULL; - } - if (threadMGR->threadLock) { - PR_DestroyLock(threadMGR->threadLock); - threadMGR->threadLock = NULL; - } -} - -/************************************************************************** -** End thread management routines. -**************************************************************************/ - -void -lockedVars_Init( lockedVars * lv) -{ - lv->count = 0; - lv->waiters = 0; - lv->lock = PR_NewLock(); - lv->condVar = PR_NewCondVar(lv->lock); -} - -void -lockedVars_Destroy( lockedVars * lv) -{ - PR_DestroyCondVar(lv->condVar); - lv->condVar = NULL; - - PR_DestroyLock(lv->lock); - lv->lock = NULL; -} - -void -lockedVars_WaitForDone(lockedVars * lv) -{ - PR_Lock(lv->lock); - while (lv->count > 0) { - PR_WaitCondVar(lv->condVar, PR_INTERVAL_NO_TIMEOUT); - } - PR_Unlock(lv->lock); -} - -int /* returns count */ -lockedVars_AddToCount(lockedVars * lv, int addend) -{ - int rv; - - PR_Lock(lv->lock); - rv = lv->count += addend; - if (rv <= 0) { - PR_NotifyCondVar(lv->condVar); - } - PR_Unlock(lv->lock); - return rv; -} diff --git a/security/nss/cmd/SSLsample/sslsample.h b/security/nss/cmd/SSLsample/sslsample.h deleted file mode 100644 index d33f0b66d..000000000 --- a/security/nss/cmd/SSLsample/sslsample.h +++ /dev/null @@ -1,177 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -#ifndef SSLSAMPLE_H -#define SSLSAMPLE_H - -/* Generic header files */ - -#include <stdio.h> -#include <string.h> - -/* NSPR header files */ - -#include "nspr.h" -#include "prerror.h" -#include "prnetdb.h" - -/* NSS header files */ - -#include "pk11func.h" -#include "secitem.h" -#include "ssl.h" -#include "certt.h" -#include "nss.h" -#include "secder.h" -#include "key.h" -#include "sslproto.h" - -/* Custom header files */ - -/* -#include "sslerror.h" -*/ - -#define BUFFER_SIZE 10240 - -/* Declare SSL cipher suites. */ - -extern int cipherSuites[]; -extern int ssl2CipherSuites[]; -extern int ssl3CipherSuites[]; - -/* Data buffer read from a socket. */ -typedef struct DataBufferStr { - char data[BUFFER_SIZE]; - int index; - int remaining; - int dataStart; - int dataEnd; -} DataBuffer; - -/* SSL callback routines. */ - -char * myPasswd(PK11SlotInfo *info, PRBool retry, void *arg); - -SECStatus myAuthCertificate(void *arg, PRFileDesc *socket, - PRBool checksig, PRBool isServer); - -SECStatus myBadCertHandler(void *arg, PRFileDesc *socket); - -SECStatus myHandshakeCallback(PRFileDesc *socket, void *arg); - -SECStatus myGetClientAuthData(void *arg, PRFileDesc *socket, - struct CERTDistNamesStr *caNames, - struct CERTCertificateStr **pRetCert, - struct SECKEYPrivateKeyStr **pRetKey); - -/* Disable all v2/v3 SSL ciphers. */ - -void disableAllSSLCiphers(void); - - -/* Error and information utilities. */ - -void errWarn(char *function); - -void exitErr(char *function); - -void printSecurityInfo(PRFileDesc *fd); - -/* Some simple thread management routines. */ - -#define MAX_THREADS 32 - -typedef SECStatus startFn(void *a, int b); - -typedef enum { rs_idle = 0, rs_running = 1, rs_zombie = 2 } runState; - -typedef struct perThreadStr { - PRFileDesc *a; - int b; - int rv; - startFn *startFunc; - PRThread *prThread; - PRBool inUse; - runState running; -} perThread; - -typedef struct GlobalThreadMgrStr { - PRLock *threadLock; - PRCondVar *threadStartQ; - PRCondVar *threadEndQ; - perThread threads[MAX_THREADS]; - int index; - int numUsed; - int numRunning; -} GlobalThreadMgr; - -void thread_wrapper(void * arg); - -SECStatus launch_thread(GlobalThreadMgr *threadMGR, - startFn *startFunc, void *a, int b); - -SECStatus reap_threads(GlobalThreadMgr *threadMGR); - -void destroy_thread_data(GlobalThreadMgr *threadMGR); - -/* Management of locked variables. */ - -struct lockedVarsStr { - PRLock * lock; - int count; - int waiters; - PRCondVar * condVar; -}; - -typedef struct lockedVarsStr lockedVars; - -void lockedVars_Init(lockedVars *lv); - -void lockedVars_Destroy(lockedVars *lv); - -void lockedVars_WaitForDone(lockedVars *lv); - -int lockedVars_AddToCount(lockedVars *lv, int addend); - -/* Buffer stuff. */ - -static const char stopCmd[] = { "GET /stop " }; -static const char defaultHeader[] = { - "HTTP/1.0 200 OK\r\n" - "Server: SSL sample server\r\n" - "Content-type: text/plain\r\n" - "\r\n" -}; - -#endif diff --git a/security/nss/cmd/addbuiltin/Makefile b/security/nss/cmd/addbuiltin/Makefile deleted file mode 100644 index 8650a607d..000000000 --- a/security/nss/cmd/addbuiltin/Makefile +++ /dev/null @@ -1,76 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - -include ../platlibs.mk - - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - - -include ../platrules.mk - diff --git a/security/nss/cmd/addbuiltin/addbuiltin.c b/security/nss/cmd/addbuiltin/addbuiltin.c deleted file mode 100644 index 86161c94a..000000000 --- a/security/nss/cmd/addbuiltin/addbuiltin.c +++ /dev/null @@ -1,357 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -/* - * Tool for converting builtin CA certs. - * - * $Id$ - */ - -#include "nss.h" -#include "cert.h" -#include "certdb.h" -#include "secutil.h" -#include "pk11func.h" - -void dumpbytes(unsigned char *buf, int len) -{ - int i; - for (i=0; i < len; i++) { - if ((i !=0) && ((i & 0xf) == 0)) { - printf("\n"); - } - printf("\\%03o",buf[i]); - } - printf("\n"); -} - -char *getTrustString(unsigned int trust) -{ - if (trust & CERTDB_TRUSTED) { - if (trust & CERTDB_TRUSTED_CA) { - return "CKT_NETSCAPE_TRUSTED_DELEGATOR|CKT_NETSCAPE_TRUSTED"; - } else { - return "CKT_NETSCAPE_TRUSTED"; - } - } else { - if (trust & CERTDB_TRUSTED_CA) { - return "CKT_NETSCAPE_TRUSTED_DELEGATOR"; - } else { - return "CKT_NETSCAPE_VALID"; - } - } - return "CKT_NETSCAPE_VALID"; /* not reached */ -} - -static const SEC_ASN1Template serialTemplate[] = { - { SEC_ASN1_INTEGER, offsetof(CERTCertificate,serialNumber) }, - { 0 } -}; - -static SECStatus -ConvertCertificate(SECItem *sdder, char *nickname, CERTCertTrust *trust) -{ - SECStatus rv = SECSuccess; - CERTCertificate *cert; - unsigned char sha1_hash[SHA1_LENGTH]; - unsigned char md5_hash[MD5_LENGTH]; - SECItem *serial = NULL; - - cert = CERT_DecodeDERCertificate(sdder, PR_FALSE, nickname); - if (!cert) { - return SECFailure; - } - serial = SEC_ASN1EncodeItem(NULL,NULL,cert,serialTemplate); - if (!serial) { - return SECFailure; - } - - printf("\n#\n# Certificate \"%s\"\n#\n",nickname); - printf("CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE\n"); - printf("CKA_TOKEN CK_BBOOL CK_TRUE\n"); - printf("CKA_PRIVATE CK_BBOOL CK_FALSE\n"); - printf("CKA_MODIFIABLE CK_BBOOL CK_FALSE\n"); - printf("CKA_LABEL UTF8 \"%s\"\n",nickname); - printf("CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509\n"); - printf("CKA_SUBJECT MULTILINE_OCTAL\n"); - dumpbytes(cert->derSubject.data,cert->derSubject.len); - printf("END\n"); - printf("CKA_ID UTF8 \"0\"\n"); - printf("CKA_ISSUER MULTILINE_OCTAL\n"); - dumpbytes(cert->derIssuer.data,cert->derIssuer.len); - printf("END\n"); - printf("CKA_SERIAL_NUMBER MULTILINE_OCTAL\n"); - dumpbytes(serial->data,serial->len); - printf("END\n"); - printf("CKA_VALUE MULTILINE_OCTAL\n"); - dumpbytes(sdder->data,sdder->len); - printf("END\n"); - - PK11_HashBuf(SEC_OID_SHA1, sha1_hash, sdder->data, sdder->len); - PK11_HashBuf(SEC_OID_MD5, md5_hash, sdder->data, sdder->len); - printf("\n# Trust for Certificate \"%s\"\n",nickname); - printf("CKA_CLASS CK_OBJECT_CLASS CKO_NETSCAPE_TRUST\n"); - printf("CKA_TOKEN CK_BBOOL CK_TRUE\n"); - printf("CKA_PRIVATE CK_BBOOL CK_FALSE\n"); - printf("CKA_MODIFIABLE CK_BBOOL CK_FALSE\n"); - printf("CKA_LABEL UTF8 \"%s\"\n",nickname); - printf("CKA_CERT_SHA1_HASH MULTILINE_OCTAL\n"); - dumpbytes(sha1_hash,SHA1_LENGTH); - printf("END\n"); - printf("CKA_CERT_MD5_HASH MULTILINE_OCTAL\n"); - dumpbytes(md5_hash,MD5_LENGTH); - printf("END\n"); - - printf("CKA_ISSUER MULTILINE_OCTAL\n"); - dumpbytes(cert->derIssuer.data,cert->derIssuer.len); - printf("END\n"); - printf("CKA_SERIAL_NUMBER MULTILINE_OCTAL\n"); - dumpbytes(serial->data,serial->len); - printf("END\n"); - - printf("CKA_TRUST_SERVER_AUTH CK_TRUST %s\n", - getTrustString(trust->sslFlags)); - printf("CKA_TRUST_EMAIL_PROTECTION CK_TRUST %s\n", - getTrustString(trust->emailFlags)); - printf("CKA_TRUST_CODE_SIGNING CK_TRUST %s\n", - getTrustString(trust->objectSigningFlags)); -#ifdef notdef - printf("CKA_TRUST_CLIENT_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED\n");*/ - printf("CKA_TRUST_DIGITAL_SIGNATURE CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR\n"); - printf("CKA_TRUST_NON_REPUDIATION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR\n"); - printf("CKA_TRUST_KEY_ENCIPHERMENT CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR\n"); - printf("CKA_TRUST_DATA_ENCIPHERMENT CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR\n"); - printf("CKA_TRUST_KEY_AGREEMENT CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR\n"); - printf("CKA_TRUST_KEY_CERT_SIGN CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR\n"); -#endif - - - PORT_Free(sdder->data); - return(rv); - -} - -printheader() { - printf("# \n" - "# The contents of this file are subject to the Mozilla Public\n" - "# License Version 1.1 (the \"License\"); you may not use this file\n" - "# except in compliance with the License. You may obtain a copy of\n" - "# the License at http://www.mozilla.org/MPL/\n" - "# \n" - "# Software distributed under the License is distributed on an \"AS\n" - "# IS\" basis, WITHOUT WARRANTY OF ANY KIND, either express or\n" - "# implied. See the License for the specific language governing\n" - "# rights and limitations under the License.\n" - "# \n" - "# The Original Code is the Netscape security libraries.\n" - "# \n" - "# The Initial Developer of the Original Code is Netscape\n" - "# Communications Corporation. Portions created by Netscape are \n" - "# Copyright (C) 1994-2000 Netscape Communications Corporation. All\n" - "# Rights Reserved.\n" - "# \n" - "# Contributor(s):\n" - "# \n" - "# Alternatively, the contents of this file may be used under the\n" - "# terms of the GNU General Public License Version 2 or later (the\n" - "# \"GPL\"), in which case the provisions of the GPL are applicable \n" - "# instead of those above. If you wish to allow use of your \n" - "# version of this file only under the terms of the GPL and not to\n" - "# allow others to use your version of this file under the MPL,\n" - "# indicate your decision by deleting the provisions above and\n" - "# replace them with the notice and other provisions required by\n" - "# the GPL. If you do not delete the provisions above, a recipient\n" - "# may use your version of this file under either the MPL or the\n" - "# GPL.\n" - "#\n" - "CVS_ID \"@(#) $RCSfile$ $Revision$ $Date$ $Name$\"\n" - "\n" - "#\n" - "# certdata.txt\n" - "#\n" - "# This file contains the object definitions for the certs and other\n" - "# information \"built into\" NSS.\n" - "#\n" - "# Object definitions:\n" - "#\n" - "# Certificates\n" - "#\n" - "# -- Attribute -- -- type -- -- value --\n" - "# CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE\n" - "# CKA_TOKEN CK_BBOOL CK_TRUE\n" - "# CKA_PRIVATE CK_BBOOL CK_FALSE\n" - "# CKA_MODIFIABLE CK_BBOOL CK_FALSE\n" - "# CKA_LABEL UTF8 (varies)\n" - "# CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509\n" - "# CKA_SUBJECT DER+base64 (varies)\n" - "# CKA_ID byte array (varies)\n" - "# CKA_ISSUER DER+base64 (varies)\n" - "# CKA_SERIAL_NUMBER DER+base64 (varies)\n" - "# CKA_VALUE DER+base64 (varies)\n" - "# CKA_NETSCAPE_EMAIL ASCII7 (unused here)\n" - "#\n" - "# Trust\n" - "#\n" - "# -- Attribute -- -- type -- -- value --\n" - "# CKA_CLASS CK_OBJECT_CLASS CKO_TRUST\n" - "# CKA_TOKEN CK_BBOOL CK_TRUE\n" - "# CKA_PRIVATE CK_BBOOL CK_FALSE\n" - "# CKA_MODIFIABLE CK_BBOOL CK_FALSE\n" - "# CKA_LABEL UTF8 (varies)\n" - "# CKA_ISSUER DER+base64 (varies)\n" - "# CKA_SERIAL_NUMBER DER+base64 (varies)\n" - "# CKA_CERT_HASH binary+base64 (varies)\n" - "# CKA_EXPIRES CK_DATE (not used here)\n" - "# CKA_TRUST_DIGITAL_SIGNATURE CK_TRUST (varies)\n" - "# CKA_TRUST_NON_REPUDIATION CK_TRUST (varies)\n" - "# CKA_TRUST_KEY_ENCIPHERMENT CK_TRUST (varies)\n" - "# CKA_TRUST_DATA_ENCIPHERMENT CK_TRUST (varies)\n" - "# CKA_TRUST_KEY_AGREEMENT CK_TRUST (varies)\n" - "# CKA_TRUST_KEY_CERT_SIGN CK_TRUST (varies)\n" - "# CKA_TRUST_CRL_SIGN CK_TRUST (varies)\n" - "# CKA_TRUST_SERVER_AUTH CK_TRUST (varies)\n" - "# CKA_TRUST_CLIENT_AUTH CK_TRUST (varies)\n" - "# CKA_TRUST_CODE_SIGNING CK_TRUST (varies)\n" - "# CKA_TRUST_EMAIL_PROTECTION CK_TRUST (varies)\n" - "# CKA_TRUST_IPSEC_END_SYSTEM CK_TRUST (varies)\n" - "# CKA_TRUST_IPSEC_TUNNEL CK_TRUST (varies)\n" - "# CKA_TRUST_IPSEC_USER CK_TRUST (varies)\n" - "# CKA_TRUST_TIME_STAMPING CK_TRUST (varies)\n" - "# (other trust attributes can be defined)\n" - "#\n" - "\n" - "#\n" - "# The object to tell NSS that this is a root list and we don't\n" - "# have to go looking for others.\n" - "#\n" - "BEGINDATA\n" - "CKA_CLASS CK_OBJECT_CLASS CKO_NETSCAPE_BUILTIN_ROOT_LIST\n" - "CKA_TOKEN CK_BBOOL CK_TRUE\n" - "CKA_PRIVATE CK_BBOOL CK_FALSE\n" - "CKA_MODIFIABLE CK_BBOOL CK_FALSE\n" - "CKA_LABEL UTF8 \"Mozilla Builtin Roots\"\n"); -} - -static void Usage(char *progName) -{ - fprintf(stderr, "%s -n nickname -t trust\n", progName); - fprintf(stderr, - "read a der-encoded cert from stdin in, and output\n" - "it to stdout in a format suitable for the builtin root module.\n" - "example: %s -n MyCA -t \"C,C,C\" < myca.der >> certdata.txt\n" - "(pipe through atob if the cert is b64-encoded)\n"); - fprintf(stderr, "%15s nickname to assign to builtin cert.\n", - "-n nickname"); - fprintf(stderr, "%15s default trust flags (cCTpPuw).\n", - "-t trust"); - exit(-1); -} - -enum { - opt_Input = 0, - opt_Nickname, - opt_Trust -}; - -static secuCommandFlag addbuiltin_options[] = -{ - { /* opt_Input */ 'i', PR_TRUE, 0, PR_FALSE }, - { /* opt_Nickname */ 'n', PR_TRUE, 0, PR_FALSE }, - { /* opt_Trust */ 't', PR_TRUE, 0, PR_FALSE } -}; - -main(int argc, char **argv) -{ - SECStatus rv; - char *nickname; - char *trusts; - char *progName; - PRFileDesc *infile; - CERTCertTrust trust = { 0 }; - SECItem derCert = { 0 }; - - secuCommand addbuiltin = { 0 }; - addbuiltin.numOptions = sizeof(addbuiltin_options)/sizeof(secuCommandFlag); - addbuiltin.options = addbuiltin_options; - - progName = strrchr(argv[0], '/'); - progName = progName ? progName+1 : argv[0]; - - rv = SECU_ParseCommandLine(argc, argv, progName, &addbuiltin); - - if (rv != SECSuccess) - Usage(progName); - - if (!addbuiltin.options[opt_Nickname].activated && - !addbuiltin.options[opt_Trust].activated) { - fprintf(stderr, "%s: you must specify both a nickname and trust.\n"); - Usage(progName); - } - - if (addbuiltin.options[opt_Input].activated) { - infile = PR_Open(addbuiltin.options[opt_Input].arg, PR_RDONLY, 00660); - if (!infile) { - fprintf(stderr, "%s: failed to open input file.\n"); - exit(1); - } - } else { - infile = PR_STDIN; - } - - nickname = strdup(addbuiltin.options[opt_Nickname].arg); - trusts = strdup(addbuiltin.options[opt_Trust].arg); - - NSS_NoDB_Init(NULL); - - rv = CERT_DecodeTrustString(&trust, trusts); - if (rv) { - fprintf(stderr, "%s: incorrectly formatted trust string.\n", progName); - Usage(progName); - } - - SECU_FileToItem(&derCert, infile); - - /*printheader();*/ - - rv = ConvertCertificate(&derCert, nickname, &trust); - if (rv) { - fprintf(stderr, "%s: failed to convert certificate.\n", progName); - exit(1); - } - - if (NSS_Shutdown() != SECSuccess) { - exit(1); - } - - return(SECSuccess); -} diff --git a/security/nss/cmd/addbuiltin/manifest.mn b/security/nss/cmd/addbuiltin/manifest.mn deleted file mode 100644 index b800ed92a..000000000 --- a/security/nss/cmd/addbuiltin/manifest.mn +++ /dev/null @@ -1,49 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -CORE_DEPTH = ../../.. - -# MODULE public and private header directories are implicitly REQUIRED. -MODULE = nss - -CSRCS = \ - addbuiltin.c \ - $(NULL) - -# The MODULE is always implicitly required. -# Listing it here in REQUIRES makes it appear twice in the cc command line. -REQUIRES = dbm seccmd - -PROGRAM = addbuiltin - -USE_STATIC_LIBS = 1 diff --git a/security/nss/cmd/atob/Makefile b/security/nss/cmd/atob/Makefile deleted file mode 100644 index ff6f06e7e..000000000 --- a/security/nss/cmd/atob/Makefile +++ /dev/null @@ -1,76 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - -include ../platlibs.mk - - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - - -include ../platrules.mk - diff --git a/security/nss/cmd/atob/atob.c b/security/nss/cmd/atob/atob.c deleted file mode 100644 index 8d632b6bf..000000000 --- a/security/nss/cmd/atob/atob.c +++ /dev/null @@ -1,177 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -#include "plgetopt.h" -#include "secutil.h" -#include "nssb64.h" -#include <errno.h> - -#if defined(XP_WIN) || (defined(__sun) && !defined(SVR4)) -#if !defined(WIN32) -extern int fread(char *, size_t, size_t, FILE*); -extern int fwrite(char *, size_t, size_t, FILE*); -extern int fprintf(FILE *, char *, ...); -#endif -#endif - -#if defined(WIN32) -#include "fcntl.h" -#include "io.h" -#endif - -static PRInt32 -output_binary (void *arg, const unsigned char *obuf, PRInt32 size) -{ - FILE *outFile = arg; - int nb; - - nb = fwrite(obuf, 1, size, outFile); - if (nb != size) { - PORT_SetError(SEC_ERROR_IO); - return -1; - } - - return nb; -} - -static SECStatus -decode_file(FILE *outFile, FILE *inFile) -{ - NSSBase64Decoder *cx; - int nb; - SECStatus status = SECFailure; - char ibuf[4096]; - - cx = NSSBase64Decoder_Create(output_binary, outFile); - if (!cx) { - return -1; - } - - for (;;) { - if (feof(inFile)) break; - nb = fread(ibuf, 1, sizeof(ibuf), inFile); - if (nb != sizeof(ibuf)) { - if (nb == 0) { - if (ferror(inFile)) { - PORT_SetError(SEC_ERROR_IO); - goto loser; - } - /* eof */ - break; - } - } - - status = NSSBase64Decoder_Update(cx, ibuf, nb); - if (status != SECSuccess) goto loser; - } - - return NSSBase64Decoder_Destroy(cx, PR_FALSE); - - loser: - (void) NSSBase64Decoder_Destroy(cx, PR_TRUE); - return status; -} - -static void Usage(char *progName) -{ - fprintf(stderr, - "Usage: %s [-i input] [-o output]\n", - progName); - fprintf(stderr, "%-20s Define an input file to use (default is stdin)\n", - "-i input"); - fprintf(stderr, "%-20s Define an output file to use (default is stdout)\n", - "-o output"); - exit(-1); -} - -int main(int argc, char **argv) -{ - char *progName; - SECStatus rv; - FILE *inFile, *outFile; - PLOptState *optstate; - PLOptStatus status; - - inFile = 0; - outFile = 0; - progName = strrchr(argv[0], '/'); - progName = progName ? progName+1 : argv[0]; - - /* Parse command line arguments */ - optstate = PL_CreateOptState(argc, argv, "i:o:"); - while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) { - switch (optstate->option) { - case '?': - Usage(progName); - break; - - case 'i': - inFile = fopen(optstate->value, "r"); - if (!inFile) { - fprintf(stderr, "%s: unable to open \"%s\" for reading\n", - progName, optstate->value); - return -1; - } - break; - - case 'o': - outFile = fopen(optstate->value, "wb"); - if (!outFile) { - fprintf(stderr, "%s: unable to open \"%s\" for writing\n", - progName, optstate->value); - return -1; - } - break; - } - } - if (!inFile) inFile = stdin; - if (!outFile) { -#if defined(WIN32) - int smrv = _setmode(_fileno(stdout), _O_BINARY); - if (smrv == -1) { - fprintf(stderr, - "%s: Cannot change stdout to binary mode. Use -o option instead.\n", - progName); - return smrv; - } -#endif - outFile = stdout; - } - rv = decode_file(outFile, inFile); - if (rv != SECSuccess) { - fprintf(stderr, "%s: lossage: error=%d errno=%d\n", - progName, PORT_GetError(), errno); - return -1; - } - return 0; -} diff --git a/security/nss/cmd/atob/makefile.win b/security/nss/cmd/atob/makefile.win deleted file mode 100644 index ecccc7bf3..000000000 --- a/security/nss/cmd/atob/makefile.win +++ /dev/null @@ -1,155 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -VERBOSE = 1 -include <manifest.mn> - -#cannot define PROGRAM in manifest compatibly with NT and UNIX -PROGRAM = atob -PROGRAM = ./$(OBJDIR)/$(PROGRAM).exe -include <$(DEPTH)\config\config.mak> - -# let manifest generate C_OBJS, it will prepend ./$(OBJDIR)/ -# rules.mak will append C_OBJS onto OBJS. -# OBJS = $(CSRCS:.c=.obj) - -# include files are looked for in $LINCS and $INCS. -# $LINCS is in manifest.mnw, computed from REQUIRES= -INCS = $(INCS) \ - -I$(DEPTH)/security/lib/cert \ - -I../include \ - $(NULL) - -IGNORE_ME = \ - -I$(DEPTH)/security/lib/key \ - -I$(DEPTH)/security/lib/util \ - $(NULL) - - -WINFE = $(DEPTH)/cmd/winfe/mkfiles$(MOZ_BITS)/x86Dbg - -# these files are the content of libdbm -DBM_LIB = \ - $(WINFE)/DB.obj \ - $(WINFE)/HASH.obj \ - $(WINFE)/H_BIGKEY.obj \ - $(WINFE)/H_PAGE.obj \ - $(WINFE)/H_LOG2.obj \ - $(WINFE)/H_FUNC.obj \ - $(WINFE)/HASH_BUF.obj \ - $(NULL) - -MOZ_LIBS = \ - $(WINFE)/ALLXPSTR.obj \ - $(WINFE)/XP_ERROR.obj \ - $(WINFE)/XPASSERT.obj \ - $(WINFE)/XP_REG.obj \ - $(WINFE)/XP_TRACE.obj \ - $(DBM_LIB) \ - $(WINFE)/XP_STR.obj \ - $(WINFE)/MKTEMP.obj \ - $(NULL) - -SEC_LIBS = \ - $(DIST)/lib/cert$(MOZ_BITS).lib \ - $(DIST)/lib/crypto$(MOZ_BITS).lib \ - $(DIST)/lib/hash$(MOZ_BITS).lib \ - $(DIST)/lib/key$(MOZ_BITS).lib \ - $(DIST)/lib/pkcs7$(MOZ_BITS).lib \ - $(DIST)/lib/secmod$(MOZ_BITS).lib \ - $(DIST)/lib/secutl$(MOZ_BITS).lib \ - $(DIST)/lib/ssl$(MOZ_BITS).lib \ - $(NULL) - -LLFLAGS = $(LLFLAGS) \ - ../lib/$(OBJDIR)/sectool$(MOZ_BITS).lib \ - $(SEC_LIBS) \ - $(MOZ_LIBS) \ - $(DEPTH)/nspr/src/$(OBJDIR)/getopt.obj \ - $(LIBNSPR) \ - $(NULL) - - -# awt3240.lib # brpref32.lib # cert32.lib -# crypto32.lib # dllcom.lib # editor32.lib -# edpref32.lib # edtplug.lib # font.lib -# hash32.lib # htmldg32.lib # img32.lib -# javart32.lib # jbn3240.lib # jdb3240.lib -# jmc.lib # jpeg3240.lib # jpw3240.lib -# jrt3240.lib # js3240.lib # jsd3240.lib -# key32.lib # libapplet32.lib # libnjs32.lib -# libnsc32.lib # libreg32.lib # mm3240.lib -# mnpref32.lib # netcst32.lib # nsdlg32.lib -# nsldap32.lib # nsldaps32.lib # nsn32.lib -# pkcs1232.lib # pkcs732.lib # pr3240.lib -# prefui32.lib # prefuuid.lib # secmod32.lib -# secnav32.lib # secutl32.lib # softup32.lib -# sp3240.lib # ssl32.lib # uni3200.lib -# unicvt32.lib # win32md.lib # winfont.lib -# xppref32.lib # zlib32.lib - -include <$(DEPTH)\config\rules.mak> - -INSTALL = $(MAKE_INSTALL) - -objs: $(OBJS) - -$(PROGRAM):: - $(INSTALL) $(DIST)/bin/pr3240.dll ./$(OBJDIR) - -programs: $(PROGRAM) - -install:: $(TARGETS) - $(INSTALL) $(TARGETS) $(DIST)/bin - -# ALLXPSTR.obj XP_ALLOC.obj XP_HASH.obj XP_RGB.obj XP_WRAP.obj -# CXPRINT.obj XP_C.cl XP_LIST.obj XP_SEC.obj netscape.exp -# CXPRNDLG.obj XP_CNTXT.obj XP_MD5.obj XP_STR.obj xp.pch -# EXPORT.obj XP_CORE.obj XP_MESG.obj XP_THRMO.obj xppref32.dll -# XPASSERT.obj XP_ERROR.obj XP_RECT.obj XP_TIME.obj -# XPLOCALE.obj XP_FILE.obj XP_REG.obj XP_TRACE.obj - - -symbols: - @echo "CSRCS = $(CSRCS)" - @echo "INCS = $(INCS)" - @echo "OBJS = $(OBJS)" - @echo "LIBRARY = $(LIBRARY)" - @echo "PROGRAM = $(PROGRAM)" - @echo "TARGETS = $(TARGETS)" - @echo "DIST = $(DIST)" - @echo "VERSION_NUMBER = $(VERSION_NUMBER)" - @echo "WINFE = $(WINFE)" - @echo "DBM_LIB = $(DBM_LIB)" - @echo "INSTALL = $(INSTALL)" - diff --git a/security/nss/cmd/atob/manifest.mn b/security/nss/cmd/atob/manifest.mn deleted file mode 100644 index f6c20bf19..000000000 --- a/security/nss/cmd/atob/manifest.mn +++ /dev/null @@ -1,50 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -CORE_DEPTH = ../../.. - -# MODULE public and private header directories are implicitly REQUIRED. -MODULE = nss - -# This next line is used by .mk files -# and gets translated into $LINCS in manifest.mnw -# The MODULE is always implicitly required. -# Listing it here in REQUIRES makes it appear twice in the cc command line. -REQUIRES = seccmd dbm - -DEFINES = -DNSPR20 - -CSRCS = atob.c - -PROGRAM = atob - diff --git a/security/nss/cmd/bltest/Makefile b/security/nss/cmd/bltest/Makefile deleted file mode 100644 index c99a3c017..000000000 --- a/security/nss/cmd/bltest/Makefile +++ /dev/null @@ -1,82 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn -#MKPROG = purify -cache-dir=/u/mcgreer/pcache -best-effort \ -# -always-use-cache-dir $(CC) - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - -include ../platlibs.mk - -#EXTRA_SHARED_LIBS += \ -# -L/usr/lib \ -# -lposix4 \ -# $(NULL) - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - -include ../platrules.mk diff --git a/security/nss/cmd/bltest/blapitest.c b/security/nss/cmd/bltest/blapitest.c deleted file mode 100644 index 336cdd660..000000000 --- a/security/nss/cmd/bltest/blapitest.c +++ /dev/null @@ -1,3073 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * Douglas Stebila <douglas@stebila.ca>, Sun Microsystems Laboratories - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -#include <stdio.h> -#include <stdlib.h> - -#include "blapi.h" -#include "secrng.h" -#include "prmem.h" -#include "prprf.h" -#include "prtime.h" -#include "prsystem.h" -#include "plstr.h" -#include "nssb64.h" -#include "secutil.h" -#include "plgetopt.h" -#include "softoken.h" -#include "nss.h" - -#ifdef NSS_ENABLE_ECC -#include "ecl-curve.h" -SECStatus EC_DecodeParams(const SECItem *encodedParams, - ECParams **ecparams); -SECStatus EC_CopyParams(PRArenaPool *arena, ECParams *dstParams, - const ECParams *srcParams); -SECStatus secoid_Init(void); -#endif - -/* Temporary - add debugging ouput on windows for RSA to track QA failure */ -#ifdef _WIN32 -#define TRACK_BLTEST_BUG - char __bltDBG[] = "BLTEST DEBUG"; -#endif - -char *progName; -char *testdir = NULL; - -#define BLTEST_DEFAULT_CHUNKSIZE 4096 - -#define WORDSIZE sizeof(unsigned long) - -#define CHECKERROR(rv, ln) \ - if (rv) { \ - PRErrorCode prerror = PR_GetError(); \ - PR_fprintf(PR_STDERR, "%s: ERR %d (%s) at line %d.\n", progName, \ - prerror, SECU_Strerror(prerror), ln); \ - exit(-1); \ - } - -/* Macros for performance timing. */ -#define TIMESTART() \ - time1 = PR_IntervalNow(); - -#define TIMEFINISH(time, reps) \ - time2 = (PRIntervalTime)(PR_IntervalNow() - time1); \ - time1 = PR_IntervalToMilliseconds(time2); \ - time = ((double)(time1))/reps; - -static void Usage() -{ -#define PRINTUSAGE(subject, option, predicate) \ - fprintf(stderr, "%10s %s\t%s\n", subject, option, predicate); - fprintf(stderr, "\n"); - PRINTUSAGE(progName, "[-DEHSV]", "List available cipher modes"); /* XXX */ - fprintf(stderr, "\n"); - PRINTUSAGE(progName, "-E -m mode ", "Encrypt a buffer"); - PRINTUSAGE("", "", "[-i plaintext] [-o ciphertext] [-k key] [-v iv]"); - PRINTUSAGE("", "", "[-b bufsize] [-g keysize] [-e exp] [-r rounds]"); - PRINTUSAGE("", "", "[-w wordsize] [-p repetitions]"); - PRINTUSAGE("", "-m", "cipher mode to use"); - PRINTUSAGE("", "-i", "file which contains input buffer"); - PRINTUSAGE("", "-o", "file for output buffer"); - PRINTUSAGE("", "-k", "file which contains key"); - PRINTUSAGE("", "-v", "file which contains initialization vector"); - PRINTUSAGE("", "-b", "size of input buffer"); - PRINTUSAGE("", "-g", "key size (in bytes)"); - PRINTUSAGE("", "-p", "do performance test"); - PRINTUSAGE("(rsa)", "-e", "rsa public exponent"); - PRINTUSAGE("(rc5)", "-r", "number of rounds"); - PRINTUSAGE("(rc5)", "-w", "wordsize (32 or 64)"); - fprintf(stderr, "\n"); - PRINTUSAGE(progName, "-D -m mode", "Decrypt a buffer"); - PRINTUSAGE("", "", "[-i plaintext] [-o ciphertext] [-k key] [-v iv]"); - PRINTUSAGE("", "", "[-p repetitions]"); - PRINTUSAGE("", "-m", "cipher mode to use"); - PRINTUSAGE("", "-i", "file which contains input buffer"); - PRINTUSAGE("", "-o", "file for output buffer"); - PRINTUSAGE("", "-k", "file which contains key"); - PRINTUSAGE("", "-v", "file which contains initialization vector"); - PRINTUSAGE("", "-p", "do performance test"); - fprintf(stderr, "\n"); - PRINTUSAGE(progName, "-H -m mode", "Hash a buffer"); - PRINTUSAGE("", "", "[-i plaintext] [-o hash]"); - PRINTUSAGE("", "", "[-b bufsize]"); - PRINTUSAGE("", "", "[-p repetitions]"); - PRINTUSAGE("", "-m", "cipher mode to use"); - PRINTUSAGE("", "-i", "file which contains input buffer"); - PRINTUSAGE("", "-o", "file for hash"); - PRINTUSAGE("", "-b", "size of input buffer"); - PRINTUSAGE("", "-p", "do performance test"); - fprintf(stderr, "\n"); - PRINTUSAGE(progName, "-S -m mode", "Sign a buffer"); - PRINTUSAGE("", "", "[-i plaintext] [-o signature] [-k key]"); - PRINTUSAGE("", "", "[-b bufsize]"); -#ifdef NSS_ENABLE_ECC - PRINTUSAGE("", "", "[-n curvename]"); -#endif - PRINTUSAGE("", "", "[-p repetitions]"); - PRINTUSAGE("", "-m", "cipher mode to use"); - PRINTUSAGE("", "-i", "file which contains input buffer"); - PRINTUSAGE("", "-o", "file for signature"); - PRINTUSAGE("", "-k", "file which contains key"); -#ifdef NSS_ENABLE_ECC - PRINTUSAGE("", "-n", "name of curve for EC key generation; one of:"); - PRINTUSAGE("", "", " sect163k1, nistk163, sect163r1, sect163r2,"); - PRINTUSAGE("", "", " nistb163, sect193r1, sect193r2, sect233k1, nistk233,"); - PRINTUSAGE("", "", " sect233r1, nistb233, sect239k1, sect283k1, nistk283,"); - PRINTUSAGE("", "", " sect283r1, nistb283, sect409k1, nistk409, sect409r1,"); - PRINTUSAGE("", "", " nistb409, sect571k1, nistk571, sect571r1, nistb571,"); - PRINTUSAGE("", "", " secp169k1, secp160r1, secp160r2, secp192k1, secp192r1,"); - PRINTUSAGE("", "", " nistp192, secp224k1, secp224r1, nistp224, secp256k1,"); - PRINTUSAGE("", "", " secp256r1, nistp256, secp384r1, nistp384, secp521r1,"); - PRINTUSAGE("", "", " nistp521, prime192v1, prime192v2, prime192v3,"); - PRINTUSAGE("", "", " prime239v1, prime239v2, prime239v3, c2pnb163v1,"); - PRINTUSAGE("", "", " c2pnb163v2, c2pnb163v3, c2pnb176v1, c2tnb191v1,"); - PRINTUSAGE("", "", " c2tnb191v2, c2tnb191v3, c2onb191v4, c2onb191v5,"); - PRINTUSAGE("", "", " c2pnb208w1, c2tnb239v1, c2tnb239v2, c2tnb239v3,"); - PRINTUSAGE("", "", " c2onb239v4, c2onb239v5, c2pnb272w1, c2pnb304w1,"); - PRINTUSAGE("", "", " c2tnb359w1, c2pnb368w1, c2tnb431r1, secp112r1,"); - PRINTUSAGE("", "", " secp112r2, secp128r1, secp128r2, sect113r1, sect113r2,"); - PRINTUSAGE("", "", " sect131r1, sect131r2"); -#endif - PRINTUSAGE("", "-p", "do performance test"); - fprintf(stderr, "\n"); - PRINTUSAGE(progName, "-V -m mode", "Verify a signed buffer"); - PRINTUSAGE("", "", "[-i plaintext] [-s signature] [-k key]"); - PRINTUSAGE("", "", "[-p repetitions]"); - PRINTUSAGE("", "-m", "cipher mode to use"); - PRINTUSAGE("", "-i", "file which contains input buffer"); - PRINTUSAGE("", "-s", "file which contains signature of input buffer"); - PRINTUSAGE("", "-k", "file which contains key"); - PRINTUSAGE("", "-p", "do performance test"); - fprintf(stderr, "\n"); - PRINTUSAGE(progName, "-N -m mode -b bufsize", - "Create a nonce plaintext and key"); - PRINTUSAGE("", "", "[-g keysize] [-u cxreps]"); - PRINTUSAGE("", "-g", "key size (in bytes)"); - PRINTUSAGE("", "-u", "number of repetitions of context creation"); - fprintf(stderr, "\n"); - PRINTUSAGE(progName, "-F", "Run the FIPS self-test"); - fprintf(stderr, "\n"); - PRINTUSAGE(progName, "-T [-m mode1,mode2...]", "Run the BLAPI self-test"); - fprintf(stderr, "\n"); - exit(1); -} - -/* Helper functions for ascii<-->binary conversion/reading/writing */ - -/* XXX argh */ -struct item_with_arena { - SECItem *item; - PRArenaPool *arena; -}; - -static PRInt32 -get_binary(void *arg, const unsigned char *ibuf, PRInt32 size) -{ - struct item_with_arena *it = arg; - SECItem *binary = it->item; - SECItem *tmp; - int index; - if (binary->data == NULL) { - tmp = SECITEM_AllocItem(it->arena, NULL, size); - binary->data = tmp->data; - binary->len = tmp->len; - index = 0; - } else { - SECITEM_ReallocItem(NULL, binary, binary->len, binary->len + size); - index = binary->len; - } - PORT_Memcpy(&binary->data[index], ibuf, size); - return binary->len; -} - -static SECStatus -atob(SECItem *ascii, SECItem *binary, PRArenaPool *arena) -{ - SECStatus status; - NSSBase64Decoder *cx; - struct item_with_arena it; - int len; - binary->data = NULL; - binary->len = 0; - it.item = binary; - it.arena = arena; - len = (strcmp(&ascii->data[ascii->len-2],"\r\n")) ? - ascii->len : ascii->len-2; - cx = NSSBase64Decoder_Create(get_binary, &it); - status = NSSBase64Decoder_Update(cx, (const char *)ascii->data, len); - status = NSSBase64Decoder_Destroy(cx, PR_FALSE); - return status; -} - -static PRInt32 -output_ascii(void *arg, const char *obuf, PRInt32 size) -{ - PRFileDesc *outfile = arg; - PRInt32 nb = PR_Write(outfile, obuf, size); - if (nb != size) { - PORT_SetError(SEC_ERROR_IO); - return -1; - } - return nb; -} - -static SECStatus -btoa_file(SECItem *binary, PRFileDesc *outfile) -{ - SECStatus status; - NSSBase64Encoder *cx; - SECItem ascii; - ascii.data = NULL; - ascii.len = 0; - if (binary->len == 0) - return SECSuccess; - cx = NSSBase64Encoder_Create(output_ascii, outfile); - status = NSSBase64Encoder_Update(cx, binary->data, binary->len); - status = NSSBase64Encoder_Destroy(cx, PR_FALSE); - status = PR_Write(outfile, "\r\n", 2); - return status; -} - -SECStatus -hex_from_2char(unsigned char *c2, unsigned char *byteval) -{ - int i; - unsigned char offset; - *byteval = 0; - for (i=0; i<2; i++) { - if (c2[i] >= '0' && c2[i] <= '9') { - offset = c2[i] - '0'; - *byteval |= offset << 4*(1-i); - } else if (c2[i] >= 'a' && c2[i] <= 'f') { - offset = c2[i] - 'a'; - *byteval |= (offset + 10) << 4*(1-i); - } else if (c2[i] >= 'A' && c2[i] <= 'F') { - offset = c2[i] - 'A'; - *byteval |= (offset + 10) << 4*(1-i); - } else { - return SECFailure; - } - } - return SECSuccess; -} - -SECStatus -char2_from_hex(unsigned char byteval, unsigned char *c2) -{ - int i; - unsigned char offset; - for (i=0; i<2; i++) { - offset = (byteval >> 4*(1-i)) & 0x0f; - if (offset < 10) { - c2[i] = '0' + offset; - } else { - c2[i] = 'A' + offset - 10; - } - } - return SECSuccess; -} - -void -serialize_key(SECItem *it, int ni, PRFileDesc *file) -{ - unsigned char len[4]; - int i; - SECStatus status; - NSSBase64Encoder *cx; - SECItem ascii; - ascii.data = NULL; - ascii.len = 0; - cx = NSSBase64Encoder_Create(output_ascii, file); - for (i=0; i<ni; i++, it++) { - len[0] = (it->len >> 24) & 0xff; - len[1] = (it->len >> 16) & 0xff; - len[2] = (it->len >> 8) & 0xff; - len[3] = (it->len & 0xff); - status = NSSBase64Encoder_Update(cx, len, 4); - status = NSSBase64Encoder_Update(cx, it->data, it->len); - } - status = NSSBase64Encoder_Destroy(cx, PR_FALSE); - status = PR_Write(file, "\r\n", 2); -} - -void -key_from_filedata(PRArenaPool *arena, SECItem *it, int ns, int ni, SECItem *filedata) -{ - int fpos = 0; - int i, len; - unsigned char *buf = filedata->data; - for (i=0; i<ni; i++) { - len = (buf[fpos++] & 0xff) << 24; - len |= (buf[fpos++] & 0xff) << 16; - len |= (buf[fpos++] & 0xff) << 8; - len |= (buf[fpos++] & 0xff); - if (ns <= i) { - if (len > 0) { - it->len = len; - it->data = PORT_ArenaAlloc(arena, it->len); - PORT_Memcpy(it->data, &buf[fpos], it->len); - } else { - it->len = 0; - it->data = NULL; - } - it++; - } - fpos += len; - } -} - -static RSAPrivateKey * -rsakey_from_filedata(SECItem *filedata) -{ - RSAPrivateKey *key; - PRArenaPool *arena; - arena = PORT_NewArena(BLTEST_DEFAULT_CHUNKSIZE); - key = (RSAPrivateKey *)PORT_ArenaZAlloc(arena, sizeof(RSAPrivateKey)); - key->arena = arena; - key_from_filedata(arena, &key->version, 0, 9, filedata); - return key; -} - -static PQGParams * -pqg_from_filedata(SECItem *filedata) -{ - PQGParams *pqg; - PRArenaPool *arena; - arena = PORT_NewArena(BLTEST_DEFAULT_CHUNKSIZE); - pqg = (PQGParams *)PORT_ArenaZAlloc(arena, sizeof(PQGParams)); - pqg->arena = arena; - key_from_filedata(arena, &pqg->prime, 0, 3, filedata); - return pqg; -} - -static DSAPrivateKey * -dsakey_from_filedata(SECItem *filedata) -{ - DSAPrivateKey *key; - PRArenaPool *arena; - arena = PORT_NewArena(BLTEST_DEFAULT_CHUNKSIZE); - key = (DSAPrivateKey *)PORT_ArenaZAlloc(arena, sizeof(DSAPrivateKey)); - key->params.arena = arena; - key_from_filedata(arena, &key->params.prime, 0, 5, filedata); - return key; -} - -#ifdef NSS_ENABLE_ECC -static ECPrivateKey * -eckey_from_filedata(SECItem *filedata) -{ - ECPrivateKey *key; - PRArenaPool *arena; - SECStatus rv; - ECParams *tmpECParams = NULL; - arena = PORT_NewArena(BLTEST_DEFAULT_CHUNKSIZE); - key = (ECPrivateKey *)PORT_ArenaZAlloc(arena, sizeof(ECPrivateKey)); - /* read and convert params */ - key->ecParams.arena = arena; - key_from_filedata(arena, &key->ecParams.DEREncoding, 0, 1, filedata); - rv = secoid_Init(); - CHECKERROR(rv, __LINE__); - rv = EC_DecodeParams(&key->ecParams.DEREncoding, &tmpECParams); - CHECKERROR(rv, __LINE__); - rv = EC_CopyParams(key->ecParams.arena, &key->ecParams, tmpECParams); - CHECKERROR(rv, __LINE__); - rv = SECOID_Shutdown(); - CHECKERROR(rv, __LINE__); - PORT_FreeArena(tmpECParams->arena, PR_TRUE); - /* read key */ - key_from_filedata(arena, &key->publicValue, 1, 3, filedata); - return key; -} - -typedef struct curveNameTagPairStr { - char *curveName; - SECOidTag curveOidTag; -} CurveNameTagPair; - -#define DEFAULT_CURVE_OID_TAG SEC_OID_SECG_EC_SECP192R1 -/* #define DEFAULT_CURVE_OID_TAG SEC_OID_SECG_EC_SECP160R1 */ - -static CurveNameTagPair nameTagPair[] = -{ - { "sect163k1", SEC_OID_SECG_EC_SECT163K1}, - { "nistk163", SEC_OID_SECG_EC_SECT163K1}, - { "sect163r1", SEC_OID_SECG_EC_SECT163R1}, - { "sect163r2", SEC_OID_SECG_EC_SECT163R2}, - { "nistb163", SEC_OID_SECG_EC_SECT163R2}, - { "sect193r1", SEC_OID_SECG_EC_SECT193R1}, - { "sect193r2", SEC_OID_SECG_EC_SECT193R2}, - { "sect233k1", SEC_OID_SECG_EC_SECT233K1}, - { "nistk233", SEC_OID_SECG_EC_SECT233K1}, - { "sect233r1", SEC_OID_SECG_EC_SECT233R1}, - { "nistb233", SEC_OID_SECG_EC_SECT233R1}, - { "sect239k1", SEC_OID_SECG_EC_SECT239K1}, - { "sect283k1", SEC_OID_SECG_EC_SECT283K1}, - { "nistk283", SEC_OID_SECG_EC_SECT283K1}, - { "sect283r1", SEC_OID_SECG_EC_SECT283R1}, - { "nistb283", SEC_OID_SECG_EC_SECT283R1}, - { "sect409k1", SEC_OID_SECG_EC_SECT409K1}, - { "nistk409", SEC_OID_SECG_EC_SECT409K1}, - { "sect409r1", SEC_OID_SECG_EC_SECT409R1}, - { "nistb409", SEC_OID_SECG_EC_SECT409R1}, - { "sect571k1", SEC_OID_SECG_EC_SECT571K1}, - { "nistk571", SEC_OID_SECG_EC_SECT571K1}, - { "sect571r1", SEC_OID_SECG_EC_SECT571R1}, - { "nistb571", SEC_OID_SECG_EC_SECT571R1}, - { "secp160k1", SEC_OID_SECG_EC_SECP160K1}, - { "secp160r1", SEC_OID_SECG_EC_SECP160R1}, - { "secp160r2", SEC_OID_SECG_EC_SECP160R2}, - { "secp192k1", SEC_OID_SECG_EC_SECP192K1}, - { "secp192r1", SEC_OID_SECG_EC_SECP192R1}, - { "nistp192", SEC_OID_SECG_EC_SECP192R1}, - { "secp224k1", SEC_OID_SECG_EC_SECP224K1}, - { "secp224r1", SEC_OID_SECG_EC_SECP224R1}, - { "nistp224", SEC_OID_SECG_EC_SECP224R1}, - { "secp256k1", SEC_OID_SECG_EC_SECP256K1}, - { "secp256r1", SEC_OID_SECG_EC_SECP256R1}, - { "nistp256", SEC_OID_SECG_EC_SECP256R1}, - { "secp384r1", SEC_OID_SECG_EC_SECP384R1}, - { "nistp384", SEC_OID_SECG_EC_SECP384R1}, - { "secp521r1", SEC_OID_SECG_EC_SECP521R1}, - { "nistp521", SEC_OID_SECG_EC_SECP521R1}, - - { "prime192v1", SEC_OID_ANSIX962_EC_PRIME192V1 }, - { "prime192v2", SEC_OID_ANSIX962_EC_PRIME192V2 }, - { "prime192v3", SEC_OID_ANSIX962_EC_PRIME192V3 }, - { "prime239v1", SEC_OID_ANSIX962_EC_PRIME239V1 }, - { "prime239v2", SEC_OID_ANSIX962_EC_PRIME239V2 }, - { "prime239v3", SEC_OID_ANSIX962_EC_PRIME239V3 }, - - { "c2pnb163v1", SEC_OID_ANSIX962_EC_C2PNB163V1 }, - { "c2pnb163v2", SEC_OID_ANSIX962_EC_C2PNB163V2 }, - { "c2pnb163v3", SEC_OID_ANSIX962_EC_C2PNB163V3 }, - { "c2pnb176v1", SEC_OID_ANSIX962_EC_C2PNB176V1 }, - { "c2tnb191v1", SEC_OID_ANSIX962_EC_C2TNB191V1 }, - { "c2tnb191v2", SEC_OID_ANSIX962_EC_C2TNB191V2 }, - { "c2tnb191v3", SEC_OID_ANSIX962_EC_C2TNB191V3 }, - { "c2onb191v4", SEC_OID_ANSIX962_EC_C2ONB191V4 }, - { "c2onb191v5", SEC_OID_ANSIX962_EC_C2ONB191V5 }, - { "c2pnb208w1", SEC_OID_ANSIX962_EC_C2PNB208W1 }, - { "c2tnb239v1", SEC_OID_ANSIX962_EC_C2TNB239V1 }, - { "c2tnb239v2", SEC_OID_ANSIX962_EC_C2TNB239V2 }, - { "c2tnb239v3", SEC_OID_ANSIX962_EC_C2TNB239V3 }, - { "c2onb239v4", SEC_OID_ANSIX962_EC_C2ONB239V4 }, - { "c2onb239v5", SEC_OID_ANSIX962_EC_C2ONB239V5 }, - { "c2pnb272w1", SEC_OID_ANSIX962_EC_C2PNB272W1 }, - { "c2pnb304w1", SEC_OID_ANSIX962_EC_C2PNB304W1 }, - { "c2tnb359v1", SEC_OID_ANSIX962_EC_C2TNB359V1 }, - { "c2pnb368w1", SEC_OID_ANSIX962_EC_C2PNB368W1 }, - { "c2tnb431r1", SEC_OID_ANSIX962_EC_C2TNB431R1 }, - - { "secp112r1", SEC_OID_SECG_EC_SECP112R1}, - { "secp112r2", SEC_OID_SECG_EC_SECP112R2}, - { "secp128r1", SEC_OID_SECG_EC_SECP128R1}, - { "secp128r2", SEC_OID_SECG_EC_SECP128R2}, - - { "sect113r1", SEC_OID_SECG_EC_SECT113R1}, - { "sect113r2", SEC_OID_SECG_EC_SECT113R2}, - { "sect131r1", SEC_OID_SECG_EC_SECT131R1}, - { "sect131r2", SEC_OID_SECG_EC_SECT131R2}, -}; - -static SECKEYECParams * -getECParams(char *curve) -{ - SECKEYECParams *ecparams; - SECOidData *oidData = NULL; - SECOidTag curveOidTag = SEC_OID_UNKNOWN; /* default */ - int i, numCurves; - - if (curve != NULL) { - numCurves = sizeof(nameTagPair)/sizeof(CurveNameTagPair); - for (i = 0; ((i < numCurves) && (curveOidTag == SEC_OID_UNKNOWN)); - i++) { - if (PL_strcmp(curve, nameTagPair[i].curveName) == 0) - curveOidTag = nameTagPair[i].curveOidTag; - } - } - - /* Return NULL if curve name is not recognized */ - if ((curveOidTag == SEC_OID_UNKNOWN) || - (oidData = SECOID_FindOIDByTag(curveOidTag)) == NULL) { - fprintf(stderr, "Unrecognized elliptic curve %s\n", curve); - return NULL; - } - - ecparams = SECITEM_AllocItem(NULL, NULL, (2 + oidData->oid.len)); - - /* - * ecparams->data needs to contain the ASN encoding of an object ID (OID) - * representing the named curve. The actual OID is in - * oidData->oid.data so we simply prepend 0x06 and OID length - */ - ecparams->data[0] = SEC_ASN1_OBJECT_ID; - ecparams->data[1] = oidData->oid.len; - memcpy(ecparams->data + 2, oidData->oid.data, oidData->oid.len); - - return ecparams; -} -#endif /* NSS_ENABLE_ECC */ - -static void -dump_pqg(PQGParams *pqg) -{ - SECU_PrintInteger(stdout, &pqg->prime, "PRIME:", 0); - SECU_PrintInteger(stdout, &pqg->subPrime, "SUBPRIME:", 0); - SECU_PrintInteger(stdout, &pqg->base, "BASE:", 0); -} - -static void -dump_dsakey(DSAPrivateKey *key) -{ - dump_pqg(&key->params); - SECU_PrintInteger(stdout, &key->publicValue, "PUBLIC VALUE:", 0); - SECU_PrintInteger(stdout, &key->privateValue, "PRIVATE VALUE:", 0); -} - -#ifdef NSS_ENABLE_ECC -static void -dump_ecp(ECParams *ecp) -{ - /* TODO other fields */ - SECU_PrintInteger(stdout, &ecp->base, "BASE POINT:", 0); -} - -static void -dump_eckey(ECPrivateKey *key) -{ - dump_ecp(&key->ecParams); - SECU_PrintInteger(stdout, &key->publicValue, "PUBLIC VALUE:", 0); - SECU_PrintInteger(stdout, &key->privateValue, "PRIVATE VALUE:", 0); -} -#endif - -static void -dump_rsakey(RSAPrivateKey *key) -{ - SECU_PrintInteger(stdout, &key->version, "VERSION:", 0); - SECU_PrintInteger(stdout, &key->modulus, "MODULUS:", 0); - SECU_PrintInteger(stdout, &key->publicExponent, "PUBLIC EXP:", 0); - SECU_PrintInteger(stdout, &key->privateExponent, "PRIVATE EXP:", 0); - SECU_PrintInteger(stdout, &key->prime1, "CRT PRIME 1:", 0); - SECU_PrintInteger(stdout, &key->prime2, "CRT PRIME 2:", 0); - SECU_PrintInteger(stdout, &key->exponent1, "CRT EXP 1:", 0); - SECU_PrintInteger(stdout, &key->exponent2, "CRT EXP 2:", 0); - SECU_PrintInteger(stdout, &key->coefficient, "CRT COEFFICIENT:", 0); -} - -typedef enum { - bltestBase64Encoded, /* Base64 encoded ASCII */ - bltestBinary, /* straight binary */ - bltestHexSpaceDelim, /* 0x12 0x34 0xab 0xCD ... */ - bltestHexStream /* 1234abCD ... */ -} bltestIOMode; - -typedef struct -{ - SECItem buf; - SECItem pBuf; - bltestIOMode mode; - PRFileDesc* file; -} bltestIO; - -typedef SECStatus (* bltestSymmCipherFn)(void *cx, - unsigned char *output, - unsigned int *outputLen, - unsigned int maxOutputLen, - const unsigned char *input, - unsigned int inputLen); - -typedef SECStatus (* bltestPubKeyCipherFn)(void *key, - SECItem *output, - const SECItem *input); - -typedef SECStatus (* bltestHashCipherFn)(unsigned char *dest, - const unsigned char *src, - uint32 src_length); - -typedef enum { - bltestINVALID = -1, - bltestDES_ECB, /* Symmetric Key Ciphers */ - bltestDES_CBC, /* . */ - bltestDES_EDE_ECB, /* . */ - bltestDES_EDE_CBC, /* . */ - bltestRC2_ECB, /* . */ - bltestRC2_CBC, /* . */ - bltestRC4, /* . */ - bltestRC5_ECB, /* . */ - bltestRC5_CBC, /* . */ - bltestAES_ECB, /* . */ - bltestAES_CBC, /* . */ - bltestRSA, /* Public Key Ciphers */ -#ifdef NSS_ENABLE_ECC - bltestECDSA, /* . (Public Key Sig.) */ -#endif - bltestDSA, /* . */ - bltestMD2, /* Hash algorithms */ - bltestMD5, /* . */ - bltestSHA1, /* . */ - bltestSHA256, /* . */ - bltestSHA384, /* . */ - bltestSHA512, /* . */ - NUMMODES -} bltestCipherMode; - -static char *mode_strings[] = -{ - "des_ecb", - "des_cbc", - "des3_ecb", - "des3_cbc", - "rc2_ecb", - "rc2_cbc", - "rc4", - "rc5_ecb", - "rc5_cbc", - "aes_ecb", - "aes_cbc", - "rsa", -#ifdef NSS_ENABLE_ECC - "ecdsa", -#endif - /*"pqg",*/ - "dsa", - "md2", - "md5", - "sha1", - "sha256", - "sha384", - "sha512", -}; - -typedef struct -{ - bltestIO key; - bltestIO iv; -} bltestSymmKeyParams; - -typedef struct -{ - bltestIO key; - bltestIO iv; - int rounds; - int wordsize; -} bltestRC5Params; - -typedef struct -{ - bltestIO key; - int keysizeInBits; - RSAPrivateKey *rsakey; -} bltestRSAParams; - -typedef struct -{ - bltestIO key; - bltestIO pqgdata; - unsigned int j; - bltestIO keyseed; - bltestIO sigseed; - bltestIO sig; /* if doing verify, have additional input */ - PQGParams *pqg; - DSAPrivateKey *dsakey; -} bltestDSAParams; - -#ifdef NSS_ENABLE_ECC -typedef struct -{ - bltestIO key; - char *curveName; - bltestIO sigseed; - bltestIO sig; /* if doing verify, have additional input */ - ECPrivateKey *eckey; -} bltestECDSAParams; -#endif - -typedef struct -{ - bltestIO key; /* unused */ - PRBool restart; -} bltestHashParams; - -typedef union -{ - bltestIO key; - bltestSymmKeyParams sk; - bltestRC5Params rc5; - bltestRSAParams rsa; - bltestDSAParams dsa; -#ifdef NSS_ENABLE_ECC - bltestECDSAParams ecdsa; -#endif - bltestHashParams hash; -} bltestParams; - -typedef struct -{ - PRArenaPool *arena; - /* cipher context */ - void *cx; - /* I/O streams */ - bltestIO input; - bltestIO output; - /* Cipher-specific parameters */ - bltestParams params; - /* Cipher mode */ - bltestCipherMode mode; - /* Cipher function (encrypt/decrypt/sign/verify/hash) */ - union { - bltestSymmCipherFn symmkeyCipher; - bltestPubKeyCipherFn pubkeyCipher; - bltestHashCipherFn hashCipher; - } cipher; - /* performance testing */ - int repetitions; - int cxreps; - double cxtime; - double optime; -} bltestCipherInfo; - -PRBool -is_symmkeyCipher(bltestCipherMode mode) -{ - /* change as needed! */ - if (mode >= bltestDES_ECB && mode <= bltestAES_CBC) - return PR_TRUE; - return PR_FALSE; -} - -PRBool -is_pubkeyCipher(bltestCipherMode mode) -{ - /* change as needed! */ - if (mode >= bltestRSA && mode <= bltestDSA) - return PR_TRUE; - return PR_FALSE; -} - -PRBool -is_hashCipher(bltestCipherMode mode) -{ - /* change as needed! */ - if (mode >= bltestMD2 && mode <= bltestSHA512) - return PR_TRUE; - return PR_FALSE; -} - -PRBool -is_sigCipher(bltestCipherMode mode) -{ - /* change as needed! */ -#ifdef NSS_ENABLE_ECC - if (mode >= bltestECDSA && mode <= bltestDSA) -#else - if (mode >= bltestDSA && mode <= bltestDSA) -#endif - return PR_TRUE; - return PR_FALSE; -} - -PRBool -cipher_requires_IV(bltestCipherMode mode) -{ - /* change as needed! */ - if (mode == bltestDES_CBC || mode == bltestDES_EDE_CBC || - mode == bltestRC2_CBC || mode == bltestRC5_CBC || - mode == bltestAES_CBC) - return PR_TRUE; - return PR_FALSE; -} - -SECStatus finishIO(bltestIO *output, PRFileDesc *file); - -SECStatus -setupIO(PRArenaPool *arena, bltestIO *input, PRFileDesc *file, - char *str, int numBytes) -{ - SECStatus rv = SECSuccess; - SECItem fileData; - SECItem *in; - unsigned char *tok; - unsigned int i, j; - - if (file && (numBytes == 0 || file == PR_STDIN)) { - /* grabbing data from a file */ - rv = SECU_FileToItem(&fileData, file); - if (rv != SECSuccess) { - PR_Close(file); - return SECFailure; - } - in = &fileData; - } else if (str) { - /* grabbing data from command line */ - fileData.data = str; - fileData.len = PL_strlen(str); - in = &fileData; - } else if (file) { - /* create nonce */ - SECITEM_AllocItem(arena, &input->buf, numBytes); - RNG_GenerateGlobalRandomBytes(input->buf.data, numBytes); - return finishIO(input, file); - } else { - return SECFailure; - } - - switch (input->mode) { - case bltestBase64Encoded: - rv = atob(in, &input->buf, arena); - break; - case bltestBinary: - if (in->data[in->len-1] == '\n') --in->len; - if (in->data[in->len-1] == '\r') --in->len; - SECITEM_CopyItem(arena, &input->buf, in); - break; - case bltestHexSpaceDelim: - SECITEM_AllocItem(arena, &input->buf, in->len/5); - for (i=0, j=0; i<in->len; i+=5, j++) { - tok = &in->data[i]; - if (tok[0] != '0' || tok[1] != 'x' || tok[4] != ' ') - /* bad hex token */ - break; - - rv = hex_from_2char(&tok[2], input->buf.data + j); - if (rv) - break; - } - break; - case bltestHexStream: - SECITEM_AllocItem(arena, &input->buf, in->len/2); - for (i=0, j=0; i<in->len; i+=2, j++) { - tok = &in->data[i]; - rv = hex_from_2char(tok, input->buf.data + j); - if (rv) - break; - } - break; - } - - if (file) - SECITEM_FreeItem(&fileData, PR_FALSE); - return rv; -} - -SECStatus -finishIO(bltestIO *output, PRFileDesc *file) -{ - SECStatus rv = SECSuccess; - PRInt32 nb; - unsigned char byteval; - SECItem *it; - char hexstr[5]; - unsigned int i; - if (output->pBuf.len > 0) { - it = &output->pBuf; - } else { - it = &output->buf; - } - switch (output->mode) { - case bltestBase64Encoded: - rv = btoa_file(it, file); - break; - case bltestBinary: - nb = PR_Write(file, it->data, it->len); - rv = (nb == (PRInt32)it->len) ? SECSuccess : SECFailure; - break; - case bltestHexSpaceDelim: - hexstr[0] = '0'; - hexstr[1] = 'x'; - hexstr[4] = ' '; - for (i=0; i<it->len; i++) { - byteval = it->data[i]; - rv = char2_from_hex(byteval, hexstr + 2); - nb = PR_Write(file, hexstr, 5); - if (rv) - break; - } - PR_Write(file, "\n", 1); - break; - case bltestHexStream: - for (i=0; i<it->len; i++) { - byteval = it->data[i]; - rv = char2_from_hex(byteval, hexstr); - if (rv) - break; - nb = PR_Write(file, hexstr, 2); - } - PR_Write(file, "\n", 1); - break; - } - return rv; -} - -void -bltestCopyIO(PRArenaPool *arena, bltestIO *dest, bltestIO *src) -{ - SECITEM_CopyItem(arena, &dest->buf, &src->buf); - if (src->pBuf.len > 0) { - dest->pBuf.len = src->pBuf.len; - dest->pBuf.data = dest->buf.data + (src->pBuf.data - src->buf.data); - } - dest->mode = src->mode; - dest->file = src->file; -} - -void -misalignBuffer(PRArenaPool *arena, bltestIO *io, int off) -{ - ptrdiff_t offset = (ptrdiff_t)io->buf.data % WORDSIZE; - int length = io->buf.len; - if (offset != off) { - SECITEM_ReallocItem(arena, &io->buf, length, length + 2*WORDSIZE); - io->buf.len = length + 2*WORDSIZE; /* why doesn't realloc do this? */ - /* offset may have changed? */ - offset = (ptrdiff_t)io->buf.data % WORDSIZE; - if (offset != off) { - memmove(io->buf.data + off, io->buf.data, length); - io->pBuf.data = io->buf.data + off; - io->pBuf.len = length; - } else { - io->pBuf.data = io->buf.data; - io->pBuf.len = length; - } - } else { - io->pBuf.data = io->buf.data; - io->pBuf.len = length; - } -} - -SECStatus -des_Encrypt(void *cx, unsigned char *output, unsigned int *outputLen, - unsigned int maxOutputLen, const unsigned char *input, - unsigned int inputLen) -{ - return DES_Encrypt((DESContext *)cx, output, outputLen, maxOutputLen, - input, inputLen); -} - -SECStatus -des_Decrypt(void *cx, unsigned char *output, unsigned int *outputLen, - unsigned int maxOutputLen, const unsigned char *input, - unsigned int inputLen) -{ - return DES_Decrypt((DESContext *)cx, output, outputLen, maxOutputLen, - input, inputLen); -} - -SECStatus -rc2_Encrypt(void *cx, unsigned char *output, unsigned int *outputLen, - unsigned int maxOutputLen, const unsigned char *input, - unsigned int inputLen) -{ - return RC2_Encrypt((RC2Context *)cx, output, outputLen, maxOutputLen, - input, inputLen); -} - -SECStatus -rc2_Decrypt(void *cx, unsigned char *output, unsigned int *outputLen, - unsigned int maxOutputLen, const unsigned char *input, - unsigned int inputLen) -{ - return RC2_Decrypt((RC2Context *)cx, output, outputLen, maxOutputLen, - input, inputLen); -} - -SECStatus -rc4_Encrypt(void *cx, unsigned char *output, unsigned int *outputLen, - unsigned int maxOutputLen, const unsigned char *input, - unsigned int inputLen) -{ - return RC4_Encrypt((RC4Context *)cx, output, outputLen, maxOutputLen, - input, inputLen); -} - -SECStatus -rc4_Decrypt(void *cx, unsigned char *output, unsigned int *outputLen, - unsigned int maxOutputLen, const unsigned char *input, - unsigned int inputLen) -{ - return RC4_Decrypt((RC4Context *)cx, output, outputLen, maxOutputLen, - input, inputLen); -} - -SECStatus -aes_Encrypt(void *cx, unsigned char *output, unsigned int *outputLen, - unsigned int maxOutputLen, const unsigned char *input, - unsigned int inputLen) -{ - return AES_Encrypt((AESContext *)cx, output, outputLen, maxOutputLen, - input, inputLen); -} - -SECStatus -aes_Decrypt(void *cx, unsigned char *output, unsigned int *outputLen, - unsigned int maxOutputLen, const unsigned char *input, - unsigned int inputLen) -{ - return AES_Decrypt((AESContext *)cx, output, outputLen, maxOutputLen, - input, inputLen); -} - -SECStatus -rsa_PublicKeyOp(void *key, SECItem *output, const SECItem *input) -{ - return RSA_PublicKeyOp((RSAPublicKey *)key, output->data, input->data); -} - -SECStatus -rsa_PrivateKeyOp(void *key, SECItem *output, const SECItem *input) -{ - return RSA_PrivateKeyOp((RSAPrivateKey *)key, output->data, input->data); -} - -SECStatus -dsa_signDigest(void *key, SECItem *output, const SECItem *input) -{ - return DSA_SignDigest((DSAPrivateKey *)key, output, input); -} - -SECStatus -dsa_verifyDigest(void *key, SECItem *output, const SECItem *input) -{ - return DSA_VerifyDigest((DSAPublicKey *)key, output, input); -} - -#ifdef NSS_ENABLE_ECC -SECStatus -ecdsa_signDigest(void *key, SECItem *output, const SECItem *input) -{ - return ECDSA_SignDigest((ECPrivateKey *)key, output, input); -} - -SECStatus -ecdsa_verifyDigest(void *key, SECItem *output, const SECItem *input) -{ - return ECDSA_VerifyDigest((ECPublicKey *)key, output, input); -} -#endif - -SECStatus -bltest_des_init(bltestCipherInfo *cipherInfo, PRBool encrypt) -{ - PRIntervalTime time1, time2; - bltestSymmKeyParams *desp = &cipherInfo->params.sk; - int minorMode; - int i; - switch (cipherInfo->mode) { - case bltestDES_ECB: minorMode = NSS_DES; break; - case bltestDES_CBC: minorMode = NSS_DES_CBC; break; - case bltestDES_EDE_ECB: minorMode = NSS_DES_EDE3; break; - case bltestDES_EDE_CBC: minorMode = NSS_DES_EDE3_CBC; break; - default: - return SECFailure; - } - cipherInfo->cx = (void*)DES_CreateContext(desp->key.buf.data, - desp->iv.buf.data, - minorMode, encrypt); - if (cipherInfo->cxreps > 0) { - DESContext **dummycx; - dummycx = PORT_Alloc(cipherInfo->cxreps * sizeof(DESContext *)); - TIMESTART(); - for (i=0; i<cipherInfo->cxreps; i++) { - dummycx[i] = (void*)DES_CreateContext(desp->key.buf.data, - desp->iv.buf.data, - minorMode, encrypt); - } - TIMEFINISH(cipherInfo->cxtime, 1.0); - for (i=0; i<cipherInfo->cxreps; i++) { - DES_DestroyContext(dummycx[i], PR_TRUE); - } - PORT_Free(dummycx); - } - if (encrypt) - cipherInfo->cipher.symmkeyCipher = des_Encrypt; - else - cipherInfo->cipher.symmkeyCipher = des_Decrypt; - return SECSuccess; -} - -SECStatus -bltest_rc2_init(bltestCipherInfo *cipherInfo, PRBool encrypt) -{ - PRIntervalTime time1, time2; - bltestSymmKeyParams *rc2p = &cipherInfo->params.sk; - int minorMode; - int i; - switch (cipherInfo->mode) { - case bltestRC2_ECB: minorMode = NSS_RC2; break; - case bltestRC2_CBC: minorMode = NSS_RC2_CBC; break; - default: - return SECFailure; - } - cipherInfo->cx = (void*)RC2_CreateContext(rc2p->key.buf.data, - rc2p->key.buf.len, - rc2p->iv.buf.data, - minorMode, - rc2p->key.buf.len); - if (cipherInfo->cxreps > 0) { - RC2Context **dummycx; - dummycx = PORT_Alloc(cipherInfo->cxreps * sizeof(RC2Context *)); - TIMESTART(); - for (i=0; i<cipherInfo->cxreps; i++) { - dummycx[i] = (void*)RC2_CreateContext(rc2p->key.buf.data, - rc2p->key.buf.len, - rc2p->iv.buf.data, - minorMode, - rc2p->key.buf.len); - } - TIMEFINISH(cipherInfo->cxtime, 1.0); - for (i=0; i<cipherInfo->cxreps; i++) { - RC2_DestroyContext(dummycx[i], PR_TRUE); - } - PORT_Free(dummycx); - } - if (encrypt) - cipherInfo->cipher.symmkeyCipher = rc2_Encrypt; - else - cipherInfo->cipher.symmkeyCipher = rc2_Decrypt; - return SECSuccess; -} - -SECStatus -bltest_rc4_init(bltestCipherInfo *cipherInfo, PRBool encrypt) -{ - PRIntervalTime time1, time2; - int i; - bltestSymmKeyParams *rc4p = &cipherInfo->params.sk; - cipherInfo->cx = (void*)RC4_CreateContext(rc4p->key.buf.data, - rc4p->key.buf.len); - if (cipherInfo->cxreps > 0) { - RC4Context **dummycx; - dummycx = PORT_Alloc(cipherInfo->cxreps * sizeof(RC4Context *)); - TIMESTART(); - for (i=0; i<cipherInfo->cxreps; i++) { - dummycx[i] = (void*)RC4_CreateContext(rc4p->key.buf.data, - rc4p->key.buf.len); - } - TIMEFINISH(cipherInfo->cxtime, 1.0); - for (i=0; i<cipherInfo->cxreps; i++) { - RC4_DestroyContext(dummycx[i], PR_TRUE); - } - PORT_Free(dummycx); - } - if (encrypt) - cipherInfo->cipher.symmkeyCipher = rc4_Encrypt; - else - cipherInfo->cipher.symmkeyCipher = rc4_Decrypt; - return SECSuccess; -} - -SECStatus -bltest_rc5_init(bltestCipherInfo *cipherInfo, PRBool encrypt) -{ -#if NSS_SOFTOKEN_DOES_RC5 - PRIntervalTime time1, time2; - bltestRC5Params *rc5p = &cipherInfo->params.rc5; - int minorMode; - switch (cipherInfo->mode) { - case bltestRC5_ECB: minorMode = NSS_RC5; break; - case bltestRC5_CBC: minorMode = NSS_RC5_CBC; break; - default: - return SECFailure; - } - TIMESTART(); - cipherInfo->cx = (void*)RC5_CreateContext(&rc5p->key.buf, - rc5p->rounds, rc5p->wordsize, - rc5p->iv.buf.data, minorMode); - TIMEFINISH(cipherInfo->cxtime, 1.0); - if (encrypt) - cipherInfo->cipher.symmkeyCipher = RC5_Encrypt; - else - cipherInfo->cipher.symmkeyCipher = RC5_Decrypt; - return SECSuccess; -#else - return SECFailure; -#endif -} - -SECStatus -bltest_aes_init(bltestCipherInfo *cipherInfo, PRBool encrypt) -{ - PRIntervalTime time1, time2; - bltestSymmKeyParams *aesp = &cipherInfo->params.sk; - int minorMode; - int i; - /* XXX */ int keylen, blocklen; - keylen = aesp->key.buf.len; - blocklen = cipherInfo->input.pBuf.len; - switch (cipherInfo->mode) { - case bltestAES_ECB: minorMode = NSS_AES; break; - case bltestAES_CBC: minorMode = NSS_AES_CBC; break; - default: - return SECFailure; - } - cipherInfo->cx = (void*)AES_CreateContext(aesp->key.buf.data, - aesp->iv.buf.data, - minorMode, encrypt, - keylen, blocklen); - if (cipherInfo->cxreps > 0) { - AESContext **dummycx; - dummycx = PORT_Alloc(cipherInfo->cxreps * sizeof(AESContext *)); - TIMESTART(); - for (i=0; i<cipherInfo->cxreps; i++) { - dummycx[i] = (void*)AES_CreateContext(aesp->key.buf.data, - aesp->iv.buf.data, - minorMode, encrypt, - keylen, blocklen); - } - TIMEFINISH(cipherInfo->cxtime, 1.0); - for (i=0; i<cipherInfo->cxreps; i++) { - AES_DestroyContext(dummycx[i], PR_TRUE); - } - PORT_Free(dummycx); - } - if (encrypt) - cipherInfo->cipher.symmkeyCipher = aes_Encrypt; - else - cipherInfo->cipher.symmkeyCipher = aes_Decrypt; - return SECSuccess; -} - -SECStatus -bltest_rsa_init(bltestCipherInfo *cipherInfo, PRBool encrypt) -{ - int i; - RSAPrivateKey **dummyKey; - PRIntervalTime time1, time2; - bltestRSAParams *rsap = &cipherInfo->params.rsa; - /* RSA key gen was done during parameter setup */ - cipherInfo->cx = cipherInfo->params.rsa.rsakey; - /* For performance testing */ - if (cipherInfo->cxreps > 0) { - /* Create space for n private key objects */ - dummyKey = (RSAPrivateKey **)PORT_Alloc(cipherInfo->cxreps * - sizeof(RSAPrivateKey *)); - /* Time n keygens, storing in the array */ - TIMESTART(); - for (i=0; i<cipherInfo->cxreps; i++) - dummyKey[i] = RSA_NewKey(rsap->keysizeInBits, - &rsap->rsakey->publicExponent); - TIMEFINISH(cipherInfo->cxtime, cipherInfo->cxreps); - /* Free the n key objects */ - for (i=0; i<cipherInfo->cxreps; i++) - PORT_FreeArena(dummyKey[i]->arena, PR_TRUE); - PORT_Free(dummyKey); - } - if (encrypt) { - /* Have to convert private key to public key. Memory - * is freed with private key's arena */ - RSAPublicKey *pubkey; - RSAPrivateKey *key = (RSAPrivateKey *)cipherInfo->cx; - pubkey = (RSAPublicKey *)PORT_ArenaAlloc(key->arena, - sizeof(RSAPublicKey)); - pubkey->modulus.len = key->modulus.len; - pubkey->modulus.data = key->modulus.data; - pubkey->publicExponent.len = key->publicExponent.len; - pubkey->publicExponent.data = key->publicExponent.data; - cipherInfo->cx = (void *)pubkey; - cipherInfo->cipher.pubkeyCipher = rsa_PublicKeyOp; - } else { - cipherInfo->cipher.pubkeyCipher = rsa_PrivateKeyOp; - } - return SECSuccess; -} - -SECStatus -bltest_pqg_init(bltestDSAParams *dsap) -{ - SECStatus rv, res; - PQGVerify *vfy = NULL; - rv = PQG_ParamGen(dsap->j, &dsap->pqg, &vfy); - CHECKERROR(rv, __LINE__); - rv = PQG_VerifyParams(dsap->pqg, vfy, &res); - CHECKERROR(res, __LINE__); - CHECKERROR(rv, __LINE__); - return rv; -} - -SECStatus -bltest_dsa_init(bltestCipherInfo *cipherInfo, PRBool encrypt) -{ - int i; - DSAPrivateKey **dummyKey; - PQGParams *dummypqg; - PRIntervalTime time1, time2; - bltestDSAParams *dsap = &cipherInfo->params.dsa; - PQGVerify *ignore = NULL; - /* DSA key gen was done during parameter setup */ - cipherInfo->cx = cipherInfo->params.dsa.dsakey; - /* For performance testing */ - if (cipherInfo->cxreps > 0) { - /* Create space for n private key objects */ - dummyKey = (DSAPrivateKey **)PORT_ZAlloc(cipherInfo->cxreps * - sizeof(DSAPrivateKey *)); - /* Time n keygens, storing in the array */ - TIMESTART(); - for (i=0; i<cipherInfo->cxreps; i++) { - dummypqg = NULL; - PQG_ParamGen(dsap->j, &dummypqg, &ignore); - DSA_NewKey(dummypqg, &dummyKey[i]); - } - TIMEFINISH(cipherInfo->cxtime, cipherInfo->cxreps); - /* Free the n key objects */ - for (i=0; i<cipherInfo->cxreps; i++) - PORT_FreeArena(dummyKey[i]->params.arena, PR_TRUE); - PORT_Free(dummyKey); - } - if (!dsap->pqg && dsap->pqgdata.buf.len > 0) { - dsap->pqg = pqg_from_filedata(&dsap->pqgdata.buf); - } - if (!cipherInfo->cx && dsap->key.buf.len > 0) { - cipherInfo->cx = dsakey_from_filedata(&dsap->key.buf); - } - if (encrypt) { - cipherInfo->cipher.pubkeyCipher = dsa_signDigest; - } else { - /* Have to convert private key to public key. Memory - * is freed with private key's arena */ - DSAPublicKey *pubkey; - DSAPrivateKey *key = (DSAPrivateKey *)cipherInfo->cx; - pubkey = (DSAPublicKey *)PORT_ArenaZAlloc(key->params.arena, - sizeof(DSAPublicKey)); - pubkey->params.prime.len = key->params.prime.len; - pubkey->params.prime.data = key->params.prime.data; - pubkey->params.subPrime.len = key->params.subPrime.len; - pubkey->params.subPrime.data = key->params.subPrime.data; - pubkey->params.base.len = key->params.base.len; - pubkey->params.base.data = key->params.base.data; - pubkey->publicValue.len = key->publicValue.len; - pubkey->publicValue.data = key->publicValue.data; - cipherInfo->cipher.pubkeyCipher = dsa_verifyDigest; - } - return SECSuccess; -} - -#ifdef NSS_ENABLE_ECC -SECStatus -bltest_ecdsa_init(bltestCipherInfo *cipherInfo, PRBool encrypt) -{ - int i; - ECPrivateKey **dummyKey; - PRIntervalTime time1, time2; - bltestECDSAParams *ecdsap = &cipherInfo->params.ecdsa; - /* ECDSA key gen was done during parameter setup */ - cipherInfo->cx = cipherInfo->params.ecdsa.eckey; - /* For performance testing */ - if (cipherInfo->cxreps > 0) { - /* Create space for n private key objects */ - dummyKey = (ECPrivateKey **)PORT_ZAlloc(cipherInfo->cxreps * - sizeof(ECPrivateKey *)); - /* Time n keygens, storing in the array */ - TIMESTART(); - for (i=0; i<cipherInfo->cxreps; i++) { - EC_NewKey(&ecdsap->eckey->ecParams, &dummyKey[i]); - } - TIMEFINISH(cipherInfo->cxtime, cipherInfo->cxreps); - /* Free the n key objects */ - for (i=0; i<cipherInfo->cxreps; i++) - PORT_FreeArena(dummyKey[i]->ecParams.arena, PR_TRUE); - PORT_Free(dummyKey); - } - if (!cipherInfo->cx && ecdsap->key.buf.len > 0) { - cipherInfo->cx = eckey_from_filedata(&ecdsap->key.buf); - } - if (encrypt) { - cipherInfo->cipher.pubkeyCipher = ecdsa_signDigest; - } else { - /* Have to convert private key to public key. Memory - * is freed with private key's arena */ - ECPublicKey *pubkey; - ECPrivateKey *key = (ECPrivateKey *)cipherInfo->cx; - pubkey = (ECPublicKey *)PORT_ArenaZAlloc(key->ecParams.arena, - sizeof(ECPublicKey)); - pubkey->ecParams.type = key->ecParams.type; - pubkey->ecParams.fieldID.size = key->ecParams.fieldID.size; - pubkey->ecParams.fieldID.type = key->ecParams.fieldID.type; - pubkey->ecParams.fieldID.u.prime.len = key->ecParams.fieldID.u.prime.len; - pubkey->ecParams.fieldID.u.prime.data = key->ecParams.fieldID.u.prime.data; - pubkey->ecParams.fieldID.k1 = key->ecParams.fieldID.k1; - pubkey->ecParams.fieldID.k2 = key->ecParams.fieldID.k2; - pubkey->ecParams.fieldID.k3 = key->ecParams.fieldID.k3; - pubkey->ecParams.curve.a.len = key->ecParams.curve.a.len; - pubkey->ecParams.curve.a.data = key->ecParams.curve.a.data; - pubkey->ecParams.curve.b.len = key->ecParams.curve.b.len; - pubkey->ecParams.curve.b.data = key->ecParams.curve.b.data; - pubkey->ecParams.curve.seed.len = key->ecParams.curve.seed.len; - pubkey->ecParams.curve.seed.data = key->ecParams.curve.seed.data; - pubkey->ecParams.base.len = key->ecParams.base.len; - pubkey->ecParams.base.data = key->ecParams.base.data; - pubkey->ecParams.order.len = key->ecParams.order.len; - pubkey->ecParams.order.data = key->ecParams.order.data; - pubkey->ecParams.cofactor = key->ecParams.cofactor; - pubkey->ecParams.DEREncoding.len = key->ecParams.DEREncoding.len; - pubkey->ecParams.DEREncoding.data = key->ecParams.DEREncoding.data; - pubkey->ecParams.name= key->ecParams.name; - pubkey->publicValue.len = key->publicValue.len; - pubkey->publicValue.data = key->publicValue.data; - cipherInfo->cipher.pubkeyCipher = ecdsa_verifyDigest; - } - return SECSuccess; -} -#endif - -/* XXX unfortunately, this is not defined in blapi.h */ -SECStatus -md2_HashBuf(unsigned char *dest, const unsigned char *src, uint32 src_length) -{ - unsigned int len; - MD2Context *cx = MD2_NewContext(); - if (cx == NULL) return SECFailure; - MD2_Begin(cx); - MD2_Update(cx, src, src_length); - MD2_End(cx, dest, &len, MD2_LENGTH); - MD2_DestroyContext(cx, PR_TRUE); - return SECSuccess; -} - -SECStatus -md2_restart(unsigned char *dest, const unsigned char *src, uint32 src_length) -{ - MD2Context *cx, *cx_cpy; - unsigned char *cxbytes; - unsigned int len; - unsigned int i, quarter; - SECStatus rv = SECSuccess; - cx = MD2_NewContext(); - MD2_Begin(cx); - /* divide message by 4, restarting 3 times */ - quarter = (src_length + 3)/ 4; - for (i=0; i < 4 && src_length > 0; i++) { - MD2_Update(cx, src + i*quarter, PR_MIN(quarter, src_length)); - len = MD2_FlattenSize(cx); - cxbytes = PORT_Alloc(len); - MD2_Flatten(cx, cxbytes); - cx_cpy = MD2_Resurrect(cxbytes, NULL); - if (!cx_cpy) { - PR_fprintf(PR_STDERR, "%s: MD2_Resurrect failed!\n", progName); - goto finish; - } - rv = PORT_Memcmp(cx, cx_cpy, len); - if (rv) { - MD2_DestroyContext(cx_cpy, PR_TRUE); - PR_fprintf(PR_STDERR, "%s: MD2_restart failed!\n", progName); - goto finish; - } - MD2_DestroyContext(cx_cpy, PR_TRUE); - PORT_Free(cxbytes); - src_length -= quarter; - } - MD2_End(cx, dest, &len, MD2_LENGTH); -finish: - MD2_DestroyContext(cx, PR_TRUE); - return rv; -} - -SECStatus -md5_restart(unsigned char *dest, const unsigned char *src, uint32 src_length) -{ - SECStatus rv = SECSuccess; - MD5Context *cx, *cx_cpy; - unsigned char *cxbytes; - unsigned int len; - unsigned int i, quarter; - cx = MD5_NewContext(); - MD5_Begin(cx); - /* divide message by 4, restarting 3 times */ - quarter = (src_length + 3)/ 4; - for (i=0; i < 4 && src_length > 0; i++) { - MD5_Update(cx, src + i*quarter, PR_MIN(quarter, src_length)); - len = MD5_FlattenSize(cx); - cxbytes = PORT_Alloc(len); - MD5_Flatten(cx, cxbytes); - cx_cpy = MD5_Resurrect(cxbytes, NULL); - if (!cx_cpy) { - PR_fprintf(PR_STDERR, "%s: MD5_Resurrect failed!\n", progName); - rv = SECFailure; - goto finish; - } - rv = PORT_Memcmp(cx, cx_cpy, len); - if (rv) { - MD5_DestroyContext(cx_cpy, PR_TRUE); - PR_fprintf(PR_STDERR, "%s: MD5_restart failed!\n", progName); - goto finish; - } - MD5_DestroyContext(cx_cpy, PR_TRUE); - PORT_Free(cxbytes); - src_length -= quarter; - } - MD5_End(cx, dest, &len, MD5_LENGTH); -finish: - MD5_DestroyContext(cx, PR_TRUE); - return rv; -} - -SECStatus -sha1_restart(unsigned char *dest, const unsigned char *src, uint32 src_length) -{ - SECStatus rv = SECSuccess; - SHA1Context *cx, *cx_cpy; - unsigned char *cxbytes; - unsigned int len; - unsigned int i, quarter; - cx = SHA1_NewContext(); - SHA1_Begin(cx); - /* divide message by 4, restarting 3 times */ - quarter = (src_length + 3)/ 4; - for (i=0; i < 4 && src_length > 0; i++) { - SHA1_Update(cx, src + i*quarter, PR_MIN(quarter, src_length)); - len = SHA1_FlattenSize(cx); - cxbytes = PORT_Alloc(len); - SHA1_Flatten(cx, cxbytes); - cx_cpy = SHA1_Resurrect(cxbytes, NULL); - if (!cx_cpy) { - PR_fprintf(PR_STDERR, "%s: SHA1_Resurrect failed!\n", progName); - rv = SECFailure; - goto finish; - } - rv = PORT_Memcmp(cx, cx_cpy, len); - if (rv) { - SHA1_DestroyContext(cx_cpy, PR_TRUE); - PR_fprintf(PR_STDERR, "%s: SHA1_restart failed!\n", progName); - goto finish; - } - SHA1_DestroyContext(cx_cpy, PR_TRUE); - PORT_Free(cxbytes); - src_length -= quarter; - } - SHA1_End(cx, dest, &len, MD5_LENGTH); -finish: - SHA1_DestroyContext(cx, PR_TRUE); - return rv; -} - -SECStatus -SHA256_restart(unsigned char *dest, const unsigned char *src, uint32 src_length) -{ - SECStatus rv = SECSuccess; - SHA256Context *cx, *cx_cpy; - unsigned char *cxbytes; - unsigned int len; - unsigned int i, quarter; - cx = SHA256_NewContext(); - SHA256_Begin(cx); - /* divide message by 4, restarting 3 times */ - quarter = (src_length + 3)/ 4; - for (i=0; i < 4 && src_length > 0; i++) { - SHA256_Update(cx, src + i*quarter, PR_MIN(quarter, src_length)); - len = SHA256_FlattenSize(cx); - cxbytes = PORT_Alloc(len); - SHA256_Flatten(cx, cxbytes); - cx_cpy = SHA256_Resurrect(cxbytes, NULL); - if (!cx_cpy) { - PR_fprintf(PR_STDERR, "%s: SHA256_Resurrect failed!\n", progName); - rv = SECFailure; - goto finish; - } - rv = PORT_Memcmp(cx, cx_cpy, len); - if (rv) { - SHA256_DestroyContext(cx_cpy, PR_TRUE); - PR_fprintf(PR_STDERR, "%s: SHA256_restart failed!\n", progName); - goto finish; - } - SHA256_DestroyContext(cx_cpy, PR_TRUE); - PORT_Free(cxbytes); - src_length -= quarter; - } - SHA256_End(cx, dest, &len, MD5_LENGTH); -finish: - SHA256_DestroyContext(cx, PR_TRUE); - return rv; -} - -SECStatus -SHA384_restart(unsigned char *dest, const unsigned char *src, uint32 src_length) -{ - SECStatus rv = SECSuccess; - SHA384Context *cx, *cx_cpy; - unsigned char *cxbytes; - unsigned int len; - unsigned int i, quarter; - cx = SHA384_NewContext(); - SHA384_Begin(cx); - /* divide message by 4, restarting 3 times */ - quarter = (src_length + 3)/ 4; - for (i=0; i < 4 && src_length > 0; i++) { - SHA384_Update(cx, src + i*quarter, PR_MIN(quarter, src_length)); - len = SHA384_FlattenSize(cx); - cxbytes = PORT_Alloc(len); - SHA384_Flatten(cx, cxbytes); - cx_cpy = SHA384_Resurrect(cxbytes, NULL); - if (!cx_cpy) { - PR_fprintf(PR_STDERR, "%s: SHA384_Resurrect failed!\n", progName); - rv = SECFailure; - goto finish; - } - rv = PORT_Memcmp(cx, cx_cpy, len); - if (rv) { - SHA384_DestroyContext(cx_cpy, PR_TRUE); - PR_fprintf(PR_STDERR, "%s: SHA384_restart failed!\n", progName); - goto finish; - } - SHA384_DestroyContext(cx_cpy, PR_TRUE); - PORT_Free(cxbytes); - src_length -= quarter; - } - SHA384_End(cx, dest, &len, MD5_LENGTH); -finish: - SHA384_DestroyContext(cx, PR_TRUE); - return rv; -} - -SECStatus -SHA512_restart(unsigned char *dest, const unsigned char *src, uint32 src_length) -{ - SECStatus rv = SECSuccess; - SHA512Context *cx, *cx_cpy; - unsigned char *cxbytes; - unsigned int len; - unsigned int i, quarter; - cx = SHA512_NewContext(); - SHA512_Begin(cx); - /* divide message by 4, restarting 3 times */ - quarter = (src_length + 3)/ 4; - for (i=0; i < 4 && src_length > 0; i++) { - SHA512_Update(cx, src + i*quarter, PR_MIN(quarter, src_length)); - len = SHA512_FlattenSize(cx); - cxbytes = PORT_Alloc(len); - SHA512_Flatten(cx, cxbytes); - cx_cpy = SHA512_Resurrect(cxbytes, NULL); - if (!cx_cpy) { - PR_fprintf(PR_STDERR, "%s: SHA512_Resurrect failed!\n", progName); - rv = SECFailure; - goto finish; - } - rv = PORT_Memcmp(cx, cx_cpy, len); - if (rv) { - SHA512_DestroyContext(cx_cpy, PR_TRUE); - PR_fprintf(PR_STDERR, "%s: SHA512_restart failed!\n", progName); - goto finish; - } - SHA512_DestroyContext(cx_cpy, PR_TRUE); - PORT_Free(cxbytes); - src_length -= quarter; - } - SHA512_End(cx, dest, &len, MD5_LENGTH); -finish: - SHA512_DestroyContext(cx, PR_TRUE); - return rv; -} - -SECStatus -pubkeyInitKey(bltestCipherInfo *cipherInfo, PRFileDesc *file, -#ifdef NSS_ENABLE_ECC - int keysize, int exponent, char *curveName) -#else - int keysize, int exponent) -#endif -{ - int i; - SECStatus rv = SECSuccess; - bltestRSAParams *rsap; - bltestDSAParams *dsap; -#ifdef NSS_ENABLE_ECC - bltestECDSAParams *ecdsap; - SECItem *tmpECParamsDER; - ECParams *tmpECParams = NULL; - SECItem ecSerialize[3]; -#endif - switch (cipherInfo->mode) { - case bltestRSA: - rsap = &cipherInfo->params.rsa; - if (keysize > 0) { - SECItem expitem = { 0, 0, 0 }; - SECITEM_AllocItem(cipherInfo->arena, &expitem, sizeof(int)); - for (i = 1; i <= sizeof(int); i++) - expitem.data[i-1] = exponent >> (8*(sizeof(int) - i)); - rsap->rsakey = RSA_NewKey(keysize * 8, &expitem); - serialize_key(&rsap->rsakey->version, 9, file); - rsap->keysizeInBits = keysize * 8; - } else { - setupIO(cipherInfo->arena, &cipherInfo->params.key, file, NULL, 0); - rsap->rsakey = rsakey_from_filedata(&cipherInfo->params.key.buf); - rsap->keysizeInBits = rsap->rsakey->modulus.len * 8; - } - break; - case bltestDSA: - dsap = &cipherInfo->params.dsa; - if (keysize > 0) { - dsap->j = PQG_PBITS_TO_INDEX(8*keysize); - if (!dsap->pqg) - bltest_pqg_init(dsap); - rv = DSA_NewKey(dsap->pqg, &dsap->dsakey); - CHECKERROR(rv, __LINE__); - serialize_key(&dsap->dsakey->params.prime, 5, file); - } else { - setupIO(cipherInfo->arena, &cipherInfo->params.key, file, NULL, 0); - dsap->dsakey = dsakey_from_filedata(&cipherInfo->params.key.buf); - dsap->j = PQG_PBITS_TO_INDEX(8*dsap->dsakey->params.prime.len); - } - break; -#ifdef NSS_ENABLE_ECC - case bltestECDSA: - ecdsap = &cipherInfo->params.ecdsa; - if (curveName != NULL) { - tmpECParamsDER = getECParams(curveName); - rv = secoid_Init(); - CHECKERROR(rv, __LINE__); - rv = EC_DecodeParams(tmpECParamsDER, &tmpECParams) == SECFailure; - CHECKERROR(rv, __LINE__); - rv = EC_NewKey(tmpECParams, &ecdsap->eckey); - CHECKERROR(rv, __LINE__); - ecSerialize[0].type = tmpECParamsDER->type; - ecSerialize[0].data = tmpECParamsDER->data; - ecSerialize[0].len = tmpECParamsDER->len; - ecSerialize[1].type = ecdsap->eckey->publicValue.type; - ecSerialize[1].data = ecdsap->eckey->publicValue.data; - ecSerialize[1].len = ecdsap->eckey->publicValue.len; - ecSerialize[2].type = ecdsap->eckey->privateValue.type; - ecSerialize[2].data = ecdsap->eckey->privateValue.data; - ecSerialize[2].len = ecdsap->eckey->privateValue.len; - serialize_key(&(ecSerialize[0]), 3, file); - free(tmpECParamsDER); - PORT_FreeArena(tmpECParams->arena, PR_TRUE); - rv = SECOID_Shutdown(); - CHECKERROR(rv, __LINE__); - } else { - setupIO(cipherInfo->arena, &cipherInfo->params.key, file, NULL, 0); - ecdsap->eckey = eckey_from_filedata(&cipherInfo->params.key.buf); - } - break; -#endif - default: - return SECFailure; - } - return SECSuccess; -} - -SECStatus -cipherInit(bltestCipherInfo *cipherInfo, PRBool encrypt) -{ - PRBool restart; - switch (cipherInfo->mode) { - case bltestDES_ECB: - case bltestDES_CBC: - case bltestDES_EDE_ECB: - case bltestDES_EDE_CBC: - SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf, - cipherInfo->input.pBuf.len); - return bltest_des_init(cipherInfo, encrypt); - break; - case bltestRC2_ECB: - case bltestRC2_CBC: - SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf, - cipherInfo->input.pBuf.len); - return bltest_rc2_init(cipherInfo, encrypt); - break; - case bltestRC4: - SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf, - cipherInfo->input.pBuf.len); - return bltest_rc4_init(cipherInfo, encrypt); - break; - case bltestRC5_ECB: - case bltestRC5_CBC: -#if NSS_SOFTOKEN_DOES_RC5 - SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf, - cipherInfo->input.pBuf.len); -#endif - return bltest_rc5_init(cipherInfo, encrypt); - break; - case bltestAES_ECB: - case bltestAES_CBC: - SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf, - cipherInfo->input.pBuf.len); - return bltest_aes_init(cipherInfo, encrypt); - break; - case bltestRSA: - SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf, - cipherInfo->input.pBuf.len); - return bltest_rsa_init(cipherInfo, encrypt); - break; - case bltestDSA: - SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf, - DSA_SIGNATURE_LEN); - return bltest_dsa_init(cipherInfo, encrypt); - break; -#ifdef NSS_ENABLE_ECC - case bltestECDSA: - SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf, - 2 * MAX_ECKEY_LEN); - return bltest_ecdsa_init(cipherInfo, encrypt); - break; -#endif - case bltestMD2: - restart = cipherInfo->params.hash.restart; - SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf, - MD2_LENGTH); - cipherInfo->cipher.hashCipher = (restart) ? md2_restart : md2_HashBuf; - return SECSuccess; - break; - case bltestMD5: - restart = cipherInfo->params.hash.restart; - SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf, - MD5_LENGTH); - cipherInfo->cipher.hashCipher = (restart) ? md5_restart : MD5_HashBuf; - return SECSuccess; - break; - case bltestSHA1: - restart = cipherInfo->params.hash.restart; - SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf, - SHA1_LENGTH); - cipherInfo->cipher.hashCipher = (restart) ? sha1_restart : SHA1_HashBuf; - return SECSuccess; - break; - case bltestSHA256: - restart = cipherInfo->params.hash.restart; - SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf, - SHA256_LENGTH); - cipherInfo->cipher.hashCipher = (restart) ? SHA256_restart - : SHA256_HashBuf; - return SECSuccess; - break; - case bltestSHA384: - restart = cipherInfo->params.hash.restart; - SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf, - SHA384_LENGTH); - cipherInfo->cipher.hashCipher = (restart) ? SHA384_restart - : SHA384_HashBuf; - return SECSuccess; - break; - case bltestSHA512: - restart = cipherInfo->params.hash.restart; - SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf, - SHA512_LENGTH); - cipherInfo->cipher.hashCipher = (restart) ? SHA512_restart - : SHA512_HashBuf; - return SECSuccess; - break; - default: - return SECFailure; - } - return SECSuccess; -} - -SECStatus -dsaOp(bltestCipherInfo *cipherInfo) -{ - PRIntervalTime time1, time2; - SECStatus rv = SECSuccess; - int i; - int maxLen = cipherInfo->output.pBuf.len; - SECItem dummyOut = { 0, 0, 0 }; - SECITEM_AllocItem(NULL, &dummyOut, maxLen); - if (cipherInfo->cipher.pubkeyCipher == dsa_signDigest) { - if (cipherInfo->params.dsa.sigseed.buf.len > 0) { - rv = DSA_SignDigestWithSeed((DSAPrivateKey *)cipherInfo->cx, - &cipherInfo->output.pBuf, - &cipherInfo->input.pBuf, - cipherInfo->params.dsa.sigseed.buf.data); - CHECKERROR(rv, __LINE__); - TIMESTART(); - for (i=0; i<cipherInfo->repetitions; i++) { - rv |= DSA_SignDigestWithSeed((DSAPrivateKey *)cipherInfo->cx, - &dummyOut, - &cipherInfo->input.pBuf, - cipherInfo->params.dsa.sigseed.buf.data); - } - TIMEFINISH(cipherInfo->optime, 1.0); - CHECKERROR(rv, __LINE__); - } else { - rv = DSA_SignDigest((DSAPrivateKey *)cipherInfo->cx, - &cipherInfo->output.pBuf, - &cipherInfo->input.pBuf); - CHECKERROR(rv, __LINE__); - TIMESTART(); - for (i=0; i<cipherInfo->repetitions; i++) { - DSA_SignDigest((DSAPrivateKey *)cipherInfo->cx, &dummyOut, - &cipherInfo->input.pBuf); - } - TIMEFINISH(cipherInfo->optime, 1.0); - } - bltestCopyIO(cipherInfo->arena, &cipherInfo->params.dsa.sig, - &cipherInfo->output); - } else { - rv = DSA_VerifyDigest((DSAPublicKey *)cipherInfo->cx, - &cipherInfo->params.dsa.sig.buf, - &cipherInfo->input.pBuf); - CHECKERROR(rv, __LINE__); - TIMESTART(); - for (i=0; i<cipherInfo->repetitions; i++) { - DSA_VerifyDigest((DSAPublicKey *)cipherInfo->cx, - &cipherInfo->params.dsa.sig.buf, - &cipherInfo->input.pBuf); - } - TIMEFINISH(cipherInfo->optime, 1.0); - } - SECITEM_FreeItem(&dummyOut, PR_FALSE); - return rv; -} - -#ifdef NSS_ENABLE_ECC -SECStatus -ecdsaOp(bltestCipherInfo *cipherInfo) -{ - PRIntervalTime time1, time2; - SECStatus rv = SECSuccess; - int i; - int maxLen = cipherInfo->output.pBuf.len; - SECItem dummyOut = { 0, 0, 0 }; - SECITEM_AllocItem(NULL, &dummyOut, maxLen); - if (cipherInfo->cipher.pubkeyCipher == ecdsa_signDigest) { - if (cipherInfo->params.ecdsa.sigseed.buf.len > 0) { - rv = ECDSA_SignDigestWithSeed((ECPrivateKey *)cipherInfo->cx, - &cipherInfo->output.pBuf, - &cipherInfo->input.pBuf, - cipherInfo->params.ecdsa.sigseed.buf.data, - cipherInfo->params.ecdsa.sigseed.buf.len); - CHECKERROR(rv, __LINE__); - TIMESTART(); - for (i=0; i<cipherInfo->repetitions; i++) { - rv |= ECDSA_SignDigestWithSeed((ECPrivateKey *)cipherInfo->cx, - &dummyOut, - &cipherInfo->input.pBuf, - cipherInfo->params.ecdsa.sigseed.buf.data, - cipherInfo->params.ecdsa.sigseed.buf.len); - } - TIMEFINISH(cipherInfo->optime, 1.0); - CHECKERROR(rv, __LINE__); - } else { - rv = ECDSA_SignDigest((ECPrivateKey *)cipherInfo->cx, - &cipherInfo->output.pBuf, - &cipherInfo->input.pBuf); - CHECKERROR(rv, __LINE__); - TIMESTART(); - for (i=0; i<cipherInfo->repetitions; i++) { - ECDSA_SignDigest((ECPrivateKey *)cipherInfo->cx, &dummyOut, - &cipherInfo->input.pBuf); - } - TIMEFINISH(cipherInfo->optime, 1.0); - } - bltestCopyIO(cipherInfo->arena, &cipherInfo->params.ecdsa.sig, - &cipherInfo->output); - } else { - rv = ECDSA_VerifyDigest((ECPublicKey *)cipherInfo->cx, - &cipherInfo->params.ecdsa.sig.buf, - &cipherInfo->input.pBuf); - CHECKERROR(rv, __LINE__); - TIMESTART(); - for (i=0; i<cipherInfo->repetitions; i++) { - ECDSA_VerifyDigest((ECPublicKey *)cipherInfo->cx, - &cipherInfo->params.ecdsa.sig.buf, - &cipherInfo->input.pBuf); - } - TIMEFINISH(cipherInfo->optime, 1.0); - } - SECITEM_FreeItem(&dummyOut, PR_FALSE); - return rv; -} -#endif - -SECStatus -cipherDoOp(bltestCipherInfo *cipherInfo) -{ - PRIntervalTime time1, time2; - SECStatus rv = SECSuccess; - int i, len; - int maxLen = cipherInfo->output.pBuf.len; - unsigned char *dummyOut; - if (cipherInfo->mode == bltestDSA) - return dsaOp(cipherInfo); -#ifdef NSS_ENABLE_ECC - else if (cipherInfo->mode == bltestECDSA) - return ecdsaOp(cipherInfo); -#endif - dummyOut = PORT_Alloc(maxLen); - if (is_symmkeyCipher(cipherInfo->mode)) { - rv = (*cipherInfo->cipher.symmkeyCipher)(cipherInfo->cx, - cipherInfo->output.pBuf.data, - &len, maxLen, - cipherInfo->input.pBuf.data, - cipherInfo->input.pBuf.len); - TIMESTART(); - for (i=0; i<cipherInfo->repetitions; i++) { - (*cipherInfo->cipher.symmkeyCipher)(cipherInfo->cx, dummyOut, - &len, maxLen, - cipherInfo->input.pBuf.data, - cipherInfo->input.pBuf.len); - - } - TIMEFINISH(cipherInfo->optime, 1.0); - } else if (is_pubkeyCipher(cipherInfo->mode)) { - rv = (*cipherInfo->cipher.pubkeyCipher)(cipherInfo->cx, - &cipherInfo->output.pBuf, - &cipherInfo->input.pBuf); - TIMESTART(); - for (i=0; i<cipherInfo->repetitions; i++) { - SECItem dummy; - dummy.data = dummyOut; - dummy.len = maxLen; - (*cipherInfo->cipher.pubkeyCipher)(cipherInfo->cx, &dummy, - &cipherInfo->input.pBuf); - } - TIMEFINISH(cipherInfo->optime, 1.0); - } else if (is_hashCipher(cipherInfo->mode)) { - rv = (*cipherInfo->cipher.hashCipher)(cipherInfo->output.pBuf.data, - cipherInfo->input.pBuf.data, - cipherInfo->input.pBuf.len); - TIMESTART(); - for (i=0; i<cipherInfo->repetitions; i++) { - (*cipherInfo->cipher.hashCipher)(dummyOut, - cipherInfo->input.pBuf.data, - cipherInfo->input.pBuf.len); - } - TIMEFINISH(cipherInfo->optime, 1.0); - } - PORT_Free(dummyOut); - return rv; -} - -SECStatus -cipherFinish(bltestCipherInfo *cipherInfo) -{ - switch (cipherInfo->mode) { - case bltestDES_ECB: - case bltestDES_CBC: - case bltestDES_EDE_ECB: - case bltestDES_EDE_CBC: - DES_DestroyContext((DESContext *)cipherInfo->cx, PR_TRUE); - break; - case bltestAES_ECB: - case bltestAES_CBC: - AES_DestroyContext((AESContext *)cipherInfo->cx, PR_TRUE); - break; - case bltestRC2_ECB: - case bltestRC2_CBC: - RC2_DestroyContext((RC2Context *)cipherInfo->cx, PR_TRUE); - break; - case bltestRC4: - RC4_DestroyContext((RC4Context *)cipherInfo->cx, PR_TRUE); - break; -#if NSS_SOFTOKEN_DOES_RC5 - case bltestRC5_ECB: - case bltestRC5_CBC: - RC5_DestroyContext((RC5Context *)cipherInfo->cx, PR_TRUE); - break; -#endif - case bltestRSA: /* keys are alloc'ed within cipherInfo's arena, */ - case bltestDSA: /* will be freed with it. */ -#ifdef NSS_ENABLE_ECC - case bltestECDSA: -#endif - case bltestMD2: /* hash contexts are ephemeral */ - case bltestMD5: - case bltestSHA1: - case bltestSHA256: - case bltestSHA384: - case bltestSHA512: - return SECSuccess; - break; - default: - return SECFailure; - } - return SECSuccess; -} - -void -print_exponent(SECItem *exp) -{ - int i; - int e = 0; - if (exp->len <= 4) { - for (i=exp->len; i >=0; --i) e |= exp->data[exp->len-i] << 8*(i-1); - fprintf(stdout, "%12d", e); - } else { - e = 8*exp->len; - fprintf(stdout, "~2**%-8d", e); - } -} - -void -dump_performance_info(bltestCipherInfo *info, PRBool encrypt, PRBool cxonly) -{ - PRBool td = PR_TRUE; - fprintf(stdout, "#%9s", "mode"); - fprintf(stdout, "%12s", "in"); -print_td: - switch (info->mode) { - case bltestDES_ECB: - case bltestDES_CBC: - case bltestDES_EDE_ECB: - case bltestDES_EDE_CBC: - case bltestAES_ECB: - case bltestAES_CBC: - case bltestRC2_ECB: - case bltestRC2_CBC: - case bltestRC4: - if (td) - fprintf(stdout, "%8s", "symmkey"); - else - fprintf(stdout, "%8d", 8*info->params.sk.key.buf.len); - break; -#if NSS_SOFTOKEN_DOES_RC5 - case bltestRC5_ECB: - case bltestRC5_CBC: - if (info->params.sk.key.buf.len > 0) - printf("symmetric key(bytes)=%d,", info->params.sk.key.buf.len); - if (info->rounds > 0) - printf("rounds=%d,", info->params.rc5.rounds); - if (info->wordsize > 0) - printf("wordsize(bytes)=%d,", info->params.rc5.wordsize); - break; -#endif - case bltestRSA: - if (td) { - fprintf(stdout, "%8s", "rsa_mod"); - fprintf(stdout, "%12s", "rsa_pe"); - } else { - fprintf(stdout, "%8d", info->params.rsa.keysizeInBits); - print_exponent(&info->params.rsa.rsakey->publicExponent); - } - break; - case bltestDSA: - if (td) - fprintf(stdout, "%8s", "pqg_mod"); - else - fprintf(stdout, "%8d", PQG_INDEX_TO_PBITS(info->params.dsa.j)); - break; -#ifdef NSS_ENABLE_ECC - case bltestECDSA: - if (td) - fprintf(stdout, "%12s", "ec_curve"); - else - fprintf(stdout, "%12s", ecCurve_map[info->params.ecdsa.eckey->ecParams.name]->text); - break; -#endif - case bltestMD2: - case bltestMD5: - case bltestSHA1: - case bltestSHA256: - case bltestSHA384: - case bltestSHA512: - default: - break; - } - if (!td) { - fprintf(stdout, "%8d", info->repetitions); - fprintf(stdout, "%8d", info->cxreps); - fprintf(stdout, "%12.3f", info->cxtime); - fprintf(stdout, "%12.3f", info->optime); - fprintf(stdout, "\n"); - return; - } - - fprintf(stdout, "%8s", "opreps"); - fprintf(stdout, "%8s", "cxreps"); - fprintf(stdout, "%12s", "context"); - fprintf(stdout, "%12s", "op"); - fprintf(stdout, "\n"); - fprintf(stdout, "%8s", mode_strings[info->mode]); - fprintf(stdout, "_%c", (cxonly) ? 'c' : (encrypt) ? 'e' : 'd'); - fprintf(stdout, "%12d", info->input.buf.len * info->repetitions); - - td = !td; - goto print_td; -} - -void -printmodes() -{ - bltestCipherMode mode; - int nummodes = sizeof(mode_strings) / sizeof(char *); - fprintf(stderr, "%s: Available modes (specify with -m):\n", progName); - for (mode=0; mode<nummodes; mode++) - fprintf(stderr, "%s\n", mode_strings[mode]); -} - -bltestCipherMode -get_mode(const char *modestring) -{ - bltestCipherMode mode; - int nummodes = sizeof(mode_strings) / sizeof(char *); - for (mode=0; mode<nummodes; mode++) - if (PL_strcmp(modestring, mode_strings[mode]) == 0) - return mode; - fprintf(stderr, "%s: invalid mode: %s\n", progName, modestring); - return bltestINVALID; -} - -void -load_file_data(PRArenaPool *arena, bltestIO *data, - char *fn, bltestIOMode ioMode) -{ - PRFileDesc *file; - data->mode = ioMode; - data->file = NULL; /* don't use -- not saving anything */ - data->pBuf.data = NULL; - data->pBuf.len = 0; - file = PR_Open(fn, PR_RDONLY, 00660); - if (file) - setupIO(arena, data, file, NULL, 0); -} - -void -get_params(PRArenaPool *arena, bltestParams *params, - bltestCipherMode mode, int j) -{ - char filename[256]; - char *modestr = mode_strings[mode]; -#if NSS_SOFTOKEN_DOES_RC5 - FILE *file; - char *mark, *param, *val; - int index = 0; -#endif - switch (mode) { - case bltestDES_CBC: - case bltestDES_EDE_CBC: - case bltestRC2_CBC: - case bltestAES_CBC: - sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "iv", j); - load_file_data(arena, ¶ms->sk.iv, filename, bltestBinary); - case bltestDES_ECB: - case bltestDES_EDE_ECB: - case bltestRC2_ECB: - case bltestRC4: - case bltestAES_ECB: - sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "key", j); - load_file_data(arena, ¶ms->sk.key, filename, bltestBinary); - break; -#if NSS_SOFTOKEN_DOES_RC5 - case bltestRC5_ECB: - case bltestRC5_CBC: - sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "iv", j); - load_file_data(arena, ¶ms->sk.iv, filename, bltestBinary); - sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "key", j); - load_file_data(arena, ¶ms->sk.key, filename, bltestBinary); - sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, - "params", j); - file = fopen(filename, "r"); - if (!file) return; - param = malloc(100); - len = fread(param, 1, 100, file); - while (index < len) { - mark = PL_strchr(param, '='); - *mark = '\0'; - val = mark + 1; - mark = PL_strchr(val, '\n'); - *mark = '\0'; - if (PL_strcmp(param, "rounds") == 0) { - params->rc5.rounds = atoi(val); - } else if (PL_strcmp(param, "wordsize") == 0) { - params->rc5.wordsize = atoi(val); - } - index += PL_strlen(param) + PL_strlen(val) + 2; - param = mark + 1; - } - break; -#endif - case bltestRSA: - sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "key", j); - load_file_data(arena, ¶ms->rsa.key, filename, bltestBase64Encoded); - params->rsa.rsakey = rsakey_from_filedata(¶ms->key.buf); - break; - case bltestDSA: - sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "key", j); - load_file_data(arena, ¶ms->dsa.key, filename, bltestBase64Encoded); - params->dsa.dsakey = dsakey_from_filedata(¶ms->key.buf); - sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "pqg", j); - load_file_data(arena, ¶ms->dsa.pqgdata, filename, - bltestBase64Encoded); - params->dsa.pqg = pqg_from_filedata(¶ms->dsa.pqgdata.buf); - sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "keyseed", j); - load_file_data(arena, ¶ms->dsa.keyseed, filename, - bltestBase64Encoded); - sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "sigseed", j); - load_file_data(arena, ¶ms->dsa.sigseed, filename, - bltestBase64Encoded); - sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "ciphertext",j); - load_file_data(arena, ¶ms->dsa.sig, filename, bltestBase64Encoded); - break; -#ifdef NSS_ENABLE_ECC - case bltestECDSA: - sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "key", j); - load_file_data(arena, ¶ms->ecdsa.key, filename, bltestBase64Encoded); - params->ecdsa.eckey = eckey_from_filedata(¶ms->key.buf); - sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "sigseed", j); - load_file_data(arena, ¶ms->ecdsa.sigseed, filename, - bltestBase64Encoded); - sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "ciphertext",j); - load_file_data(arena, ¶ms->ecdsa.sig, filename, bltestBase64Encoded); - break; -#endif - case bltestMD2: - case bltestMD5: - case bltestSHA1: - case bltestSHA256: - case bltestSHA384: - case bltestSHA512: - /*params->hash.restart = PR_TRUE;*/ - params->hash.restart = PR_FALSE; - break; - default: - break; - } -} - -SECStatus -verify_self_test(bltestIO *result, bltestIO *cmp, bltestCipherMode mode, - PRBool forward, SECStatus sigstatus) -{ - int res; - char *modestr = mode_strings[mode]; - res = SECITEM_CompareItem(&result->pBuf, &cmp->buf); - if (is_sigCipher(mode)) { - if (forward) { - if (res == 0) { - printf("Signature self-test for %s passed.\n", modestr); - } else { - printf("Signature self-test for %s failed!\n", modestr); - } - } else { - if (sigstatus == SECSuccess) { - printf("Verification self-test for %s passed.\n", modestr); - } else { - printf("Verification self-test for %s failed!\n", modestr); - } - } - return sigstatus; - } else if (is_hashCipher(mode)) { - if (res == 0) { - printf("Hash self-test for %s passed.\n", modestr); - } else { - printf("Hash self-test for %s failed!\n", modestr); - } - } else { - if (forward) { - if (res == 0) { - printf("Encryption self-test for %s passed.\n", modestr); - } else { - printf("Encryption self-test for %s failed!\n", modestr); - } - } else { - if (res == 0) { - printf("Decryption self-test for %s passed.\n", modestr); - } else { - printf("Decryption self-test for %s failed!\n", modestr); - } - } - } - return (res != 0); -} - -static SECStatus -blapi_selftest(bltestCipherMode *modes, int numModes, int inoff, int outoff, - PRBool encrypt, PRBool decrypt) -{ - bltestCipherInfo cipherInfo; - bltestIO pt, ct; - bltestCipherMode mode; - bltestParams *params; - int i, j, nummodes, numtests; - char *modestr; - char filename[256]; - PRFileDesc *file; - PRArenaPool *arena; - SECItem item; - PRBool finished; - SECStatus rv = SECSuccess, srv; - - PORT_Memset(&cipherInfo, 0, sizeof(cipherInfo)); - arena = PORT_NewArena(BLTEST_DEFAULT_CHUNKSIZE); - cipherInfo.arena = arena; - - finished = PR_FALSE; - nummodes = (numModes == 0) ? NUMMODES : numModes; - for (i=0; i < nummodes && !finished; i++) { - if (i == bltestRC5_ECB || i == bltestRC5_CBC) continue; - if (numModes > 0) - mode = modes[i]; - else - mode = i; - if (mode == bltestINVALID) { - fprintf(stderr, "%s: Skipping invalid mode.\n",progName); - continue; - } - modestr = mode_strings[mode]; - cipherInfo.mode = mode; - params = &cipherInfo.params; -#ifdef TRACK_BLTEST_BUG - if (mode == bltestRSA) { - fprintf(stderr, "[%s] Self-Testing RSA\n", __bltDBG); - } -#endif - /* get the number of tests in the directory */ - sprintf(filename, "%s/tests/%s/%s", testdir, modestr, "numtests"); - file = PR_Open(filename, PR_RDONLY, 00660); - if (!file) { - fprintf(stderr, "%s: File %s does not exist.\n", progName,filename); - return SECFailure; - } - rv = SECU_FileToItem(&item, file); -#ifdef TRACK_BLTEST_BUG - if (mode == bltestRSA) { - fprintf(stderr, "[%s] Loaded data from %s\n", __bltDBG, filename); - } -#endif - PR_Close(file); - /* loop over the tests in the directory */ - numtests = (int) (item.data[0] - '0'); - for (j=1; j<item.len - 1; j++) { - numtests *= 10; - numtests += (int) (item.data[j] - '0'); - } - for (j=0; j<numtests; j++) { -#ifdef TRACK_BLTEST_BUG - if (mode == bltestRSA) { - fprintf(stderr, "[%s] Executing self-test #%d\n", __bltDBG, j); - } -#endif - sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, - "plaintext", j); - load_file_data(arena, &pt, filename, -#ifdef NSS_ENABLE_ECC - ((mode == bltestDSA) || (mode == bltestECDSA)) -#else - (mode == bltestDSA) -#endif - ? bltestBase64Encoded : bltestBinary); - sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, - "ciphertext", j); - load_file_data(arena, &ct, filename, bltestBase64Encoded); -#ifdef TRACK_BLTEST_BUG - if (mode == bltestRSA) { - fprintf(stderr, "[%s] Loaded data for self-test #%d\n", __bltDBG, j); - } -#endif - get_params(arena, params, mode, j); -#ifdef TRACK_BLTEST_BUG - if (mode == bltestRSA) { - fprintf(stderr, "[%s] Got parameters for #%d\n", __bltDBG, j); - } -#endif - /* Forward Operation (Encrypt/Sign/Hash) - ** Align the input buffer (plaintext) according to request - ** then perform operation and compare to ciphertext - */ - /* XXX for now */ - rv = SECSuccess; - if (encrypt) { - bltestCopyIO(arena, &cipherInfo.input, &pt); - misalignBuffer(arena, &cipherInfo.input, inoff); - memset(&cipherInfo.output.buf, 0, sizeof cipherInfo.output.buf); - rv |= cipherInit(&cipherInfo, PR_TRUE); - misalignBuffer(arena, &cipherInfo.output, outoff); -#ifdef TRACK_BLTEST_BUG - if (mode == bltestRSA) { - fprintf(stderr, "[%s] Inited cipher context and buffers for #%d\n", __bltDBG, j); - } -#endif - rv |= cipherDoOp(&cipherInfo); -#ifdef TRACK_BLTEST_BUG - if (mode == bltestRSA) { - fprintf(stderr, "[%s] Performed encrypt for #%d\n", __bltDBG, j); - } -#endif - rv |= cipherFinish(&cipherInfo); -#ifdef TRACK_BLTEST_BUG - if (mode == bltestRSA) { - fprintf(stderr, "[%s] Finished encrypt for #%d\n", __bltDBG, j); - } -#endif - rv |= verify_self_test(&cipherInfo.output, - &ct, mode, PR_TRUE, 0); -#ifdef TRACK_BLTEST_BUG - if (mode == bltestRSA) { - fprintf(stderr, "[%s] Verified self-test for #%d\n", __bltDBG, j); - } -#endif - /* If testing hash, only one op to test */ - if (is_hashCipher(mode)) - continue; - /*if (rv) return rv;*/ - } - if (!decrypt) - continue; - /* XXX for now */ - rv = SECSuccess; - /* Reverse Operation (Decrypt/Verify) - ** Align the input buffer (ciphertext) according to request - ** then perform operation and compare to plaintext - */ -#ifdef NSS_ENABLE_ECC - if ((mode != bltestDSA) && (mode != bltestECDSA)) -#else - if (mode != bltestDSA) -#endif - bltestCopyIO(arena, &cipherInfo.input, &ct); - else - bltestCopyIO(arena, &cipherInfo.input, &pt); - misalignBuffer(arena, &cipherInfo.input, inoff); - memset(&cipherInfo.output.buf, 0, sizeof cipherInfo.output.buf); - rv |= cipherInit(&cipherInfo, PR_FALSE); - misalignBuffer(arena, &cipherInfo.output, outoff); -#ifdef TRACK_BLTEST_BUG - if (mode == bltestRSA) { - fprintf(stderr, "[%s] Inited cipher context and buffers for #%d\n", __bltDBG, j); - } -#endif - srv = SECSuccess; - srv |= cipherDoOp(&cipherInfo); -#ifdef TRACK_BLTEST_BUG - if (mode == bltestRSA) { - fprintf(stderr, "[%s] Performed decrypt for #%d\n", __bltDBG, j); - } -#endif - rv |= cipherFinish(&cipherInfo); -#ifdef TRACK_BLTEST_BUG - if (mode == bltestRSA) { - fprintf(stderr, "[%s] Finished decrypt for #%d\n", __bltDBG, j); - } -#endif - rv |= verify_self_test(&cipherInfo.output, - &pt, mode, PR_FALSE, srv); -#ifdef TRACK_BLTEST_BUG - if (mode == bltestRSA) { - fprintf(stderr, "[%s] Verified self-test for #%d\n", __bltDBG, j); - } -#endif - /*if (rv) return rv;*/ - } - } - return rv; -} - -SECStatus -dump_file(bltestCipherMode mode, char *filename) -{ - bltestIO keydata; - PRArenaPool *arena = NULL; - arena = PORT_NewArena(BLTEST_DEFAULT_CHUNKSIZE); - if (mode == bltestRSA) { - RSAPrivateKey *key; - load_file_data(arena, &keydata, filename, bltestBase64Encoded); - key = rsakey_from_filedata(&keydata.buf); - dump_rsakey(key); - } else if (mode == bltestDSA) { -#if 0 - PQGParams *pqg; - get_file_data(filename, &item, PR_TRUE); - pqg = pqg_from_filedata(&item); - dump_pqg(pqg); -#endif - DSAPrivateKey *key; - load_file_data(arena, &keydata, filename, bltestBase64Encoded); - key = dsakey_from_filedata(&keydata.buf); - dump_dsakey(key); -#ifdef NSS_ENABLE_ECC - } else if (mode == bltestECDSA) { - ECPrivateKey *key; - load_file_data(arena, &keydata, filename, bltestBase64Encoded); - key = eckey_from_filedata(&keydata.buf); - dump_eckey(key); -#endif - } - PORT_FreeArena(arena, PR_FALSE); - return SECFailure; -} - -/* bltest commands */ -enum { - cmd_Decrypt = 0, - cmd_Encrypt, - cmd_FIPS, - cmd_Hash, - cmd_Nonce, - cmd_Dump, - cmd_Sign, - cmd_SelfTest, - cmd_Verify -}; - -/* bltest options */ -enum { - opt_B64 = 0, - opt_BufSize, - opt_Restart, - opt_SelfTestDir, - opt_Exponent, - opt_SigFile, - opt_KeySize, - opt_Hex, - opt_Input, - opt_PQGFile, - opt_Key, - opt_HexWSpc, - opt_Mode, -#ifdef NSS_ENABLE_ECC - opt_CurveName, -#endif - opt_Output, - opt_Repetitions, - opt_ZeroBuf, - opt_Rounds, - opt_Seed, - opt_SigSeedFile, - opt_CXReps, - opt_IV, - opt_WordSize, - opt_UseSeed, - opt_UseSigSeed, - opt_SeedFile, - opt_InputOffset, - opt_OutputOffset, - opt_MonteCarlo, - opt_CmdLine -}; - -static secuCommandFlag bltest_commands[] = -{ - { /* cmd_Decrypt */ 'D', PR_FALSE, 0, PR_FALSE }, - { /* cmd_Encrypt */ 'E', PR_FALSE, 0, PR_FALSE }, - { /* cmd_FIPS */ 'F', PR_FALSE, 0, PR_FALSE }, - { /* cmd_Hash */ 'H', PR_FALSE, 0, PR_FALSE }, - { /* cmd_Nonce */ 'N', PR_FALSE, 0, PR_FALSE }, - { /* cmd_Dump */ 'P', PR_FALSE, 0, PR_FALSE }, - { /* cmd_Sign */ 'S', PR_FALSE, 0, PR_FALSE }, - { /* cmd_SelfTest */ 'T', PR_FALSE, 0, PR_FALSE }, - { /* cmd_Verify */ 'V', PR_FALSE, 0, PR_FALSE } -}; - -static secuCommandFlag bltest_options[] = -{ - { /* opt_B64 */ 'a', PR_FALSE, 0, PR_FALSE }, - { /* opt_BufSize */ 'b', PR_TRUE, 0, PR_FALSE }, - { /* opt_Restart */ 'c', PR_FALSE, 0, PR_FALSE }, - { /* opt_SelfTestDir */ 'd', PR_TRUE, 0, PR_FALSE }, - { /* opt_Exponent */ 'e', PR_TRUE, 0, PR_FALSE }, - { /* opt_SigFile */ 'f', PR_TRUE, 0, PR_FALSE }, - { /* opt_KeySize */ 'g', PR_TRUE, 0, PR_FALSE }, - { /* opt_Hex */ 'h', PR_FALSE, 0, PR_FALSE }, - { /* opt_Input */ 'i', PR_TRUE, 0, PR_FALSE }, - { /* opt_PQGFile */ 'j', PR_TRUE, 0, PR_FALSE }, - { /* opt_Key */ 'k', PR_TRUE, 0, PR_FALSE }, - { /* opt_HexWSpc */ 'l', PR_FALSE, 0, PR_FALSE }, - { /* opt_Mode */ 'm', PR_TRUE, 0, PR_FALSE }, -#ifdef NSS_ENABLE_ECC - { /* opt_CurveName */ 'n', PR_TRUE, 0, PR_FALSE }, -#endif - { /* opt_Output */ 'o', PR_TRUE, 0, PR_FALSE }, - { /* opt_Repetitions */ 'p', PR_TRUE, 0, PR_FALSE }, - { /* opt_ZeroBuf */ 'q', PR_FALSE, 0, PR_FALSE }, - { /* opt_Rounds */ 'r', PR_TRUE, 0, PR_FALSE }, - { /* opt_Seed */ 's', PR_TRUE, 0, PR_FALSE }, - { /* opt_SigSeedFile */ 't', PR_TRUE, 0, PR_FALSE }, - { /* opt_CXReps */ 'u', PR_TRUE, 0, PR_FALSE }, - { /* opt_IV */ 'v', PR_TRUE, 0, PR_FALSE }, - { /* opt_WordSize */ 'w', PR_TRUE, 0, PR_FALSE }, - { /* opt_UseSeed */ 'x', PR_FALSE, 0, PR_FALSE }, - { /* opt_UseSigSeed */ 'y', PR_FALSE, 0, PR_FALSE }, - { /* opt_SeedFile */ 'z', PR_FALSE, 0, PR_FALSE }, - { /* opt_InputOffset */ '1', PR_TRUE, 0, PR_FALSE }, - { /* opt_OutputOffset */ '2', PR_TRUE, 0, PR_FALSE }, - { /* opt_MonteCarlo */ '3', PR_FALSE, 0, PR_FALSE }, - { /* opt_CmdLine */ '-', PR_FALSE, 0, PR_FALSE } -}; - -int main(int argc, char **argv) -{ - char *infileName, *outfileName, *keyfileName, *ivfileName; - SECStatus rv; - - bltestCipherInfo cipherInfo; - bltestParams *params; - PRFileDesc *file, *infile, *outfile; - char *instr = NULL; - PRArenaPool *arena; - bltestIOMode ioMode; - int keysize, bufsize, exponent; -#ifdef NSS_ENABLE_ECC - char *curveName = NULL; -#endif - int i, commandsEntered; - int inoff, outoff; - - secuCommand bltest; - bltest.numCommands = sizeof(bltest_commands) / sizeof(secuCommandFlag); - bltest.numOptions = sizeof(bltest_options) / sizeof(secuCommandFlag); - bltest.commands = bltest_commands; - bltest.options = bltest_options; - - progName = strrchr(argv[0], '/'); - if (!progName) - progName = strrchr(argv[0], '\\'); - progName = progName ? progName+1 : argv[0]; - - rv = RNG_RNGInit(); - if (rv != SECSuccess) { - SECU_PrintPRandOSError(progName); - return -1; - } - RNG_SystemInfoForRNG(); - - rv = SECU_ParseCommandLine(argc, argv, progName, &bltest); - - PORT_Memset(&cipherInfo, 0, sizeof(cipherInfo)); - arena = PORT_NewArena(BLTEST_DEFAULT_CHUNKSIZE); - cipherInfo.arena = arena; - params = &cipherInfo.params; - /* set some defaults */ - infileName = outfileName = keyfileName = ivfileName = NULL; - - /* Check the number of commands entered on the command line. */ - commandsEntered = 0; - for (i=0; i<bltest.numCommands; i++) - if (bltest.commands[i].activated) - commandsEntered++; - - if (commandsEntered > 1 && - !(commandsEntered == 2 && bltest.commands[cmd_SelfTest].activated)) { - fprintf(stderr, "%s: one command at a time!\n", progName); - Usage(); - } - if (commandsEntered == 0) { - fprintf(stderr, "%s: you must enter a command!\n", progName); - Usage(); - } - - if (bltest.commands[cmd_Sign].activated) - bltest.commands[cmd_Encrypt].activated = PR_TRUE; - if (bltest.commands[cmd_Verify].activated) - bltest.commands[cmd_Decrypt].activated = PR_TRUE; - if (bltest.commands[cmd_Hash].activated) - bltest.commands[cmd_Encrypt].activated = PR_TRUE; - - inoff = outoff = 0; - if (bltest.options[opt_InputOffset].activated) - inoff = PORT_Atoi(bltest.options[opt_InputOffset].arg); - if (bltest.options[opt_OutputOffset].activated) - outoff = PORT_Atoi(bltest.options[opt_OutputOffset].arg); - - testdir = (bltest.options[opt_SelfTestDir].activated) ? - strdup(bltest.options[opt_SelfTestDir].arg) : "."; - - /* - * Handle three simple cases first - */ - - /* Do BLAPI self-test */ - if (bltest.commands[cmd_SelfTest].activated) { - PRBool encrypt = PR_TRUE, decrypt = PR_TRUE; - /* user may specified a set of ciphers to test. parse them. */ - bltestCipherMode modesToTest[NUMMODES]; - int numModesToTest = 0; - char *tok, *str; - str = bltest.options[opt_Mode].arg; - while (str) { - tok = strchr(str, ','); - if (tok) *tok = '\0'; - modesToTest[numModesToTest++] = get_mode(str); - if (tok) { - *tok = ','; - str = tok + 1; - } else { - break; - } - } - if (bltest.commands[cmd_Decrypt].activated && - !bltest.commands[cmd_Encrypt].activated) - encrypt = PR_FALSE; - if (bltest.commands[cmd_Encrypt].activated && - !bltest.commands[cmd_Decrypt].activated) - decrypt = PR_FALSE; - return blapi_selftest(modesToTest, numModesToTest, inoff, outoff, - encrypt, decrypt); - } - - /* Do FIPS self-test */ - if (bltest.commands[cmd_FIPS].activated) { - CK_RV ckrv = pk11_fipsPowerUpSelfTest(); - fprintf(stdout, "CK_RV: %ld.\n", ckrv); - return 0; - } - - /* - * Check command line arguments for Encrypt/Decrypt/Hash/Sign/Verify - */ - - if ((bltest.commands[cmd_Decrypt].activated || - bltest.commands[cmd_Verify].activated) && - bltest.options[opt_BufSize].activated) { - fprintf(stderr, "%s: cannot use a nonce as input to decrypt/verify.\n", - progName); - Usage(); - } - - if (bltest.options[opt_Mode].activated) { - cipherInfo.mode = get_mode(bltest.options[opt_Mode].arg); - if (cipherInfo.mode == bltestINVALID) { - fprintf(stderr, "%s: Invalid mode \"%s\"\n", progName, - bltest.options[opt_Mode].arg); - Usage(); - } - } else { - fprintf(stderr, "%s: You must specify a cipher mode with -m.\n", - progName); - Usage(); - } - - if (bltest.options[opt_Repetitions].activated) { - cipherInfo.repetitions = PORT_Atoi(bltest.options[opt_Repetitions].arg); - } else { - cipherInfo.repetitions = 0; - } - - - if (bltest.options[opt_CXReps].activated) { - cipherInfo.cxreps = PORT_Atoi(bltest.options[opt_CXReps].arg); - } else { - cipherInfo.cxreps = 0; - } - - /* Dump a file (rsakey, dsakey, etc.) */ - if (bltest.commands[cmd_Dump].activated) { - return dump_file(cipherInfo.mode, bltest.options[opt_Input].arg); - } - - /* default input mode is binary */ - ioMode = (bltest.options[opt_B64].activated) ? bltestBase64Encoded : - (bltest.options[opt_Hex].activated) ? bltestHexStream : - (bltest.options[opt_HexWSpc].activated) ? bltestHexSpaceDelim : - bltestBinary; - - if (bltest.options[opt_KeySize].activated) - keysize = PORT_Atoi(bltest.options[opt_KeySize].arg); - else - keysize = 0; - - if (bltest.options[opt_Exponent].activated) - exponent = PORT_Atoi(bltest.options[opt_Exponent].arg); - else - exponent = 65537; - -#ifdef NSS_ENABLE_ECC - if (bltest.options[opt_CurveName].activated) - curveName = PORT_Strdup(bltest.options[opt_CurveName].arg); - else - curveName = NULL; -#endif - - /* Set up an encryption key. */ - keysize = 0; - file = NULL; - if (is_symmkeyCipher(cipherInfo.mode)) { - char *keystr = NULL; /* if key is on command line */ - if (bltest.options[opt_Key].activated) { - if (bltest.options[opt_CmdLine].activated) { - keystr = bltest.options[opt_Key].arg; - } else { - file = PR_Open(bltest.options[opt_Key].arg, PR_RDONLY, 00660); - } - } else { - if (bltest.options[opt_KeySize].activated) - keysize = PORT_Atoi(bltest.options[opt_KeySize].arg); - else - keysize = 8; /* use 64-bit default (DES) */ - /* save the random key for reference */ - file = PR_Open("tmp.key", PR_WRONLY|PR_CREATE_FILE, 00660); - } - params->key.mode = ioMode; - setupIO(cipherInfo.arena, ¶ms->key, file, keystr, keysize); - if (file) - PR_Close(file); - } else if (is_pubkeyCipher(cipherInfo.mode)) { - if (bltest.options[opt_Key].activated) { - file = PR_Open(bltest.options[opt_Key].arg, PR_RDONLY, 00660); - } else { - if (bltest.options[opt_KeySize].activated) - keysize = PORT_Atoi(bltest.options[opt_KeySize].arg); - else - keysize = 64; /* use 512-bit default */ - file = PR_Open("tmp.key", PR_WRONLY|PR_CREATE_FILE, 00660); - } - params->key.mode = bltestBase64Encoded; -#ifdef NSS_ENABLE_ECC - pubkeyInitKey(&cipherInfo, file, keysize, exponent, curveName); -#else - pubkeyInitKey(&cipherInfo, file, keysize, exponent); -#endif - PR_Close(file); - } - - /* set up an initialization vector. */ - if (cipher_requires_IV(cipherInfo.mode)) { - char *ivstr = NULL; - bltestSymmKeyParams *skp; - file = NULL; - if (cipherInfo.mode == bltestRC5_CBC) - skp = (bltestSymmKeyParams *)¶ms->rc5; - else - skp = ¶ms->sk; - if (bltest.options[opt_IV].activated) { - if (bltest.options[opt_CmdLine].activated) { - ivstr = bltest.options[opt_IV].arg; - } else { - file = PR_Open(bltest.options[opt_IV].arg, PR_RDONLY, 00660); - } - } else { - /* save the random iv for reference */ - file = PR_Open("tmp.iv", PR_WRONLY|PR_CREATE_FILE, 00660); - } - memset(&skp->iv, 0, sizeof skp->iv); - skp->iv.mode = ioMode; - setupIO(cipherInfo.arena, &skp->iv, file, ivstr, keysize); - if (file) - PR_Close(file); - } - - if (bltest.commands[cmd_Verify].activated) { - if (!bltest.options[opt_SigFile].activated) { - fprintf(stderr, "%s: You must specify a signature file with -f.\n", - progName); - exit(-1); - } - file = PR_Open(bltest.options[opt_SigFile].arg, PR_RDONLY, 00660); - if (cipherInfo.mode == bltestDSA) { - memset(&cipherInfo.params.dsa.sig, 0, sizeof(bltestIO)); - cipherInfo.params.dsa.sig.mode = ioMode; - setupIO(cipherInfo.arena, &cipherInfo.params.dsa.sig, file, NULL, 0); -#ifdef NSS_ENABLE_ECC - } else if (cipherInfo.mode == bltestECDSA) { - memset(&cipherInfo.params.ecdsa.sig, 0, sizeof(bltestIO)); - cipherInfo.params.ecdsa.sig.mode = ioMode; - setupIO(cipherInfo.arena, &cipherInfo.params.ecdsa.sig, file, NULL, 0); -#endif - } - } - - if (bltest.options[opt_PQGFile].activated) { - file = PR_Open(bltest.options[opt_PQGFile].arg, PR_RDONLY, 00660); - params->dsa.pqgdata.mode = bltestBase64Encoded; - setupIO(cipherInfo.arena, ¶ms->dsa.pqgdata, file, NULL, 0); - } - - /* Set up the input buffer */ - if (bltest.options[opt_Input].activated) { - if (bltest.options[opt_CmdLine].activated) { - instr = bltest.options[opt_Input].arg; - infile = NULL; - } else { - /* form file name from testdir and input arg. */ - char * filename = bltest.options[opt_Input].arg; - if (bltest.options[opt_SelfTestDir].activated && - testdir && filename && filename[0] != '/') - filename = PR_smprintf("%s/tests/%s/%s", testdir, - mode_strings[cipherInfo.mode], filename); - infile = PR_Open(filename, PR_RDONLY, 00660); - } - } else if (bltest.options[opt_BufSize].activated) { - /* save the random plaintext for reference */ - infile = PR_Open("tmp.in", PR_WRONLY|PR_CREATE_FILE, 00660); - } else { - infile = PR_STDIN; - } - if (!infile) { - fprintf(stderr, "%s: Failed to open input file.\n", progName); - exit(-1); - } - cipherInfo.input.mode = ioMode; - - /* Set up the output stream */ - if (bltest.options[opt_Output].activated) { - /* form file name from testdir and input arg. */ - char * filename = bltest.options[opt_Output].arg; - if (bltest.options[opt_SelfTestDir].activated && - testdir && filename && filename[0] != '/') - filename = PR_smprintf("%s/tests/%s/%s", testdir, - mode_strings[cipherInfo.mode], filename); - outfile = PR_Open(filename, PR_WRONLY|PR_CREATE_FILE, 00660); - } else { - outfile = PR_STDOUT; - } - if (!outfile) { - fprintf(stderr, "%s: Failed to open output file.\n", progName); - exit(-1); - } - cipherInfo.output.mode = ioMode; - if (bltest.options[opt_SelfTestDir].activated && ioMode == bltestBinary) - cipherInfo.output.mode = bltestBase64Encoded; - - if (is_hashCipher(cipherInfo.mode)) - cipherInfo.params.hash.restart = bltest.options[opt_Restart].activated; - - bufsize = 0; - if (bltest.options[opt_BufSize].activated) - bufsize = PORT_Atoi(bltest.options[opt_BufSize].arg); - - /*infile = NULL;*/ - setupIO(cipherInfo.arena, &cipherInfo.input, infile, instr, bufsize); - misalignBuffer(cipherInfo.arena, &cipherInfo.input, inoff); - - cipherInit(&cipherInfo, bltest.commands[cmd_Encrypt].activated); - misalignBuffer(cipherInfo.arena, &cipherInfo.output, outoff); - - if (!bltest.commands[cmd_Nonce].activated) { - if (bltest.options[opt_MonteCarlo].activated) { - int mciter; - for (mciter=0; mciter<10000; mciter++) { - cipherDoOp(&cipherInfo); - memcpy(cipherInfo.input.buf.data, - cipherInfo.output.buf.data, - cipherInfo.input.buf.len); - } - } else { - cipherDoOp(&cipherInfo); - } - cipherFinish(&cipherInfo); - finishIO(&cipherInfo.output, outfile); - } - - if (cipherInfo.repetitions > 0 || cipherInfo.cxreps > 0) - dump_performance_info(&cipherInfo, - bltest.commands[cmd_Encrypt].activated, - (cipherInfo.repetitions == 0)); - - if (infile && infile != PR_STDIN) - PR_Close(infile); - if (outfile && outfile != PR_STDOUT) - PR_Close(outfile); - PORT_FreeArena(cipherInfo.arena, PR_TRUE); - - /*NSS_Shutdown();*/ - - return SECSuccess; -} diff --git a/security/nss/cmd/bltest/manifest.mn b/security/nss/cmd/bltest/manifest.mn deleted file mode 100644 index 3010842e7..000000000 --- a/security/nss/cmd/bltest/manifest.mn +++ /dev/null @@ -1,58 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# -CORE_DEPTH = ../../.. - -MODULE = nss - -REQUIRES = seccmd dbm softoken - -INCLUDES += -I$(CORE_DEPTH)/nss/lib/softoken - -PROGRAM = bltest - - USE_STATIC_LIBS = 1 - -EXPORTS = \ - $(NULL) - -PRIVATE_EXPORTS = \ - $(NULL) - -CSRCS = \ - blapitest.c \ - $(NULL) - -ifdef NSS_ENABLE_ECC -DEFINES += -DNSS_ENABLE_ECC -endif - diff --git a/security/nss/cmd/bltest/tests/README b/security/nss/cmd/bltest/tests/README deleted file mode 100644 index 9982a2f15..000000000 --- a/security/nss/cmd/bltest/tests/README +++ /dev/null @@ -1,49 +0,0 @@ -This directory contains a set of tests for each cipher supported by -BLAPI. Each subdirectory contains known plaintext and ciphertext pairs -(and keys and/or iv's if needed). The tests can be run as a full set -with: - bltest -T -or as subsets, for example: - bltest -T -m des_ecb,md2,rsa - -In each subdirectory, the plaintext, key, and iv are ascii, and treated -as such. The ciphertext is base64-encoded to avoid the hassle of binary -files. - -To add a test, incremement the value in the numtests file. Create a -plaintext, key, and iv file, such that the name of the file is -incrememted one from the last set of tests. For example, if you are -adding the second test, put your data in files named plaintext1, key1, -and iv1 (ignoring key and iv if they are not needed, of course). Make -sure your key and iv are the correct number of bytes for your cipher (a -trailing \n is okay, but any other trailing bytes will be used!). Once -you have your input data, create output data by running bltest on a -trusted implementation. For example, for a new DES ECB test, run - bltest -E -m des_ecb -i plaintext1 -k key1 -o ciphertext1 -a in the -tests/des_ecb directory. Then run - bltest -T des_ecb from the cmd/bltest directory in the tree of the -implementation you want to test. - -Note that the -a option above is important, it tells bltest to expect -the input to be straight ASCII, and not base64 encoded binary! - -Special cases: - -RC5: -RC5 can take additional parameters, the number of rounds to perform and -the wordsize to use. The number of rounds is between is between 0 and -255, and the wordsize is either is either 16, 32, or 64 bits (at this -time only 32-bit is supported). These parameters are specified in a -paramsN file, where N is an index as above. The format of the file is -"rounds=R\nwordsize=W\n". - -public key modes (RSA and DSA): -Asymmetric key ciphers use keys with special properties, so creating a -key file with "Mozilla!" in it will not get you very far! To create a -public key, run bltest with the plaintext you want to encrypt, using a -trusted implementation. bltest will generate a key and store it in -"tmp.key", rename that file to keyN. For example: - bltest -E -m rsa -i plaintext0 -o ciphertext0 -e 65537 -g 32 -a - mv tmp.key key0 - -[note: specifying a keysize (-g) when using RSA is important!] diff --git a/security/nss/cmd/bltest/tests/aes_cbc/ciphertext0 b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext0 deleted file mode 100644 index 040a397d7..000000000 --- a/security/nss/cmd/bltest/tests/aes_cbc/ciphertext0 +++ /dev/null @@ -1 +0,0 @@ -oJLgOzZ1GiWt3DGo2sPKaA==
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/iv0 b/security/nss/cmd/bltest/tests/aes_cbc/iv0 deleted file mode 100644 index 4e65bc034..000000000 --- a/security/nss/cmd/bltest/tests/aes_cbc/iv0 +++ /dev/null @@ -1 +0,0 @@ -qwertyuiopasdfgh diff --git a/security/nss/cmd/bltest/tests/aes_cbc/key0 b/security/nss/cmd/bltest/tests/aes_cbc/key0 deleted file mode 100644 index 13911cc29..000000000 --- a/security/nss/cmd/bltest/tests/aes_cbc/key0 +++ /dev/null @@ -1 +0,0 @@ -fedcba9876543210 diff --git a/security/nss/cmd/bltest/tests/aes_cbc/numtests b/security/nss/cmd/bltest/tests/aes_cbc/numtests deleted file mode 100644 index d00491fd7..000000000 --- a/security/nss/cmd/bltest/tests/aes_cbc/numtests +++ /dev/null @@ -1 +0,0 @@ -1 diff --git a/security/nss/cmd/bltest/tests/aes_cbc/plaintext0 b/security/nss/cmd/bltest/tests/aes_cbc/plaintext0 deleted file mode 100644 index 8d6a8d555..000000000 --- a/security/nss/cmd/bltest/tests/aes_cbc/plaintext0 +++ /dev/null @@ -1 +0,0 @@ -0123456789abcdef diff --git a/security/nss/cmd/bltest/tests/aes_ecb/ciphertext0 b/security/nss/cmd/bltest/tests/aes_ecb/ciphertext0 deleted file mode 100644 index d6818c1d0..000000000 --- a/security/nss/cmd/bltest/tests/aes_ecb/ciphertext0 +++ /dev/null @@ -1 +0,0 @@ -PVuaCIiaKQhblgFCbVMTTg==
diff --git a/security/nss/cmd/bltest/tests/aes_ecb/key0 b/security/nss/cmd/bltest/tests/aes_ecb/key0 deleted file mode 100644 index 13911cc29..000000000 --- a/security/nss/cmd/bltest/tests/aes_ecb/key0 +++ /dev/null @@ -1 +0,0 @@ -fedcba9876543210 diff --git a/security/nss/cmd/bltest/tests/aes_ecb/numtests b/security/nss/cmd/bltest/tests/aes_ecb/numtests deleted file mode 100644 index d00491fd7..000000000 --- a/security/nss/cmd/bltest/tests/aes_ecb/numtests +++ /dev/null @@ -1 +0,0 @@ -1 diff --git a/security/nss/cmd/bltest/tests/aes_ecb/plaintext0 b/security/nss/cmd/bltest/tests/aes_ecb/plaintext0 deleted file mode 100644 index 8d6a8d555..000000000 --- a/security/nss/cmd/bltest/tests/aes_ecb/plaintext0 +++ /dev/null @@ -1 +0,0 @@ -0123456789abcdef diff --git a/security/nss/cmd/bltest/tests/des3_cbc/ciphertext0 b/security/nss/cmd/bltest/tests/des3_cbc/ciphertext0 deleted file mode 100644 index 61dae3192..000000000 --- a/security/nss/cmd/bltest/tests/des3_cbc/ciphertext0 +++ /dev/null @@ -1 +0,0 @@ -KV3MDNGKWOc= diff --git a/security/nss/cmd/bltest/tests/des3_cbc/iv0 b/security/nss/cmd/bltest/tests/des3_cbc/iv0 deleted file mode 100644 index 97b5955f7..000000000 --- a/security/nss/cmd/bltest/tests/des3_cbc/iv0 +++ /dev/null @@ -1 +0,0 @@ -12345678 diff --git a/security/nss/cmd/bltest/tests/des3_cbc/key0 b/security/nss/cmd/bltest/tests/des3_cbc/key0 deleted file mode 100644 index 588efd111..000000000 --- a/security/nss/cmd/bltest/tests/des3_cbc/key0 +++ /dev/null @@ -1 +0,0 @@ -abcdefghijklmnopqrstuvwx diff --git a/security/nss/cmd/bltest/tests/des3_cbc/numtests b/security/nss/cmd/bltest/tests/des3_cbc/numtests deleted file mode 100644 index d00491fd7..000000000 --- a/security/nss/cmd/bltest/tests/des3_cbc/numtests +++ /dev/null @@ -1 +0,0 @@ -1 diff --git a/security/nss/cmd/bltest/tests/des3_cbc/plaintext0 b/security/nss/cmd/bltest/tests/des3_cbc/plaintext0 deleted file mode 100644 index 5513e438c..000000000 --- a/security/nss/cmd/bltest/tests/des3_cbc/plaintext0 +++ /dev/null @@ -1 +0,0 @@ -Mozilla! diff --git a/security/nss/cmd/bltest/tests/des3_ecb/ciphertext0 b/security/nss/cmd/bltest/tests/des3_ecb/ciphertext0 deleted file mode 100644 index 76dc820d3..000000000 --- a/security/nss/cmd/bltest/tests/des3_ecb/ciphertext0 +++ /dev/null @@ -1 +0,0 @@ -RgckVNh4QcM= diff --git a/security/nss/cmd/bltest/tests/des3_ecb/key0 b/security/nss/cmd/bltest/tests/des3_ecb/key0 deleted file mode 100644 index 588efd111..000000000 --- a/security/nss/cmd/bltest/tests/des3_ecb/key0 +++ /dev/null @@ -1 +0,0 @@ -abcdefghijklmnopqrstuvwx diff --git a/security/nss/cmd/bltest/tests/des3_ecb/numtests b/security/nss/cmd/bltest/tests/des3_ecb/numtests deleted file mode 100644 index d00491fd7..000000000 --- a/security/nss/cmd/bltest/tests/des3_ecb/numtests +++ /dev/null @@ -1 +0,0 @@ -1 diff --git a/security/nss/cmd/bltest/tests/des3_ecb/plaintext0 b/security/nss/cmd/bltest/tests/des3_ecb/plaintext0 deleted file mode 100644 index 5513e438c..000000000 --- a/security/nss/cmd/bltest/tests/des3_ecb/plaintext0 +++ /dev/null @@ -1 +0,0 @@ -Mozilla! diff --git a/security/nss/cmd/bltest/tests/des_cbc/ciphertext0 b/security/nss/cmd/bltest/tests/des_cbc/ciphertext0 deleted file mode 100644 index 67d2ad1aa..000000000 --- a/security/nss/cmd/bltest/tests/des_cbc/ciphertext0 +++ /dev/null @@ -1 +0,0 @@ -Perdg9FMYQ4= diff --git a/security/nss/cmd/bltest/tests/des_cbc/iv0 b/security/nss/cmd/bltest/tests/des_cbc/iv0 deleted file mode 100644 index 97b5955f7..000000000 --- a/security/nss/cmd/bltest/tests/des_cbc/iv0 +++ /dev/null @@ -1 +0,0 @@ -12345678 diff --git a/security/nss/cmd/bltest/tests/des_cbc/key0 b/security/nss/cmd/bltest/tests/des_cbc/key0 deleted file mode 100644 index 65513c116..000000000 --- a/security/nss/cmd/bltest/tests/des_cbc/key0 +++ /dev/null @@ -1 +0,0 @@ -zyxwvuts diff --git a/security/nss/cmd/bltest/tests/des_cbc/numtests b/security/nss/cmd/bltest/tests/des_cbc/numtests deleted file mode 100644 index d00491fd7..000000000 --- a/security/nss/cmd/bltest/tests/des_cbc/numtests +++ /dev/null @@ -1 +0,0 @@ -1 diff --git a/security/nss/cmd/bltest/tests/des_cbc/plaintext0 b/security/nss/cmd/bltest/tests/des_cbc/plaintext0 deleted file mode 100644 index 5513e438c..000000000 --- a/security/nss/cmd/bltest/tests/des_cbc/plaintext0 +++ /dev/null @@ -1 +0,0 @@ -Mozilla! diff --git a/security/nss/cmd/bltest/tests/des_ecb/ciphertext0 b/security/nss/cmd/bltest/tests/des_ecb/ciphertext0 deleted file mode 100644 index 8be22fa5c..000000000 --- a/security/nss/cmd/bltest/tests/des_ecb/ciphertext0 +++ /dev/null @@ -1 +0,0 @@ -3bNoWzzNiFc= diff --git a/security/nss/cmd/bltest/tests/des_ecb/key0 b/security/nss/cmd/bltest/tests/des_ecb/key0 deleted file mode 100644 index 65513c116..000000000 --- a/security/nss/cmd/bltest/tests/des_ecb/key0 +++ /dev/null @@ -1 +0,0 @@ -zyxwvuts diff --git a/security/nss/cmd/bltest/tests/des_ecb/numtests b/security/nss/cmd/bltest/tests/des_ecb/numtests deleted file mode 100644 index d00491fd7..000000000 --- a/security/nss/cmd/bltest/tests/des_ecb/numtests +++ /dev/null @@ -1 +0,0 @@ -1 diff --git a/security/nss/cmd/bltest/tests/des_ecb/plaintext0 b/security/nss/cmd/bltest/tests/des_ecb/plaintext0 deleted file mode 100644 index 5513e438c..000000000 --- a/security/nss/cmd/bltest/tests/des_ecb/plaintext0 +++ /dev/null @@ -1 +0,0 @@ -Mozilla! diff --git a/security/nss/cmd/bltest/tests/dsa/ciphertext0 b/security/nss/cmd/bltest/tests/dsa/ciphertext0 deleted file mode 100644 index 8e7150562..000000000 --- a/security/nss/cmd/bltest/tests/dsa/ciphertext0 +++ /dev/null @@ -1 +0,0 @@ -fB0bnKWvjT6X5NIkZ5l/Y/DXZ6QNI6j0iPhR/ZERkfj67xRnTWY1cg== diff --git a/security/nss/cmd/bltest/tests/dsa/key0 b/security/nss/cmd/bltest/tests/dsa/key0 deleted file mode 100644 index e582eeb04..000000000 --- a/security/nss/cmd/bltest/tests/dsa/key0 +++ /dev/null @@ -1,6 +0,0 @@ -AAAAQI3ypJRJInaqPSV1m7BoacvqwNg6+40M98u4Mk8NeILl0HYvxbchDq/C6a2s
-Mqt6rElpPfv4NyTC7Ac27jHIApEAAAAUx3MhjHN+yO6ZO08t7TD0jtrOkV8AAABA
-Ym0CeDnqChNBMWOlW0y1ACmdVSKVbO/LO/8Q85nOLC5xy53l+iS6v1jlt5Uhklyc
-xC6fb0ZLCIzFcq9T5teIAgAAAEAZExhx11sWEqgZ8p140bDXNG96p3u2KoWb/WxW
-ddqdIS06Nu8Wcu9mC4x8JVzA7HSFj7oz9EwGaZYwp2sDDuMzAAAAFCBwsyI9ujcv
-3hwP/HsuO0mLJgYU
diff --git a/security/nss/cmd/bltest/tests/dsa/keyseed0 b/security/nss/cmd/bltest/tests/dsa/keyseed0 deleted file mode 100644 index 6eea359db..000000000 --- a/security/nss/cmd/bltest/tests/dsa/keyseed0 +++ /dev/null @@ -1 +0,0 @@ -AAAAAAAAAAAAAAAAAAAAAAAAAAA=
diff --git a/security/nss/cmd/bltest/tests/dsa/numtests b/security/nss/cmd/bltest/tests/dsa/numtests deleted file mode 100644 index d00491fd7..000000000 --- a/security/nss/cmd/bltest/tests/dsa/numtests +++ /dev/null @@ -1 +0,0 @@ -1 diff --git a/security/nss/cmd/bltest/tests/dsa/plaintext0 b/security/nss/cmd/bltest/tests/dsa/plaintext0 deleted file mode 100644 index 48fbdb6fd..000000000 --- a/security/nss/cmd/bltest/tests/dsa/plaintext0 +++ /dev/null @@ -1 +0,0 @@ -qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
diff --git a/security/nss/cmd/bltest/tests/dsa/pqg0 b/security/nss/cmd/bltest/tests/dsa/pqg0 deleted file mode 100644 index f16326ccc..000000000 --- a/security/nss/cmd/bltest/tests/dsa/pqg0 +++ /dev/null @@ -1,4 +0,0 @@ -AAAAQI3ypJRJInaqPSV1m7BoacvqwNg6+40M98u4Mk8NeILl0HYvxbchDq/C6a2s
-Mqt6rElpPfv4NyTC7Ac27jHIApEAAAAUx3MhjHN+yO6ZO08t7TD0jtrOkV8AAABA
-Ym0CeDnqChNBMWOlW0y1ACmdVSKVbO/LO/8Q85nOLC5xy53l+iS6v1jlt5Uhklyc
-xC6fb0ZLCIzFcq9T5teIAg==
diff --git a/security/nss/cmd/bltest/tests/dsa/sigseed0 b/security/nss/cmd/bltest/tests/dsa/sigseed0 deleted file mode 100644 index 05d7fd2d6..000000000 --- a/security/nss/cmd/bltest/tests/dsa/sigseed0 +++ /dev/null @@ -1 +0,0 @@ -aHpm2QZI+ZOGfhIfTd+d2wEgVYQ=
diff --git a/security/nss/cmd/bltest/tests/ecdsa/README b/security/nss/cmd/bltest/tests/ecdsa/README deleted file mode 100644 index 764aeec81..000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/README +++ /dev/null @@ -1,22 +0,0 @@ -0 secp160k1 -1 secp160r1 -2 secp160r2 -3 nistk163 -4 sect163r1 -5 nistb163 -6 secp192k1 -7 nistp192 -8 secp224k1 -9 nistp224 -10 nistk233 -11 nistb233 -12 nistp256 -13 nistk283 -14 nistb283 -15 nistp384 -16 nistk409 -17 nistb409 -18 nistk571 -19 nistb571 -# the following tests are not yet implemented -#20 nistp521 diff --git a/security/nss/cmd/bltest/tests/ecdsa/ciphertext0 b/security/nss/cmd/bltest/tests/ecdsa/ciphertext0 deleted file mode 100644 index 14d8e0ece..000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/ciphertext0 +++ /dev/null @@ -1 +0,0 @@ -GoWqve3YezF7HOABQjioFL/3oq32oM9pHsGTQTJE7aFE62nItVqAdg==
diff --git a/security/nss/cmd/bltest/tests/ecdsa/ciphertext1 b/security/nss/cmd/bltest/tests/ecdsa/ciphertext1 deleted file mode 100644 index 4484aae61..000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/ciphertext1 +++ /dev/null @@ -1 +0,0 @@ -PM6xHbiwP6Xcb44mg7BHtaJvd8PkxgvHAB1sh2cF0so3naFf0Tj6vQ==
diff --git a/security/nss/cmd/bltest/tests/ecdsa/ciphertext10 b/security/nss/cmd/bltest/tests/ecdsa/ciphertext10 deleted file mode 100644 index a956d53a6..000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/ciphertext10 +++ /dev/null @@ -1,2 +0,0 @@ -AF3bbyED08NTrUgKmag9HiuUbaW0skXA/Bp9RPjRAD6M0rp3nvLDKozI940jxPP1
-nWpHF7VcyCVzJeV6
diff --git a/security/nss/cmd/bltest/tests/ecdsa/ciphertext11 b/security/nss/cmd/bltest/tests/ecdsa/ciphertext11 deleted file mode 100644 index 8cc2c2623..000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/ciphertext11 +++ /dev/null @@ -1,2 +0,0 @@ -AOLrxy4FWd29ToUjOwLs6GyQ+dYZN6NkZ8oVO6dsAEXt55ePlCWZbOtmk6v9PrNG
-JOsY/MHnGhDeAGRl
diff --git a/security/nss/cmd/bltest/tests/ecdsa/ciphertext12 b/security/nss/cmd/bltest/tests/ecdsa/ciphertext12 deleted file mode 100644 index 5a05a7863..000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/ciphertext12 +++ /dev/null @@ -1,2 +0,0 @@ -aQHMte9cFByD9Ff3rZOPOtPI75luPoxemmgjXIgh/9jEeoTdDk8xuAYQUkayCfs+
-DpDaGnOLkfAyZ8GcuaCujg==
diff --git a/security/nss/cmd/bltest/tests/ecdsa/ciphertext13 b/security/nss/cmd/bltest/tests/ecdsa/ciphertext13 deleted file mode 100644 index 690c00a71..000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/ciphertext13 +++ /dev/null @@ -1,2 +0,0 @@ -AaeVCRJQPbpTqa1+zLd/8xAbkz3KKTr0dlS4tuGC8hc9j5esAeEv+7IklbA3v5Jz
-jC+nJy4p81iNO5E9H8nfGGckfQSiFzHG
diff --git a/security/nss/cmd/bltest/tests/ecdsa/ciphertext14 b/security/nss/cmd/bltest/tests/ecdsa/ciphertext14 deleted file mode 100644 index fe527c625..000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/ciphertext14 +++ /dev/null @@ -1,2 +0,0 @@ -AgU0N7zJPg/1UxmCWD5Z+DqDqkRKjy4heFgayCyopb/u4XErAZArgsjashAxzMKC
-PSDJasPT90T5Va8sNtjXtSpHWxc2roV9
diff --git a/security/nss/cmd/bltest/tests/ecdsa/ciphertext15 b/security/nss/cmd/bltest/tests/ecdsa/ciphertext15 deleted file mode 100644 index d1090942a..000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/ciphertext15 +++ /dev/null @@ -1,2 +0,0 @@ -NXo8is+7lAoOwWGt7+GBbT/UX8LGs8TXEHBI+tX9311pJ4J3pfBYobgN0ZK6ZBtp
-dS6PkrPaQp0S9nrfTOS5uAH95eD1eymRfCbOnjTUKzLuIn53V17vRjdcDtLzrhzX
diff --git a/security/nss/cmd/bltest/tests/ecdsa/ciphertext16 b/security/nss/cmd/bltest/tests/ecdsa/ciphertext16 deleted file mode 100644 index d5fe14482..000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/ciphertext16 +++ /dev/null @@ -1,3 +0,0 @@ -ADhxjBz/ACTy4GJlL0tYZpyNpC4DsXND9lJuU7x9N7g6gkpJyBPw3vBYU1olw6PH
-dnegpgAm4Gh6MCsZB4KBcLwl1wjt4B3p2eqEqDYn5fiie5f4XuRomvI92jR5Sb+I
-nBLCHIppt/Q=
diff --git a/security/nss/cmd/bltest/tests/ecdsa/ciphertext17 b/security/nss/cmd/bltest/tests/ecdsa/ciphertext17 deleted file mode 100644 index 486bf664f..000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/ciphertext17 +++ /dev/null @@ -1,3 +0,0 @@ -AGhHQ6kfdZRgu1svQTXEIewvFVglnUy6ANPumyUbM14AEfRkCUNa1uzvhV1sbWYj
-qT3egQCA9MTjThDNJeDOvvL6hVVOryUv4+C3RtkpQGCtdml+CSsjVTej8h9JbMds
-Dme40b2G6fE=
diff --git a/security/nss/cmd/bltest/tests/ecdsa/ciphertext18 b/security/nss/cmd/bltest/tests/ecdsa/ciphertext18 deleted file mode 100644 index 7eeef3811..000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/ciphertext18 +++ /dev/null @@ -1,3 +0,0 @@ -AGBuqk48tufy0bKEWpu+xEHsmi+6KCfdwOSRwLDnpVetGe9AWknHDzeTSwe0QxcE
-RsEkUZGDpxfzUlCLSSSU+ErrYY/uyLV2AJTb3prB6A2YNwdmFGeRbDoxeOu7FuQA
-3gxBQhR+TGMuskeM+BdHFmFrwvTTdHCGzjTBa5S8mbgEJTfeik/it28T/9i+duZ8
diff --git a/security/nss/cmd/bltest/tests/ecdsa/ciphertext19 b/security/nss/cmd/bltest/tests/ecdsa/ciphertext19 deleted file mode 100644 index ef8e5f381..000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/ciphertext19 +++ /dev/null @@ -1,3 +0,0 @@ -AaiotJfCiWU1d2LFe+t0CcWHDSF7EOlApWYJ+RNRSq8TbkXJIzi6abbb7BovtRwf
-i/COYwjS7OnkFQ6x5Pdrb7OZ0dTAdDRXAKtXWSKR20Y4fhnx/HUxisFwKrsCEQ3O
-uVtwDG8rh5V8zjBnCEcs5Iy9CsklucibR0PIyglVmW+ZuY42YNebuOC2VUKqHNF7
diff --git a/security/nss/cmd/bltest/tests/ecdsa/ciphertext2 b/security/nss/cmd/bltest/tests/ecdsa/ciphertext2 deleted file mode 100644 index a3837a410..000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/ciphertext2 +++ /dev/null @@ -1 +0,0 @@ -Vli8Hau3xL8oder6ZdM9Y3fMd92jbguiMq6F+9CUjlUQXy5EwAVGeg==
diff --git a/security/nss/cmd/bltest/tests/ecdsa/ciphertext20 b/security/nss/cmd/bltest/tests/ecdsa/ciphertext20 deleted file mode 100644 index 67c99244a..000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/ciphertext20 +++ /dev/null @@ -1,3 +0,0 @@ -ALAM5hGnex7TvBbSEzDlfv+n5g7aWyRyZsBbl2Y6wW1plSovbq2GcV6w1ZV1Vlot
-70zbqkKyNApvTi3xoD4Ens6pAeLMYDILwaQhnyJZWQv3etbWqUKJZNgfH1IDj03k
-n9hbjYLX3y4bc4CnrhOiv5Ab34s7M8wUYcjC+DbHwhLl/S6N
diff --git a/security/nss/cmd/bltest/tests/ecdsa/ciphertext3 b/security/nss/cmd/bltest/tests/ecdsa/ciphertext3 deleted file mode 100644 index e9a480882..000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/ciphertext3 +++ /dev/null @@ -1 +0,0 @@ -AFohw5TN/dpmqbhp/T4z1Rl1boAUA6r9eEPJbYN0zf+eHZzyvezxqjxU
diff --git a/security/nss/cmd/bltest/tests/ecdsa/ciphertext4 b/security/nss/cmd/bltest/tests/ecdsa/ciphertext4 deleted file mode 100644 index 57ce239ab..000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/ciphertext4 +++ /dev/null @@ -1 +0,0 @@ -AtJdCPXn5yQW34jekhsnsNmaMOeeA3KIVl1d2+7pb6QycUAzYccgwSrp
diff --git a/security/nss/cmd/bltest/tests/ecdsa/ciphertext5 b/security/nss/cmd/bltest/tests/ecdsa/ciphertext5 deleted file mode 100644 index e476c80bf..000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/ciphertext5 +++ /dev/null @@ -1 +0,0 @@ -AzEg0sOGHwxd0o3cv+o9dsRPOzXMAdpgtI6O0uUmVN2+a5qI5FYQlItz
diff --git a/security/nss/cmd/bltest/tests/ecdsa/ciphertext6 b/security/nss/cmd/bltest/tests/ecdsa/ciphertext6 deleted file mode 100644 index bdea7171d..000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/ciphertext6 +++ /dev/null @@ -1 +0,0 @@ -5+HDXH/ieN8Bzxd3dfxKZoqbbhsm7jyeqWdemt6Xy0kx+7zwSYsh9Ng5KRdy6wtA
diff --git a/security/nss/cmd/bltest/tests/ecdsa/ciphertext7 b/security/nss/cmd/bltest/tests/ecdsa/ciphertext7 deleted file mode 100644 index 3273fd9f7..000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/ciphertext7 +++ /dev/null @@ -1 +0,0 @@ -WcS9umnUASP0X6lHvkWJwPY37ZVvAMLBERHLjL3Vzg6QVjwcS8kDVortTFei3aTx
diff --git a/security/nss/cmd/bltest/tests/ecdsa/ciphertext8 b/security/nss/cmd/bltest/tests/ecdsa/ciphertext8 deleted file mode 100644 index 636392e43..000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/ciphertext8 +++ /dev/null @@ -1,2 +0,0 @@ -ItpmPaGAaoe2feXPbh5+EASLGnEzyYbEnwJ+JFNSOQcoY4a/cMV2rn8FYyBsEDiZ
-LPDBU0i2uOg=
diff --git a/security/nss/cmd/bltest/tests/ecdsa/ciphertext9 b/security/nss/cmd/bltest/tests/ecdsa/ciphertext9 deleted file mode 100644 index 0c43fa3d7..000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/ciphertext9 +++ /dev/null @@ -1,2 +0,0 @@ -QjzCVGRUjulOLqeBqC5xpY0GWomOrmQUCtImY0czn98a/jHrdgsSRKiMHukBUxM1
-TIRGjkV2L+A=
diff --git a/security/nss/cmd/bltest/tests/ecdsa/key0 b/security/nss/cmd/bltest/tests/ecdsa/key0 deleted file mode 100644 index 7c6d61b36..000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/key0 +++ /dev/null @@ -1,2 +0,0 @@ -AAAABwYFK4EEAAkAAAApBPiF0ntSFtn41JULxlA1l/lHE/zUPGJWkCqtdOryS6yD
-WFCoF/IHwHsAAAAUcw+b2b1AJUlmezgu5EjmAGPC0YQ=
diff --git a/security/nss/cmd/bltest/tests/ecdsa/key1 b/security/nss/cmd/bltest/tests/ecdsa/key1 deleted file mode 100644 index 049aa1edb..000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/key1 +++ /dev/null @@ -1,2 +0,0 @@ -AAAABwYFK4EEAAgAAAApBI80VWK9xatmkFRiDTcdeFQ0T9h3h6iVOinMURyWZw0T
-5vZqd8/gvwwAAAAUYOQMjDdtNSL5zY0nVWPWY+UJoqQ=
diff --git a/security/nss/cmd/bltest/tests/ecdsa/key10 b/security/nss/cmd/bltest/tests/ecdsa/key10 deleted file mode 100644 index 3e3341714..000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/key10 +++ /dev/null @@ -1,3 +0,0 @@ -AAAABwYFK4EEABoAAAA9BACmzalMQJBOWV2FoyV0tXSpT07Xajq4bB1SUwSY7QGn
-dgGC3GBqjPs9vEpqfMMQ2M9k3+5oubWnexNFhQAAAB4BRha/6sE7VSHl92ZqCj5p
-LYtBpK23jzfdVWO8SAY=
diff --git a/security/nss/cmd/bltest/tests/ecdsa/key11 b/security/nss/cmd/bltest/tests/ecdsa/key11 deleted file mode 100644 index 6111d52ad..000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/key11 +++ /dev/null @@ -1,3 +0,0 @@ -AAAABwYFK4EEABsAAAA9BAD2/x9HSYYVEQ9AU4MivlIKPypJjsm0sTrp8BftlQGv
-KaYrKpZCg/CEw3C2kqvke7HAu+10hafK9asRxQAAAB4AXyFCurtsXhahkyJpkb5J
-LUg3xVL00vviR0KyFZY=
diff --git a/security/nss/cmd/bltest/tests/ecdsa/key12 b/security/nss/cmd/bltest/tests/ecdsa/key12 deleted file mode 100644 index 491fdba1b..000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/key12 +++ /dev/null @@ -1,3 +0,0 @@ -AAAACgYIKoZIzj0DAQcAAABBBNGB7n4kH15tKA/SMpetaQVqg6WxIuuUuMQT2tDX
-NN5jKZfaxD47NsTjTr3x3D5t1qRBYuL6VtdgIuxBIHGG9dcAAAAgaGjyZBL+LN3a
-7NkGiHJBfqh7XKNH0AnPF3vFWpostIQ=
diff --git a/security/nss/cmd/bltest/tests/ecdsa/key13 b/security/nss/cmd/bltest/tests/ecdsa/key13 deleted file mode 100644 index fc8057a57..000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/key13 +++ /dev/null @@ -1,3 +0,0 @@ -AAAABwYFK4EEABAAAABJBAT3klWkt7+1Pr6QGEcvEIZplopwt1alrsJUThDOxvUF
-7KvBpQLVjB+DQTwYQnEREb/WFyRgUBuIbII0+zd/g0fLHE4PQ8SNlAAAACQFPsMX
-mqSVRreUVasUOIZQFB2jnpwCUyoq+xa9SRril5LeOCY=
diff --git a/security/nss/cmd/bltest/tests/ecdsa/key14 b/security/nss/cmd/bltest/tests/ecdsa/key14 deleted file mode 100644 index 2e158236c..000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/key14 +++ /dev/null @@ -1,3 +0,0 @@ -AAAABwYFK4EEABEAAABJBAf/ei/XCrFrMZLBp5BFkKZ3Odn+ZJu7QIAK32Ubuxmi
-xgWTewf2vv+KY5kHwsBYuBXmmnKe9Ak9zGP4Lykvgk5n5J6iUz5ycQAAACQAQHXa
-d29OqGxoDNCl9xETW3tAL/2hfZzstNuOPLm5kj4j1Dc=
diff --git a/security/nss/cmd/bltest/tests/ecdsa/key15 b/security/nss/cmd/bltest/tests/ecdsa/key15 deleted file mode 100644 index a062f1f67..000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/key15 +++ /dev/null @@ -1,4 +0,0 @@ -AAAABwYFK4EEACIAAABhBLWMJG3t4khPYcsl3H492rAqukJ1RqJm27pqpN54rFGG
-r2VDwOfqb9tMninq8IyOh42eaaVOEPXXu4Q/ATWBEfrbTRBjTpzAE2SSPuQma0lM
-q0RSVECCgdBOKIhB0H6VxAAAADA3WPjUaMWCS9E5KbVDrEcf5CV5tCNNWJQkwjsA
-yALMCiXJqRVXwbq42WMuaELMW+g=
diff --git a/security/nss/cmd/bltest/tests/ecdsa/key16 b/security/nss/cmd/bltest/tests/ecdsa/key16 deleted file mode 100644 index d2694ae41..000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/key16 +++ /dev/null @@ -1,4 +0,0 @@ -AAAABwYFK4EEACQAAABpBADkgknFgTPuirxQxFlqIK+vcARWzlpJR+qmyRyQsBiz
-Nh6Ws036xUKY9M8LxMIWXFNM6aIA2wxKsBF+HHD6oy27EAJSJOGbke/9F9Kv5AiW
-2RXA4mllUaxCNsuQ36PqUdqv4FeXxWTpAAAANAHTZloqhR0V4bfyaeo2hojcvY3T
-NO04ewNryBpsHZ0bhID0EfewYuwQmX00GYNfuV3mJ2w=
diff --git a/security/nss/cmd/bltest/tests/ecdsa/key17 b/security/nss/cmd/bltest/tests/ecdsa/key17 deleted file mode 100644 index 30be05774..000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/key17 +++ /dev/null @@ -1,4 +0,0 @@ -AAAABwYFK4EEACUAAABpBAAEE/bAmqCjO3FLvN93Q/UjDyDp2sj+F//buuf1hZ0K
-1rSOGXMLcBrqVa8R6UJ57F9/Yc0BCTylpJMXjfCr4eDczG4WOQk+5x8kpKQs5Q9U
-V3IolHDiQY/Nhn7o4UFn5/mF71T3qUqwAAAANAH/o7jEl9Bw+Arj9uQ7ZHkoPGgx
-t92UJg1r/lxa7UUd66iJfRI8n8yQH/sw56D1+CweeII=
diff --git a/security/nss/cmd/bltest/tests/ecdsa/key18 b/security/nss/cmd/bltest/tests/ecdsa/key18 deleted file mode 100644 index bbdcb1371..000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/key18 +++ /dev/null @@ -1,5 +0,0 @@ -AAAABwYFK4EEACYAAACRBAffZTrfwIl0dciO2fui3UhZw6r+jnFh7gyER92gXL7+
-LzPgTHagd1vdQiIX4K8Dv76KN0BldiFuX5odP7qC26MUaiURDdWT0AWcPmumSSBH
-NXZYLLx5hQjW3BTNwV7v5bmUjezfgtuOCC30dQGs2GMgExAmiWRjTkiPrHg1SFKF
-3RklauOyMWauaVpEzh3c+wAAAEgAZvLs4/Rx7tS+QGH92fGGIxPWPbVYOpDKwabY
-poV2i1BD5Fxvw+eHlvxVOLmRPqRCPTfOLwAeNbHyt17U/BVZ8+svTChlzuA=
diff --git a/security/nss/cmd/bltest/tests/ecdsa/key19 b/security/nss/cmd/bltest/tests/ecdsa/key19 deleted file mode 100644 index 31b4071f2..000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/key19 +++ /dev/null @@ -1,5 +0,0 @@ -AAAABwYFK4EEACcAAACRBASpPvOfQVqiMD+cBL/nulFit5pk/5beJ6/KpeIltg4s
-6/s7PPggJA59BP7RJwak6rgY3PsRqXVPjyM/1UkUfRUR2BJgOfNTkQe9WF7Y5zXy
-TM76cWhOP+sLSoUcscy/HTLCpHqRLLvWZPDzgjrfJqSlydMEDZjWsJRVPk9IfeQ/
-amGiWOhJIQd/bSrAazZn6AAAAEgFz1qZzjHuhuP1boJ7gzndJhQslx1efbESxHSc
-wbOpeBpw2MsCAwjtgo3Y8pviFIC8+5MStkFjE8uHQ0ngXc02wm3G0xj8XGQ=
diff --git a/security/nss/cmd/bltest/tests/ecdsa/key2 b/security/nss/cmd/bltest/tests/ecdsa/key2 deleted file mode 100644 index f4ba6f2f2..000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/key2 +++ /dev/null @@ -1,2 +0,0 @@ -AAAABwYFK4EEAB4AAAApBGouC+vgvmItzsLO4hXn+AXi3skEE+M19o/QHLfjibbA
-p7av8F4tcGgAAAAUmpQDUgnIkiXPBs0moD4jEmJHato=
diff --git a/security/nss/cmd/bltest/tests/ecdsa/key20 b/security/nss/cmd/bltest/tests/ecdsa/key20 deleted file mode 100644 index c4da3486d..000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/key20 +++ /dev/null @@ -1,5 +0,0 @@ -AAAABwYFK4EEACMAAACFBAHLMSpMFVyG6mXE7SZ5O5Bwv4d8/QiAB3BzpXkyrU1W
-jJ9O9uOYTXM+cFtF5v56+LsI4yGkaAl9+RF6lFPjrhpIswCmBmEqMBgZpjoz38my
-nLHBI9MaFF8AHkRQwD3LJLo4eSZHOVkdIvDYLwicdlgr0zD3Nf76/HB1+0DkBGqE
-MyG22gAAAEIAFah7z179UbqqdH68pzdZsP1ChXjtYZ11rBM0+HP7yLirxH3ahKTt
-DjsY19GEjz4gKsaLfLiQ1/Dp+VKVLcBKpk0=
diff --git a/security/nss/cmd/bltest/tests/ecdsa/key3 b/security/nss/cmd/bltest/tests/ecdsa/key3 deleted file mode 100644 index 689e06bda..000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/key3 +++ /dev/null @@ -1,2 +0,0 @@ -AAAABwYFK4EEAAEAAAArBAe4qW9DTVGRVIYYznwJZbn8mWXLugA2A+Mv112Bu+y7
-gxI8E4/fEdLTsQAAABUGEQDNcbxi0JhwALA8FCCxvmWYM3E=
diff --git a/security/nss/cmd/bltest/tests/ecdsa/key4 b/security/nss/cmd/bltest/tests/ecdsa/key4 deleted file mode 100644 index 90ecb72c6..000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/key4 +++ /dev/null @@ -1,2 +0,0 @@ -AAAABwYFK4EEAAIAAAArBAXw45Pc59l1QWmAB1W6M30lyFzQmAH/0FIFKYgEOYIa
-dnEXMwKNwaRdsQAAABUCErj052f+Rth5OxAm376LOAQyvBY=
diff --git a/security/nss/cmd/bltest/tests/ecdsa/key5 b/security/nss/cmd/bltest/tests/ecdsa/key5 deleted file mode 100644 index b9d221f8e..000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/key5 +++ /dev/null @@ -1,2 +0,0 @@ -AAAABwYFK4EEAA8AAAArBAFhm71N2wsUOYCwDNr/6rFvNX1okAbki1SNlHq2TQDO
-Bktd1M0jlApWVQAAABUCILsraWg3Qi5nBsXQ1pGmZk0YuSA=
diff --git a/security/nss/cmd/bltest/tests/ecdsa/key6 b/security/nss/cmd/bltest/tests/ecdsa/key6 deleted file mode 100644 index 92fb463dc..000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/key6 +++ /dev/null @@ -1,2 +0,0 @@ -AAAABwYFK4EEAB8AAAAxBHOYACoc9XsLk5n8NZZKV2U9CDoMj/VRDvqbf+myloR7
-uBfVNm+uVN33Sa65phAfXQAAABitxs6KZtkqU4tglcdQ1Rmk2U74vjYP0JM=
diff --git a/security/nss/cmd/bltest/tests/ecdsa/key7 b/security/nss/cmd/bltest/tests/ecdsa/key7 deleted file mode 100644 index 83fced184..000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/key7 +++ /dev/null @@ -1,2 +0,0 @@ -AAAACgYIKoZIzj0DAQEAAAAxBOyOI+rIs3x+jsChxQqSVblnoZGqhIM1WX0FMfw+
-D8Dz6Y25iPcAQFpIAWh29FxnrgAAABh+uEQYXwMB783sULxE6PEd1t/MNZ9HSHI=
diff --git a/security/nss/cmd/bltest/tests/ecdsa/key8 b/security/nss/cmd/bltest/tests/ecdsa/key8 deleted file mode 100644 index cc7c6103b..000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/key8 +++ /dev/null @@ -1,3 +0,0 @@ -AAAABwYFK4EEACAAAAA5BKQnZoj4VtlPqrJ5dekM4haG+7PjfgO4wNNIqD7JnrKI
-gTUd+oUQ41d517xCObyBaHNzdVPty9DvAAAAHIrG9+FE+OJV5UV2l/op7PCDPI4G
-qkpgzPIwe7U=
diff --git a/security/nss/cmd/bltest/tests/ecdsa/key9 b/security/nss/cmd/bltest/tests/ecdsa/key9 deleted file mode 100644 index ab8f43bae..000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/key9 +++ /dev/null @@ -1,3 +0,0 @@ -AAAABwYFK4EEACEAAAA5BGCNDWldzQCbI83PMR96tqR6JnIUpvfIO8l6hIf/QfMc
-rx2BbrSLoy6EJmP++Jyw5yNyaoVaNYl6AAAAHDnjgcUSIshTSLuejnSsvtvU363b
-1NJv4ULUbIs=
diff --git a/security/nss/cmd/bltest/tests/ecdsa/numtests b/security/nss/cmd/bltest/tests/ecdsa/numtests deleted file mode 100644 index aabe6ec39..000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/numtests +++ /dev/null @@ -1 +0,0 @@ -21 diff --git a/security/nss/cmd/bltest/tests/ecdsa/plaintext0 b/security/nss/cmd/bltest/tests/ecdsa/plaintext0 deleted file mode 100644 index 48fbdb6fd..000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/plaintext0 +++ /dev/null @@ -1 +0,0 @@ -qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
diff --git a/security/nss/cmd/bltest/tests/ecdsa/plaintext1 b/security/nss/cmd/bltest/tests/ecdsa/plaintext1 deleted file mode 100644 index 48fbdb6fd..000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/plaintext1 +++ /dev/null @@ -1 +0,0 @@ -qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
diff --git a/security/nss/cmd/bltest/tests/ecdsa/plaintext10 b/security/nss/cmd/bltest/tests/ecdsa/plaintext10 deleted file mode 100644 index 48fbdb6fd..000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/plaintext10 +++ /dev/null @@ -1 +0,0 @@ -qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
diff --git a/security/nss/cmd/bltest/tests/ecdsa/plaintext11 b/security/nss/cmd/bltest/tests/ecdsa/plaintext11 deleted file mode 100644 index 48fbdb6fd..000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/plaintext11 +++ /dev/null @@ -1 +0,0 @@ -qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
diff --git a/security/nss/cmd/bltest/tests/ecdsa/plaintext12 b/security/nss/cmd/bltest/tests/ecdsa/plaintext12 deleted file mode 100644 index 48fbdb6fd..000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/plaintext12 +++ /dev/null @@ -1 +0,0 @@ -qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
diff --git a/security/nss/cmd/bltest/tests/ecdsa/plaintext13 b/security/nss/cmd/bltest/tests/ecdsa/plaintext13 deleted file mode 100644 index 48fbdb6fd..000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/plaintext13 +++ /dev/null @@ -1 +0,0 @@ -qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
diff --git a/security/nss/cmd/bltest/tests/ecdsa/plaintext14 b/security/nss/cmd/bltest/tests/ecdsa/plaintext14 deleted file mode 100644 index 48fbdb6fd..000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/plaintext14 +++ /dev/null @@ -1 +0,0 @@ -qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
diff --git a/security/nss/cmd/bltest/tests/ecdsa/plaintext15 b/security/nss/cmd/bltest/tests/ecdsa/plaintext15 deleted file mode 100644 index 48fbdb6fd..000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/plaintext15 +++ /dev/null @@ -1 +0,0 @@ -qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
diff --git a/security/nss/cmd/bltest/tests/ecdsa/plaintext16 b/security/nss/cmd/bltest/tests/ecdsa/plaintext16 deleted file mode 100644 index 48fbdb6fd..000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/plaintext16 +++ /dev/null @@ -1 +0,0 @@ -qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
diff --git a/security/nss/cmd/bltest/tests/ecdsa/plaintext17 b/security/nss/cmd/bltest/tests/ecdsa/plaintext17 deleted file mode 100644 index 48fbdb6fd..000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/plaintext17 +++ /dev/null @@ -1 +0,0 @@ -qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
diff --git a/security/nss/cmd/bltest/tests/ecdsa/plaintext18 b/security/nss/cmd/bltest/tests/ecdsa/plaintext18 deleted file mode 100644 index 48fbdb6fd..000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/plaintext18 +++ /dev/null @@ -1 +0,0 @@ -qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
diff --git a/security/nss/cmd/bltest/tests/ecdsa/plaintext19 b/security/nss/cmd/bltest/tests/ecdsa/plaintext19 deleted file mode 100644 index 48fbdb6fd..000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/plaintext19 +++ /dev/null @@ -1 +0,0 @@ -qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
diff --git a/security/nss/cmd/bltest/tests/ecdsa/plaintext2 b/security/nss/cmd/bltest/tests/ecdsa/plaintext2 deleted file mode 100644 index 48fbdb6fd..000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/plaintext2 +++ /dev/null @@ -1 +0,0 @@ -qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
diff --git a/security/nss/cmd/bltest/tests/ecdsa/plaintext20 b/security/nss/cmd/bltest/tests/ecdsa/plaintext20 deleted file mode 100644 index 48fbdb6fd..000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/plaintext20 +++ /dev/null @@ -1 +0,0 @@ -qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
diff --git a/security/nss/cmd/bltest/tests/ecdsa/plaintext3 b/security/nss/cmd/bltest/tests/ecdsa/plaintext3 deleted file mode 100644 index 48fbdb6fd..000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/plaintext3 +++ /dev/null @@ -1 +0,0 @@ -qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
diff --git a/security/nss/cmd/bltest/tests/ecdsa/plaintext4 b/security/nss/cmd/bltest/tests/ecdsa/plaintext4 deleted file mode 100644 index 48fbdb6fd..000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/plaintext4 +++ /dev/null @@ -1 +0,0 @@ -qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
diff --git a/security/nss/cmd/bltest/tests/ecdsa/plaintext5 b/security/nss/cmd/bltest/tests/ecdsa/plaintext5 deleted file mode 100644 index 48fbdb6fd..000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/plaintext5 +++ /dev/null @@ -1 +0,0 @@ -qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
diff --git a/security/nss/cmd/bltest/tests/ecdsa/plaintext6 b/security/nss/cmd/bltest/tests/ecdsa/plaintext6 deleted file mode 100644 index 48fbdb6fd..000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/plaintext6 +++ /dev/null @@ -1 +0,0 @@ -qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
diff --git a/security/nss/cmd/bltest/tests/ecdsa/plaintext7 b/security/nss/cmd/bltest/tests/ecdsa/plaintext7 deleted file mode 100644 index 48fbdb6fd..000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/plaintext7 +++ /dev/null @@ -1 +0,0 @@ -qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
diff --git a/security/nss/cmd/bltest/tests/ecdsa/plaintext8 b/security/nss/cmd/bltest/tests/ecdsa/plaintext8 deleted file mode 100644 index 48fbdb6fd..000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/plaintext8 +++ /dev/null @@ -1 +0,0 @@ -qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
diff --git a/security/nss/cmd/bltest/tests/ecdsa/plaintext9 b/security/nss/cmd/bltest/tests/ecdsa/plaintext9 deleted file mode 100644 index 48fbdb6fd..000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/plaintext9 +++ /dev/null @@ -1 +0,0 @@ -qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
diff --git a/security/nss/cmd/bltest/tests/ecdsa/sigseed0 b/security/nss/cmd/bltest/tests/ecdsa/sigseed0 deleted file mode 100644 index 05d7fd2d6..000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/sigseed0 +++ /dev/null @@ -1 +0,0 @@ -aHpm2QZI+ZOGfhIfTd+d2wEgVYQ=
diff --git a/security/nss/cmd/bltest/tests/ecdsa/sigseed1 b/security/nss/cmd/bltest/tests/ecdsa/sigseed1 deleted file mode 100644 index 05d7fd2d6..000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/sigseed1 +++ /dev/null @@ -1 +0,0 @@ -aHpm2QZI+ZOGfhIfTd+d2wEgVYQ=
diff --git a/security/nss/cmd/bltest/tests/ecdsa/sigseed10 b/security/nss/cmd/bltest/tests/ecdsa/sigseed10 deleted file mode 100644 index 6983e5f7d..000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/sigseed10 +++ /dev/null @@ -1 +0,0 @@ -fjIzMWJpdHNPZlRleHQwMTAyMDMwNDA1MDYwNzA=
diff --git a/security/nss/cmd/bltest/tests/ecdsa/sigseed11 b/security/nss/cmd/bltest/tests/ecdsa/sigseed11 deleted file mode 100644 index 6983e5f7d..000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/sigseed11 +++ /dev/null @@ -1 +0,0 @@ -fjIzMWJpdHNPZlRleHQwMTAyMDMwNDA1MDYwNzA=
diff --git a/security/nss/cmd/bltest/tests/ecdsa/sigseed12 b/security/nss/cmd/bltest/tests/ecdsa/sigseed12 deleted file mode 100644 index 92aa40c82..000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/sigseed12 +++ /dev/null @@ -1 +0,0 @@ -/jI1NmJpdHNPZlRleHQwMTAyMDMwNDA1MDYwNzA4MDk=
diff --git a/security/nss/cmd/bltest/tests/ecdsa/sigseed13 b/security/nss/cmd/bltest/tests/ecdsa/sigseed13 deleted file mode 100644 index 4ac076584..000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/sigseed13 +++ /dev/null @@ -1 +0,0 @@ -ATI4MWJpdHNPZlRleHQwMTAyMDMwNDA1MDYwNzA4MDkwYTBi
diff --git a/security/nss/cmd/bltest/tests/ecdsa/sigseed14 b/security/nss/cmd/bltest/tests/ecdsa/sigseed14 deleted file mode 100644 index 4ac076584..000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/sigseed14 +++ /dev/null @@ -1 +0,0 @@ -ATI4MWJpdHNPZlRleHQwMTAyMDMwNDA1MDYwNzA4MDkwYTBi
diff --git a/security/nss/cmd/bltest/tests/ecdsa/sigseed15 b/security/nss/cmd/bltest/tests/ecdsa/sigseed15 deleted file mode 100644 index 097523032..000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/sigseed15 +++ /dev/null @@ -1 +0,0 @@ -/jM4NGJpdHNPZlRleHQwMTAyMDMwNDA1MDYwNzA4MDkwYTBiMGMwZDBlMGYxMDEx
diff --git a/security/nss/cmd/bltest/tests/ecdsa/sigseed16 b/security/nss/cmd/bltest/tests/ecdsa/sigseed16 deleted file mode 100644 index 36fbf0951..000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/sigseed16 +++ /dev/null @@ -1 +0,0 @@ -fjQwN2JpdHNPZlRleHQwMTAyMDMwNDA1MDYwNzA4MDkwYTBiMGMwZDBlMGYxMDExMTIx
diff --git a/security/nss/cmd/bltest/tests/ecdsa/sigseed17 b/security/nss/cmd/bltest/tests/ecdsa/sigseed17 deleted file mode 100644 index 36fbf0951..000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/sigseed17 +++ /dev/null @@ -1 +0,0 @@ -fjQwN2JpdHNPZlRleHQwMTAyMDMwNDA1MDYwNzA4MDkwYTBiMGMwZDBlMGYxMDExMTIx
diff --git a/security/nss/cmd/bltest/tests/ecdsa/sigseed18 b/security/nss/cmd/bltest/tests/ecdsa/sigseed18 deleted file mode 100644 index 7be8ce6dd..000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/sigseed18 +++ /dev/null @@ -1,2 +0,0 @@ -PjU2NmJpdHNPZlRleHQwMDAxMDIwMzA0MDUwNjA3MDgwOTBhMGIwYzBkMGUwZjEwMTExMjEz
-MTQxNTE2MTcxODE5MWExYjE=
diff --git a/security/nss/cmd/bltest/tests/ecdsa/sigseed19 b/security/nss/cmd/bltest/tests/ecdsa/sigseed19 deleted file mode 100644 index 7be8ce6dd..000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/sigseed19 +++ /dev/null @@ -1,2 +0,0 @@ -PjU2NmJpdHNPZlRleHQwMDAxMDIwMzA0MDUwNjA3MDgwOTBhMGIwYzBkMGUwZjEwMTExMjEz
-MTQxNTE2MTcxODE5MWExYjE=
diff --git a/security/nss/cmd/bltest/tests/ecdsa/sigseed2 b/security/nss/cmd/bltest/tests/ecdsa/sigseed2 deleted file mode 100644 index 05d7fd2d6..000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/sigseed2 +++ /dev/null @@ -1 +0,0 @@ -aHpm2QZI+ZOGfhIfTd+d2wEgVYQ=
diff --git a/security/nss/cmd/bltest/tests/ecdsa/sigseed20 b/security/nss/cmd/bltest/tests/ecdsa/sigseed20 deleted file mode 100644 index f0dddb66c..000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/sigseed20 +++ /dev/null @@ -1,2 +0,0 @@ -/jUyMGJpdHNPZlRleHQwMDAxMDIwMzA0MDUwNjA3MDgwOTBhMGIwYzBkMGUwZjEwMTExMjEz
-MTQxNTE2MTcxODE=
diff --git a/security/nss/cmd/bltest/tests/ecdsa/sigseed3 b/security/nss/cmd/bltest/tests/ecdsa/sigseed3 deleted file mode 100644 index 05d7fd2d6..000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/sigseed3 +++ /dev/null @@ -1 +0,0 @@ -aHpm2QZI+ZOGfhIfTd+d2wEgVYQ=
diff --git a/security/nss/cmd/bltest/tests/ecdsa/sigseed4 b/security/nss/cmd/bltest/tests/ecdsa/sigseed4 deleted file mode 100644 index 05d7fd2d6..000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/sigseed4 +++ /dev/null @@ -1 +0,0 @@ -aHpm2QZI+ZOGfhIfTd+d2wEgVYQ=
diff --git a/security/nss/cmd/bltest/tests/ecdsa/sigseed5 b/security/nss/cmd/bltest/tests/ecdsa/sigseed5 deleted file mode 100644 index 05d7fd2d6..000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/sigseed5 +++ /dev/null @@ -1 +0,0 @@ -aHpm2QZI+ZOGfhIfTd+d2wEgVYQ=
diff --git a/security/nss/cmd/bltest/tests/ecdsa/sigseed6 b/security/nss/cmd/bltest/tests/ecdsa/sigseed6 deleted file mode 100644 index a0687196c..000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/sigseed6 +++ /dev/null @@ -1 +0,0 @@ -/jE5MmJpdHNPZlRleHQwMDAwMDAwMDAw
diff --git a/security/nss/cmd/bltest/tests/ecdsa/sigseed7 b/security/nss/cmd/bltest/tests/ecdsa/sigseed7 deleted file mode 100644 index a0687196c..000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/sigseed7 +++ /dev/null @@ -1 +0,0 @@ -/jE5MmJpdHNPZlRleHQwMDAwMDAwMDAw
diff --git a/security/nss/cmd/bltest/tests/ecdsa/sigseed8 b/security/nss/cmd/bltest/tests/ecdsa/sigseed8 deleted file mode 100644 index 01ae26574..000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/sigseed8 +++ /dev/null @@ -1 +0,0 @@ -/jIyNGJpdHNPZlRleHQwMDAwMDAwMDAwMDAwMA==
diff --git a/security/nss/cmd/bltest/tests/ecdsa/sigseed9 b/security/nss/cmd/bltest/tests/ecdsa/sigseed9 deleted file mode 100644 index 01ae26574..000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/sigseed9 +++ /dev/null @@ -1 +0,0 @@ -/jIyNGJpdHNPZlRleHQwMDAwMDAwMDAwMDAwMA==
diff --git a/security/nss/cmd/bltest/tests/md2/ciphertext0 b/security/nss/cmd/bltest/tests/md2/ciphertext0 deleted file mode 100644 index 22e1fc496..000000000 --- a/security/nss/cmd/bltest/tests/md2/ciphertext0 +++ /dev/null @@ -1 +0,0 @@ -CS/UNcrWhB5Knt7Gf8Tz3Q== diff --git a/security/nss/cmd/bltest/tests/md2/numtests b/security/nss/cmd/bltest/tests/md2/numtests deleted file mode 100644 index d00491fd7..000000000 --- a/security/nss/cmd/bltest/tests/md2/numtests +++ /dev/null @@ -1 +0,0 @@ -1 diff --git a/security/nss/cmd/bltest/tests/md2/plaintext0 b/security/nss/cmd/bltest/tests/md2/plaintext0 deleted file mode 100644 index dce2994ba..000000000 --- a/security/nss/cmd/bltest/tests/md2/plaintext0 +++ /dev/null @@ -1 +0,0 @@ -16-bytes to MD2. diff --git a/security/nss/cmd/bltest/tests/md5/ciphertext0 b/security/nss/cmd/bltest/tests/md5/ciphertext0 deleted file mode 100644 index ea11ee523..000000000 --- a/security/nss/cmd/bltest/tests/md5/ciphertext0 +++ /dev/null @@ -1 +0,0 @@ -XN8lnQuWAiMqmSGfvd8Hdw== diff --git a/security/nss/cmd/bltest/tests/md5/numtests b/security/nss/cmd/bltest/tests/md5/numtests deleted file mode 100644 index d00491fd7..000000000 --- a/security/nss/cmd/bltest/tests/md5/numtests +++ /dev/null @@ -1 +0,0 @@ -1 diff --git a/security/nss/cmd/bltest/tests/md5/plaintext0 b/security/nss/cmd/bltest/tests/md5/plaintext0 deleted file mode 100644 index 5ae3875e2..000000000 --- a/security/nss/cmd/bltest/tests/md5/plaintext0 +++ /dev/null @@ -1 +0,0 @@ -63-byte input to MD5 can be a bit tricky, but no problems here. diff --git a/security/nss/cmd/bltest/tests/rc2_cbc/ciphertext0 b/security/nss/cmd/bltest/tests/rc2_cbc/ciphertext0 deleted file mode 100644 index d964ef864..000000000 --- a/security/nss/cmd/bltest/tests/rc2_cbc/ciphertext0 +++ /dev/null @@ -1 +0,0 @@ -3ki6eVsWpY8= diff --git a/security/nss/cmd/bltest/tests/rc2_cbc/iv0 b/security/nss/cmd/bltest/tests/rc2_cbc/iv0 deleted file mode 100644 index 97b5955f7..000000000 --- a/security/nss/cmd/bltest/tests/rc2_cbc/iv0 +++ /dev/null @@ -1 +0,0 @@ -12345678 diff --git a/security/nss/cmd/bltest/tests/rc2_cbc/key0 b/security/nss/cmd/bltest/tests/rc2_cbc/key0 deleted file mode 100644 index 65513c116..000000000 --- a/security/nss/cmd/bltest/tests/rc2_cbc/key0 +++ /dev/null @@ -1 +0,0 @@ -zyxwvuts diff --git a/security/nss/cmd/bltest/tests/rc2_cbc/numtests b/security/nss/cmd/bltest/tests/rc2_cbc/numtests deleted file mode 100644 index d00491fd7..000000000 --- a/security/nss/cmd/bltest/tests/rc2_cbc/numtests +++ /dev/null @@ -1 +0,0 @@ -1 diff --git a/security/nss/cmd/bltest/tests/rc2_cbc/plaintext0 b/security/nss/cmd/bltest/tests/rc2_cbc/plaintext0 deleted file mode 100644 index 5513e438c..000000000 --- a/security/nss/cmd/bltest/tests/rc2_cbc/plaintext0 +++ /dev/null @@ -1 +0,0 @@ -Mozilla! diff --git a/security/nss/cmd/bltest/tests/rc2_ecb/ciphertext0 b/security/nss/cmd/bltest/tests/rc2_ecb/ciphertext0 deleted file mode 100644 index 337d30765..000000000 --- a/security/nss/cmd/bltest/tests/rc2_ecb/ciphertext0 +++ /dev/null @@ -1 +0,0 @@ -WT+tc4fANhQ= diff --git a/security/nss/cmd/bltest/tests/rc2_ecb/key0 b/security/nss/cmd/bltest/tests/rc2_ecb/key0 deleted file mode 100644 index 65513c116..000000000 --- a/security/nss/cmd/bltest/tests/rc2_ecb/key0 +++ /dev/null @@ -1 +0,0 @@ -zyxwvuts diff --git a/security/nss/cmd/bltest/tests/rc2_ecb/numtests b/security/nss/cmd/bltest/tests/rc2_ecb/numtests deleted file mode 100644 index d00491fd7..000000000 --- a/security/nss/cmd/bltest/tests/rc2_ecb/numtests +++ /dev/null @@ -1 +0,0 @@ -1 diff --git a/security/nss/cmd/bltest/tests/rc2_ecb/plaintext0 b/security/nss/cmd/bltest/tests/rc2_ecb/plaintext0 deleted file mode 100644 index 5513e438c..000000000 --- a/security/nss/cmd/bltest/tests/rc2_ecb/plaintext0 +++ /dev/null @@ -1 +0,0 @@ -Mozilla! diff --git a/security/nss/cmd/bltest/tests/rc4/ciphertext0 b/security/nss/cmd/bltest/tests/rc4/ciphertext0 deleted file mode 100644 index 004f13472..000000000 --- a/security/nss/cmd/bltest/tests/rc4/ciphertext0 +++ /dev/null @@ -1 +0,0 @@ -34sTZJtr20k= diff --git a/security/nss/cmd/bltest/tests/rc4/ciphertext1 b/security/nss/cmd/bltest/tests/rc4/ciphertext1 deleted file mode 100644 index 6050da4c6..000000000 --- a/security/nss/cmd/bltest/tests/rc4/ciphertext1 +++ /dev/null @@ -1 +0,0 @@ -34sTZJtr20nGP6VxS3BIBxxIYm6QGIa1rehFHn51z9M= diff --git a/security/nss/cmd/bltest/tests/rc4/key0 b/security/nss/cmd/bltest/tests/rc4/key0 deleted file mode 100644 index 65513c116..000000000 --- a/security/nss/cmd/bltest/tests/rc4/key0 +++ /dev/null @@ -1 +0,0 @@ -zyxwvuts diff --git a/security/nss/cmd/bltest/tests/rc4/key1 b/security/nss/cmd/bltest/tests/rc4/key1 deleted file mode 100644 index 65513c116..000000000 --- a/security/nss/cmd/bltest/tests/rc4/key1 +++ /dev/null @@ -1 +0,0 @@ -zyxwvuts diff --git a/security/nss/cmd/bltest/tests/rc4/numtests b/security/nss/cmd/bltest/tests/rc4/numtests deleted file mode 100644 index 0cfbf0888..000000000 --- a/security/nss/cmd/bltest/tests/rc4/numtests +++ /dev/null @@ -1 +0,0 @@ -2 diff --git a/security/nss/cmd/bltest/tests/rc4/plaintext0 b/security/nss/cmd/bltest/tests/rc4/plaintext0 deleted file mode 100644 index 5513e438c..000000000 --- a/security/nss/cmd/bltest/tests/rc4/plaintext0 +++ /dev/null @@ -1 +0,0 @@ -Mozilla! diff --git a/security/nss/cmd/bltest/tests/rc4/plaintext1 b/security/nss/cmd/bltest/tests/rc4/plaintext1 deleted file mode 100644 index d41abc7b8..000000000 --- a/security/nss/cmd/bltest/tests/rc4/plaintext1 +++ /dev/null @@ -1 +0,0 @@ -Mozilla!Mozilla!Mozilla!Mozilla! diff --git a/security/nss/cmd/bltest/tests/rc5_cbc/ciphertext0 b/security/nss/cmd/bltest/tests/rc5_cbc/ciphertext0 deleted file mode 100644 index 544713b33..000000000 --- a/security/nss/cmd/bltest/tests/rc5_cbc/ciphertext0 +++ /dev/null @@ -1 +0,0 @@ -qsv4Fn2J6d0= diff --git a/security/nss/cmd/bltest/tests/rc5_cbc/iv0 b/security/nss/cmd/bltest/tests/rc5_cbc/iv0 deleted file mode 100644 index 97b5955f7..000000000 --- a/security/nss/cmd/bltest/tests/rc5_cbc/iv0 +++ /dev/null @@ -1 +0,0 @@ -12345678 diff --git a/security/nss/cmd/bltest/tests/rc5_cbc/key0 b/security/nss/cmd/bltest/tests/rc5_cbc/key0 deleted file mode 100644 index 65513c116..000000000 --- a/security/nss/cmd/bltest/tests/rc5_cbc/key0 +++ /dev/null @@ -1 +0,0 @@ -zyxwvuts diff --git a/security/nss/cmd/bltest/tests/rc5_cbc/numtests b/security/nss/cmd/bltest/tests/rc5_cbc/numtests deleted file mode 100644 index d00491fd7..000000000 --- a/security/nss/cmd/bltest/tests/rc5_cbc/numtests +++ /dev/null @@ -1 +0,0 @@ -1 diff --git a/security/nss/cmd/bltest/tests/rc5_cbc/params0 b/security/nss/cmd/bltest/tests/rc5_cbc/params0 deleted file mode 100644 index d68e0362d..000000000 --- a/security/nss/cmd/bltest/tests/rc5_cbc/params0 +++ /dev/null @@ -1,2 +0,0 @@ -rounds=10 -wordsize=4 diff --git a/security/nss/cmd/bltest/tests/rc5_cbc/plaintext0 b/security/nss/cmd/bltest/tests/rc5_cbc/plaintext0 deleted file mode 100644 index 5513e438c..000000000 --- a/security/nss/cmd/bltest/tests/rc5_cbc/plaintext0 +++ /dev/null @@ -1 +0,0 @@ -Mozilla! diff --git a/security/nss/cmd/bltest/tests/rc5_ecb/ciphertext0 b/security/nss/cmd/bltest/tests/rc5_ecb/ciphertext0 deleted file mode 100644 index 133777dd0..000000000 --- a/security/nss/cmd/bltest/tests/rc5_ecb/ciphertext0 +++ /dev/null @@ -1 +0,0 @@ -4ZKK/1v5Ohc= diff --git a/security/nss/cmd/bltest/tests/rc5_ecb/key0 b/security/nss/cmd/bltest/tests/rc5_ecb/key0 deleted file mode 100644 index 65513c116..000000000 --- a/security/nss/cmd/bltest/tests/rc5_ecb/key0 +++ /dev/null @@ -1 +0,0 @@ -zyxwvuts diff --git a/security/nss/cmd/bltest/tests/rc5_ecb/numtests b/security/nss/cmd/bltest/tests/rc5_ecb/numtests deleted file mode 100644 index d00491fd7..000000000 --- a/security/nss/cmd/bltest/tests/rc5_ecb/numtests +++ /dev/null @@ -1 +0,0 @@ -1 diff --git a/security/nss/cmd/bltest/tests/rc5_ecb/params0 b/security/nss/cmd/bltest/tests/rc5_ecb/params0 deleted file mode 100644 index d68e0362d..000000000 --- a/security/nss/cmd/bltest/tests/rc5_ecb/params0 +++ /dev/null @@ -1,2 +0,0 @@ -rounds=10 -wordsize=4 diff --git a/security/nss/cmd/bltest/tests/rc5_ecb/plaintext0 b/security/nss/cmd/bltest/tests/rc5_ecb/plaintext0 deleted file mode 100644 index 5513e438c..000000000 --- a/security/nss/cmd/bltest/tests/rc5_ecb/plaintext0 +++ /dev/null @@ -1 +0,0 @@ -Mozilla! diff --git a/security/nss/cmd/bltest/tests/rsa/ciphertext0 b/security/nss/cmd/bltest/tests/rsa/ciphertext0 deleted file mode 100644 index 943ea599a..000000000 --- a/security/nss/cmd/bltest/tests/rsa/ciphertext0 +++ /dev/null @@ -1 +0,0 @@ -qPVrXv0y3SC5rY44bIi6GE4Aec8uDpHH7/cCg0FU5as= diff --git a/security/nss/cmd/bltest/tests/rsa/key0 b/security/nss/cmd/bltest/tests/rsa/key0 deleted file mode 100644 index 1352fe986..000000000 --- a/security/nss/cmd/bltest/tests/rsa/key0 +++ /dev/null @@ -1,4 +0,0 @@ -AAAAAAAAACC5lyu2K2ro8YGnvOCKaL1sFX1HEIblIVbuMXsa8oeFSwAAAAERAAAA
-IBXVjKwFG6LvPG4WOIjBBzmxGNpkQwDs3W5qZcXVzqahAAAAEOEOH/WnhZCJyM39
-oNfhf18AAAAQ0xvmxqXXs3L62xxogUl9lQAAABAaeiHgqkvy4wiQtG1Gkv/tAAAA
-EMaw2TNu6SFdKFXAYluQdjEAAAAQi0u+IlgKCt/hatGAsTrfzQ==
diff --git a/security/nss/cmd/bltest/tests/rsa/numtests b/security/nss/cmd/bltest/tests/rsa/numtests deleted file mode 100644 index d00491fd7..000000000 --- a/security/nss/cmd/bltest/tests/rsa/numtests +++ /dev/null @@ -1 +0,0 @@ -1 diff --git a/security/nss/cmd/bltest/tests/rsa/plaintext0 b/security/nss/cmd/bltest/tests/rsa/plaintext0 deleted file mode 100644 index d915bc88c..000000000 --- a/security/nss/cmd/bltest/tests/rsa/plaintext0 +++ /dev/null @@ -1 +0,0 @@ -512bitsforRSAPublicKeyEncryption diff --git a/security/nss/cmd/bltest/tests/sha1/ciphertext0 b/security/nss/cmd/bltest/tests/sha1/ciphertext0 deleted file mode 100644 index 1fe4bd2bd..000000000 --- a/security/nss/cmd/bltest/tests/sha1/ciphertext0 +++ /dev/null @@ -1 +0,0 @@ -cDSMAygXMPIJZC5bntZ4ZhecQ9g= diff --git a/security/nss/cmd/bltest/tests/sha1/numtests b/security/nss/cmd/bltest/tests/sha1/numtests deleted file mode 100644 index d00491fd7..000000000 --- a/security/nss/cmd/bltest/tests/sha1/numtests +++ /dev/null @@ -1 +0,0 @@ -1 diff --git a/security/nss/cmd/bltest/tests/sha1/plaintext0 b/security/nss/cmd/bltest/tests/sha1/plaintext0 deleted file mode 100644 index 863e79c65..000000000 --- a/security/nss/cmd/bltest/tests/sha1/plaintext0 +++ /dev/null @@ -1 +0,0 @@ -A cage went in search of a bird. diff --git a/security/nss/cmd/bltest/tests/sha256/ciphertext0 b/security/nss/cmd/bltest/tests/sha256/ciphertext0 deleted file mode 100644 index 07e2ff14f..000000000 --- a/security/nss/cmd/bltest/tests/sha256/ciphertext0 +++ /dev/null @@ -1 +0,0 @@ -ungWv48Bz+pBQUDeXa4iI7ADYaOWF3qctBD/YfIAFa0= diff --git a/security/nss/cmd/bltest/tests/sha256/ciphertext1 b/security/nss/cmd/bltest/tests/sha256/ciphertext1 deleted file mode 100644 index 2ab6e1da5..000000000 --- a/security/nss/cmd/bltest/tests/sha256/ciphertext1 +++ /dev/null @@ -1 +0,0 @@ -JI1qYdIGOLjlwCaTDD5gOaM85Flk/yFn9uzt1BnbBsE= diff --git a/security/nss/cmd/bltest/tests/sha256/numtests b/security/nss/cmd/bltest/tests/sha256/numtests deleted file mode 100644 index 0cfbf0888..000000000 --- a/security/nss/cmd/bltest/tests/sha256/numtests +++ /dev/null @@ -1 +0,0 @@ -2 diff --git a/security/nss/cmd/bltest/tests/sha256/plaintext0 b/security/nss/cmd/bltest/tests/sha256/plaintext0 deleted file mode 100644 index 8baef1b4a..000000000 --- a/security/nss/cmd/bltest/tests/sha256/plaintext0 +++ /dev/null @@ -1 +0,0 @@ -abc diff --git a/security/nss/cmd/bltest/tests/sha256/plaintext1 b/security/nss/cmd/bltest/tests/sha256/plaintext1 deleted file mode 100644 index afb5dce5d..000000000 --- a/security/nss/cmd/bltest/tests/sha256/plaintext1 +++ /dev/null @@ -1 +0,0 @@ -abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq diff --git a/security/nss/cmd/bltest/tests/sha384/ciphertext0 b/security/nss/cmd/bltest/tests/sha384/ciphertext0 deleted file mode 100644 index c94f91e22..000000000 --- a/security/nss/cmd/bltest/tests/sha384/ciphertext0 +++ /dev/null @@ -1 +0,0 @@ -ywB1P0WjXou1oD1pmsZQBycsMqsO3tFjGotgWkP/W+2AhgcroefMI1i67KE0yCWn diff --git a/security/nss/cmd/bltest/tests/sha384/ciphertext1 b/security/nss/cmd/bltest/tests/sha384/ciphertext1 deleted file mode 100644 index 833f06d84..000000000 --- a/security/nss/cmd/bltest/tests/sha384/ciphertext1 +++ /dev/null @@ -1 +0,0 @@ -CTMMM/cRR+g9GS/Hgs0bR1MRGxc7OwXSL6CAhuOw9xL8x8caVX4tuWbD6fqRdGA5 diff --git a/security/nss/cmd/bltest/tests/sha384/numtests b/security/nss/cmd/bltest/tests/sha384/numtests deleted file mode 100644 index 0cfbf0888..000000000 --- a/security/nss/cmd/bltest/tests/sha384/numtests +++ /dev/null @@ -1 +0,0 @@ -2 diff --git a/security/nss/cmd/bltest/tests/sha384/plaintext0 b/security/nss/cmd/bltest/tests/sha384/plaintext0 deleted file mode 100644 index 8baef1b4a..000000000 --- a/security/nss/cmd/bltest/tests/sha384/plaintext0 +++ /dev/null @@ -1 +0,0 @@ -abc diff --git a/security/nss/cmd/bltest/tests/sha384/plaintext1 b/security/nss/cmd/bltest/tests/sha384/plaintext1 deleted file mode 100644 index 94fcc2b29..000000000 --- a/security/nss/cmd/bltest/tests/sha384/plaintext1 +++ /dev/null @@ -1 +0,0 @@ -abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu diff --git a/security/nss/cmd/bltest/tests/sha512/ciphertext0 b/security/nss/cmd/bltest/tests/sha512/ciphertext0 deleted file mode 100644 index 8b626e237..000000000 --- a/security/nss/cmd/bltest/tests/sha512/ciphertext0 +++ /dev/null @@ -1,2 +0,0 @@ -3a81oZNherrMQXNJriBBMRLm+k6JqX6iCp7u5ktV05ohkpkqJ0/BqDa6PCOj/uu9 -RU1EI2Q86A4qmslPpUyknw== diff --git a/security/nss/cmd/bltest/tests/sha512/ciphertext1 b/security/nss/cmd/bltest/tests/sha512/ciphertext1 deleted file mode 100644 index c02d1752d..000000000 --- a/security/nss/cmd/bltest/tests/sha512/ciphertext1 +++ /dev/null @@ -1,2 +0,0 @@ -jpWbddrjE9qM9PcoFPwUP493ecbrn3+hcpmurbaIkBhQHSieSQD35DMbmd7EtUM6 -x9Mp7rbdJlReluVbh0vpCQ== diff --git a/security/nss/cmd/bltest/tests/sha512/numtests b/security/nss/cmd/bltest/tests/sha512/numtests deleted file mode 100644 index 0cfbf0888..000000000 --- a/security/nss/cmd/bltest/tests/sha512/numtests +++ /dev/null @@ -1 +0,0 @@ -2 diff --git a/security/nss/cmd/bltest/tests/sha512/plaintext0 b/security/nss/cmd/bltest/tests/sha512/plaintext0 deleted file mode 100644 index 8baef1b4a..000000000 --- a/security/nss/cmd/bltest/tests/sha512/plaintext0 +++ /dev/null @@ -1 +0,0 @@ -abc diff --git a/security/nss/cmd/bltest/tests/sha512/plaintext1 b/security/nss/cmd/bltest/tests/sha512/plaintext1 deleted file mode 100644 index 94fcc2b29..000000000 --- a/security/nss/cmd/bltest/tests/sha512/plaintext1 +++ /dev/null @@ -1 +0,0 @@ -abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu diff --git a/security/nss/cmd/btoa/Makefile b/security/nss/cmd/btoa/Makefile deleted file mode 100644 index 763faa253..000000000 --- a/security/nss/cmd/btoa/Makefile +++ /dev/null @@ -1,75 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - -include ../platlibs.mk - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - - -include ../platrules.mk - diff --git a/security/nss/cmd/btoa/btoa.c b/security/nss/cmd/btoa/btoa.c deleted file mode 100644 index a9de321bb..000000000 --- a/security/nss/cmd/btoa/btoa.c +++ /dev/null @@ -1,210 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -#include "plgetopt.h" -#include "secutil.h" -#include "nssb64.h" -#include <errno.h> - -#if defined(XP_WIN) || (defined(__sun) && !defined(SVR4)) -#if !defined(WIN32) -extern int fread(char *, size_t, size_t, FILE*); -extern int fwrite(char *, size_t, size_t, FILE*); -extern int fprintf(FILE *, char *, ...); -#endif -#endif - -#if defined(WIN32) -#include "fcntl.h" -#include "io.h" -#endif - -static PRInt32 -output_ascii (void *arg, const char *obuf, PRInt32 size) -{ - FILE *outFile = arg; - int nb; - - nb = fwrite(obuf, 1, size, outFile); - if (nb != size) { - PORT_SetError(SEC_ERROR_IO); - return -1; - } - - return nb; -} - -static SECStatus -encode_file(FILE *outFile, FILE *inFile) -{ - NSSBase64Encoder *cx; - int nb; - SECStatus status = SECFailure; - unsigned char ibuf[4096]; - - cx = NSSBase64Encoder_Create(output_ascii, outFile); - if (!cx) { - return -1; - } - - for (;;) { - if (feof(inFile)) break; - nb = fread(ibuf, 1, sizeof(ibuf), inFile); - if (nb != sizeof(ibuf)) { - if (nb == 0) { - if (ferror(inFile)) { - PORT_SetError(SEC_ERROR_IO); - goto loser; - } - /* eof */ - break; - } - } - - status = NSSBase64Encoder_Update(cx, ibuf, nb); - if (status != SECSuccess) goto loser; - } - - status = NSSBase64Encoder_Destroy(cx, PR_FALSE); - if (status != SECSuccess) - return status; - - /* - * Add a trailing CRLF. Note this must be done *after* the call - * to Destroy above (because only then are we sure all data has - * been written out). - */ - fwrite("\r\n", 1, 2, outFile); - return SECSuccess; - - loser: - (void) NSSBase64Encoder_Destroy(cx, PR_TRUE); - return status; -} - -static void Usage(char *progName) -{ - fprintf(stderr, - "Usage: %s [-i input] [-o output]\n", - progName); - fprintf(stderr, "%-20s Define an input file to use (default is stdin)\n", - "-i input"); - fprintf(stderr, "%-20s Define an output file to use (default is stdout)\n", - "-o output"); - exit(-1); -} - -int main(int argc, char **argv) -{ - char *progName; - SECStatus rv; - FILE *inFile, *outFile; - PLOptState *optstate; - PLOptStatus status; - - inFile = 0; - outFile = 0; - progName = strrchr(argv[0], '/'); - if (!progName) - progName = strrchr(argv[0], '\\'); - progName = progName ? progName+1 : argv[0]; - - /* Parse command line arguments */ - optstate = PL_CreateOptState(argc, argv, "i:o:"); - while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) { - switch (optstate->option) { - default: - Usage(progName); - break; - - case 'i': - inFile = fopen(optstate->value, "rb"); - if (!inFile) { - fprintf(stderr, "%s: unable to open \"%s\" for reading\n", - progName, optstate->value); - return -1; - } - break; - - case 'o': - outFile = fopen(optstate->value, "wb"); - if (!outFile) { - fprintf(stderr, "%s: unable to open \"%s\" for writing\n", - progName, optstate->value); - return -1; - } - break; - } - } - if (status == PL_OPT_BAD) - Usage(progName); - if (!inFile) { -#if defined(WIN32) - /* If we're going to read binary data from stdin, we must put stdin - ** into O_BINARY mode or else incoming \r\n's will become \n's. - */ - - int smrv = _setmode(_fileno(stdin), _O_BINARY); - if (smrv == -1) { - fprintf(stderr, - "%s: Cannot change stdin to binary mode. Use -i option instead.\n", - progName); - return smrv; - } -#endif - inFile = stdin; - } - if (!outFile) { -#if defined(WIN32) - /* We're going to write binary data to stdout. We must put stdout - ** into O_BINARY mode or else outgoing \r\n's will become \r\r\n's. - */ - - int smrv = _setmode(_fileno(stdout), _O_BINARY); - if (smrv == -1) { - fprintf(stderr, - "%s: Cannot change stdout to binary mode. Use -o option instead.\n", - progName); - return smrv; - } -#endif - outFile = stdout; - } - rv = encode_file(outFile, inFile); - if (rv != SECSuccess) { - fprintf(stderr, "%s: lossage: error=%d errno=%d\n", - progName, PORT_GetError(), errno); - return -1; - } - return 0; -} diff --git a/security/nss/cmd/btoa/makefile.win b/security/nss/cmd/btoa/makefile.win deleted file mode 100644 index 28d3ee873..000000000 --- a/security/nss/cmd/btoa/makefile.win +++ /dev/null @@ -1,130 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -VERBOSE = 1 -include <manifest.mn> - -#cannot define PROGRAM in manifest compatibly with NT and UNIX -PROGRAM = btoa -PROGRAM = ./$(OBJDIR)/$(PROGRAM).exe -include <$(DEPTH)\config\config.mak> - -# let manifest generate C_OBJS, it will prepend ./$(OBJDIR)/ -# rules.mak will append C_OBJS onto OBJS. -# OBJS = $(CSRCS:.c=.obj) - -# include files are looked for in $LINCS and $INCS. -# $LINCS is in manifest.mnw, computed from REQUIRES= -INCS = $(INCS) \ - -I$(DEPTH)/security/lib/cert \ - -I../include \ - $(NULL) - -IGNORE_ME = \ - -I$(DEPTH)/security/lib/key \ - -I$(DEPTH)/security/lib/util \ - $(NULL) - - -WINFE = $(DEPTH)/cmd/winfe/mkfiles$(MOZ_BITS)/x86Dbg - -# these files are the content of libdbm -DBM_LIB = \ - $(WINFE)/DB.obj \ - $(WINFE)/HASH.obj \ - $(WINFE)/H_BIGKEY.obj \ - $(WINFE)/H_PAGE.obj \ - $(WINFE)/H_LOG2.obj \ - $(WINFE)/H_FUNC.obj \ - $(WINFE)/HASH_BUF.obj \ - $(NULL) - -MOZ_LIBS = \ - $(WINFE)/ALLXPSTR.obj \ - $(WINFE)/XP_ERROR.obj \ - $(WINFE)/XPASSERT.obj \ - $(WINFE)/XP_REG.obj \ - $(WINFE)/XP_TRACE.obj \ - $(DBM_LIB) \ - $(WINFE)/XP_STR.obj \ - $(WINFE)/MKTEMP.obj \ - $(NULL) - -SEC_LIBS = \ - $(DIST)/lib/cert$(MOZ_BITS).lib \ - $(DIST)/lib/crypto$(MOZ_BITS).lib \ - $(DIST)/lib/hash$(MOZ_BITS).lib \ - $(DIST)/lib/key$(MOZ_BITS).lib \ - $(DIST)/lib/pkcs7$(MOZ_BITS).lib \ - $(DIST)/lib/secmod$(MOZ_BITS).lib \ - $(DIST)/lib/secutl$(MOZ_BITS).lib \ - $(DIST)/lib/ssl$(MOZ_BITS).lib \ - $(NULL) - -LLFLAGS = $(LLFLAGS) \ - ../lib/$(OBJDIR)/sectool$(MOZ_BITS).lib \ - $(SEC_LIBS) \ - $(MOZ_LIBS) \ - $(DEPTH)/nspr/src/$(OBJDIR)/getopt.obj \ - $(LIBNSPR) \ - $(NULL) - - -include <$(DEPTH)\config\rules.mak> - -INSTALL = $(MAKE_INSTALL) - -objs: $(OBJS) - -$(PROGRAM):: - $(INSTALL) $(DIST)/bin/pr3240.dll ./$(OBJDIR) - -programs: $(PROGRAM) - -install:: $(TARGETS) - $(INSTALL) $(TARGETS) $(DIST)/bin - - -symbols: - @echo "CSRCS = $(CSRCS)" - @echo "INCS = $(INCS)" - @echo "OBJS = $(OBJS)" - @echo "LIBRARY = $(LIBRARY)" - @echo "PROGRAM = $(PROGRAM)" - @echo "TARGETS = $(TARGETS)" - @echo "DIST = $(DIST)" - @echo "VERSION_NUMBER = $(VERSION_NUMBER)" - @echo "WINFE = $(WINFE)" - @echo "DBM_LIB = $(DBM_LIB)" - @echo "INSTALL = $(INSTALL)" - diff --git a/security/nss/cmd/btoa/manifest.mn b/security/nss/cmd/btoa/manifest.mn deleted file mode 100644 index b82b26a5c..000000000 --- a/security/nss/cmd/btoa/manifest.mn +++ /dev/null @@ -1,49 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -CORE_DEPTH = ../../.. - -# MODULE public and private header directories are implicitly REQUIRED. -MODULE = nss - -# This next line is used by .mk files -# and gets translated into $LINCS in manifest.mnw -# MODULE is implicitly REQUIRED, doesn't need to be listed below. -REQUIRES = seccmd dbm - -DEFINES = -DNSPR20 - -CSRCS = btoa.c - -PROGRAM = btoa - diff --git a/security/nss/cmd/certcgi/HOWTO.txt b/security/nss/cmd/certcgi/HOWTO.txt deleted file mode 100644 index f02ad32fd..000000000 --- a/security/nss/cmd/certcgi/HOWTO.txt +++ /dev/null @@ -1,168 +0,0 @@ - How to setup your very own Cert-O-Matic Root CA server - -***** BEGIN LICENSE BLOCK ***** -Version: MPL 1.1/GPL 2.0/LGPL 2.1 - -The contents of this file are subject to the Mozilla Public License Version -1.1 (the "License"); you may not use this file except in compliance with -the License. You may obtain a copy of the License at -http://www.mozilla.org/MPL/ - -Software distributed under the License is distributed on an "AS IS" basis, -WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -for the specific language governing rights and limitations under the -License. - -The Original Code is Netscape security libraries. - -The Initial Developer of the Original Code is Netscape Communications -Corporation. Portions created by the Initial Developer are -Copyright (C) 2001 the Initial Developer. All Rights Reserved. - -Contributor(s): - -Alternatively, the contents of this file may be used under the terms of -either the GNU General Public License Version 2 or later (the "GPL"), or -the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -in which case the provisions of the GPL or the LGPL are applicable instead -of those above. If you wish to allow use of your version of this file only -under the terms of either the GPL or the LGPL, and not to allow others to -use your version of this file under the terms of the MPL, indicate your -decision by deleting the provisions above and replace them with the notice -and other provisions required by the GPL or the LGPL. If you do not delete -the provisions above, a recipient may use your version of this file under -the terms of any one of the MPL, the GPL or the LGPL. - -***** END LICENSE BLOCK ***** - - How to setup your very own Cert-O-Matic Root CA server - -The program certcgi is part of a small test CA that is used inside -Netscape by the NSS development team. That CA is affectionately known -as "Cert-O-Matic" or "Cert-O-Matic II". It presently runs on a server -named interzone.mcom.com inside Netscape's firewall. - -If you wish to setup your own Cert-O-Matic, here are directions. - -Disclaimer: This program does not follow good practices for root CAs. -It should be used only for playing/testing and never for production use. -Remember, you've been warned! - -Cert-O-Matic consists of some html files, shell scripts, one executable -program that uses NSS and NSPR, the usual set of NSS .db files, and a file -in which to remember the serial number of the last cert issued. The -html files and the source to the executable program are in this directory. -Sample shell scripts are shown below. - -The shell scripts and executable program run as CGI "scripts". The -entire thing runs on an ordinary http web server. It would also run on -an https web server. The shell scripts and html files must be -customized for the server on which they run. - -The package assumes you have a "document root" directory $DOCROOT, and a -"cgi-bin" directory $CGIBIN. In this example, the document root is -assumed to be located in /var/www/htdocs, and the cgi-bin directory in -/var/www/cgi-bin. - -The server is assumed to run all cgi scripts as the user "nobody". -The names of the cgi scripts run directly by the server all end in .cgi -because some servers like it that way. - -Instructions: - -- Create directory $DOCROOT/certomatic -- Copy the following files from nss/cmd/certcgi to $DOCROOT/certomatic - ca.html index.html main.html nscp_ext_form.html stnd_ext_form.html -- Edit the html files, substituting the name of your own server for the - server named in those files. -- In some web page (e.g. your server's home page), provide an html link to - $DOCROOT/certomatic/index.html. This is where users start to get their - own certs from certomatic. -- give these files and directories appropriate permissions. - -- Create directories $CGIBIN/certomatic and $CGIBIN/certomatic/bin - make sure that $CGIBIN/certomatic is writable by "nobody" - -- Create a new set of NSS db files there with the following command: - - certutil -N -d $CGIBIN/certomatic - -- when certutil prompts you for the password, enter the word foo - because that is compiled into the certcgi program. - -- Create the new Root CA cert with this command - - certutil -S -x -d $CGIBIN/certomatic -n "Cert-O-Matic II" \ - -s "CN=Cert-O-Matic II, O=Cert-O-Matic II" -t TCu,cu,cu -k rsa \ - -g 1024 -m 10001 -v 60 - - (adjust the -g, -m and -v parameters to taste. -s and -x must be as -shown.) - -- dump out the new root CA cert in base64 encoding: - - certutil -d $CGIBIN/certomatic -L -n "Cert-O-Matic II" -a > \ - $CGIBIN/certomatic/root.cacert - -- In $CGIBIN/certomatic/bin add two shell scripts - one to download the - root CA cert on demand, and one to run the certcgi program. - -download.cgi, the script to install the root CA cert into a browser on -demand, is this: - -#!/bin/sh -echo "Content-type: application/x-x509-ca-cert" -echo -cat $CGIBIN/certomatic/root.cacert - -You'll have to put the real path into that cat command because CGIBIN -won't be defined when this script is run by the server. - -certcgi.cgi, the script to run the certcgi program is similar to this: - -#!/bin/sh -cd $CGIBIN/certomatic/bin -LD_LIBRARY_PATH=$PLATFORM/lib -export LD_LIBRARY_PATH -$PLATFORM/bin/certcgi $* 2>&1 - -Where $PLATFORM/lib is where the NSPR nad NSS DSOs are located, and -$PLATFORM/bin is where certcgi is located. PLATFORM is not defined when -the server runs this script, so you'll have to substitute the right value -in your script. certcgi requires that the working directory be one level -below the NSS DBs, that is, the DBs are accessed in the directory "..". - -You'll want to provide an html link somewhere to the script that downloads -the root.cacert file. You'll probably want to put that next to the link -that loads the index.html page. On interzone, this is done with the -following html: - -<a href="/certomatic/index.html">Cert-O-Matic II Root CA server</a> -<p> -<a href="/cgi-bin/certomatic/bin/download.cgi">Download and trust Root CA -certificate</a> - -The index.html file in this directory invokes the certcgi.cgi script with -the form post method, so if you change the name of the certcgi.cgi script, -you'll also have to change the index.html file in $DOCROOT/certomatic - -The 4 files used by the certcgi program (the 3 NSS DBs, and the serial -number file) are not required to live in $CGIBIN/certomatic, but they are -required to live in $CWD/.. when certcgi starts. - -Known bugs: - -1. Because multiple of these CAs exist simultaneously, it would be best if -they didn't all have to be called "Cert-O-Matic II", but that string is -presently hard coded into certcgi.c. - -2. the html files in this directory contain numerous extraneous <FORM> tags -which appear to use the post method and have action URLS that are never -actually used. burp.cgi and echoform.cgi are never actually used. This -should be cleaned up. - -3. The html files use <layer> tags which are supported only in Netscape -Navigator and Netscape Communication 4.x browsers. The html files do -not work as intended with Netscape 6.x, Mozilla or Microsoft IE browsers. -The html files should be fixed to work with all those named browsers. - diff --git a/security/nss/cmd/certcgi/Makefile b/security/nss/cmd/certcgi/Makefile deleted file mode 100644 index 573c12cac..000000000 --- a/security/nss/cmd/certcgi/Makefile +++ /dev/null @@ -1,76 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - -include ../platlibs.mk - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - - - -include ../platrules.mk - diff --git a/security/nss/cmd/certcgi/ca.html b/security/nss/cmd/certcgi/ca.html deleted file mode 100644 index b9ffd8238..000000000 --- a/security/nss/cmd/certcgi/ca.html +++ /dev/null @@ -1,48 +0,0 @@ -<!-- - - The contents of this file are subject to the Mozilla Public - - License Version 1.1 (the "License"); you may not use this file - - except in compliance with the License. You may obtain a copy of - - the License at http://www.mozilla.org/MPL/ - - - - Software distributed under the License is distributed on an "AS - - IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - - implied. See the License for the specific language governing - - rights and limitations under the License. - - - - The Original Code is the Netscape security libraries. - - - - The Initial Developer of the Original Code is Netscape - - Communications Corporation. Portions created by Netscape are - - Copyright (C) 1994-2000 Netscape Communications Corporation. All - - Rights Reserved. - - - - Contributor(s): - - - - Alternatively, the contents of this file may be used under the - - terms of the GNU General Public License Version 2 or later (the - - "GPL"), in which case the provisions of the GPL are applicable - - instead of those above. If you wish to allow use of your - - version of this file only under the terms of the GPL and not to - - allow others to use your version of this file under the MPL, - - indicate your decision by deleting the provisions above and - - replace them with the notice and other provisions required by - - the GPL. If you do not delete the provisions above, a recipient - - may use your version of this file under either the MPL or the - - GPL. - --> - -<form method="post" name="ca_form" action="mailto:jerdonek@netscape.com"> -<input type="radio" name="caChoiceradio" value="SignWithDefaultkey" - onClick="{parent.choice_change(this.form)}"> - Use the Cert-O-matic certificate to issue the cert</p> -<input type="radio" name="caChoiceradio" value="SignWithRandomChain" - onClick="{parent.choice_change(this.form)}"> Use a - <input type="text" size="2" maxsize="2" name="autoCAs"> CA long - automatically generated chain ending with the Cert-O-Matic Cert - (18 maximum)</p> -<input type="radio" name="caChoiceradio" value="SignWithSpecifiedChain" - onClick="{parent.choice_change(this.form)}"> Use a - <input type="text" size="1" maxlength="1" name="manCAs" - onChange="{parent.ca_num_change(this.value,this.form)}"> CA long - user input chain ending in the Cert-O-Matic Cert.</p> -</form> diff --git a/security/nss/cmd/certcgi/ca_form.html b/security/nss/cmd/certcgi/ca_form.html deleted file mode 100644 index 43042cb64..000000000 --- a/security/nss/cmd/certcgi/ca_form.html +++ /dev/null @@ -1,385 +0,0 @@ -<html> -<!-- - - The contents of this file are subject to the Mozilla Public - - License Version 1.1 (the "License"); you may not use this file - - except in compliance with the License. You may obtain a copy of - - the License at http://www.mozilla.org/MPL/ - - - - Software distributed under the License is distributed on an "AS - - IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - - implied. See the License for the specific language governing - - rights and limitations under the License. - - - - The Original Code is the Netscape security libraries. - - - - The Initial Developer of the Original Code is Netscape - - Communications Corporation. Portions created by Netscape are - - Copyright (C) 1994-2000 Netscape Communications Corporation. All - - Rights Reserved. - - - - Contributor(s): - - - - Alternatively, the contents of this file may be used under the - - terms of the GNU General Public License Version 2 or later (the - - "GPL"), in which case the provisions of the GPL are applicable - - instead of those above. If you wish to allow use of your - - version of this file only under the terms of the GPL and not to - - allow others to use your version of this file under the MPL, - - indicate your decision by deleting the provisions above and - - replace them with the notice and other provisions required by - - the GPL. If you do not delete the provisions above, a recipient - - may use your version of this file under either the MPL or the - - GPL. - --> - <form method="post" name="primary_form" action="http://interzone.mcom.com/burp.cgi"> - <table border=0 cellspacing=10 cellpadding=0> - <tr> - <td> - Common Name:</td><td> <input type="text" name="name" onChange="{window.top.reset_subject('CN=', value, form)}"></p> - </td> - <td></td><td></td><td> - Mail: </td><td><input type="text" name="email" onChange="var temp;{if (email_type[0].checked) {temp = 'MAIL='} else {temp = 'E='}} ;{window.top.reset_subject(temp, value, form)}"></p> - RFC 1274<input type="radio" name="email_type" value="1" onClick="window.top.switch_mail(form)"> - e-mail<input type="radio" name="email_type" value="2" checked onClick="window.top.switch_mail(form)"></td> - <tr> - <td> - Organization: </td><td> <input type="text" name="org" onChange="{window.top.reset_subject('O=', value, form)}"></p></td> - <td></td><td></td><td> - Organizational Unit: </td><td><input type="text" name="org_unit" onChange="{window.top.reset_subject('OU=', value, form)}"></p></td> - <tr> - <td> - RFC 1274 UID: </td><td><input type="text" name="uid" onChange="{window.top.reset_subject('UID=', value, form)}"></p></td> - <td></td><td></td><td> - Locality: </td><td><input type="text" name="loc" onChange="{window.top.reset_subject('L=', value, form)}"></p></td> - <tr> - <td> - State or Province: </td><td><input type="text" name="state" onChange="{window.top.reset_subject('ST=', value, form)}"></p></td> - <td></td><td></td><td> - Country: </td><td><input type="text" size="2" maxsize="2" name="country" onChange="{window.top.reset_subject('C=', value, form)}"></p></td> - </table> - <table border=0 cellspacing=10 cellpadding=0> - <tr> - <td> - Serial Number:</p> - <DD> - <input type="radio" name="serial" value="auto" checked> Auto Generate</P> - <DD> - <input type="radio" name="serial" value="input"> - Use this value: <input type="text" name="serial_value" size="8" maxlength="8"></p> - </td> - <td></td><td></td><td></td><td></td> - <td> - X.509 version:</p> - <DD> - <input type="radio" name="ver" value="1" checked> Version 1</p> - <DD> - <input type="radio" name="ver" value="3"> Version 3</P></td> - <td></td><td></td><td></td><td></td><td></td><td></td><td></td><td></td><td></td> - <td> - Key Type:</p> - <DD> - <input type="radio" name="keyType" value="rsa" checked> RSA</p> - <DD> - <input type="radio" name="keyType" value="dsa"> DSA</P></td> - </table> - DN: <input type="text" name="subject" size="70" onChange="{window.top.reset_subjectFields(form)}"></P> - <Select name="keysize"> - <option>1024 (High Grade) - <option>768 (Medium Grade) - <option>512 (Low Grade) - </select> - </p> - <hr> - </p> - <table border=1 cellspacing=5 cellpadding=5> - <tr> - <td> - <b>Netscape Certificate Type: </b></p> - Activate extension: <input type="checkbox" name="netscape-cert-type"></P> - Critical: <input type="checkbox" name="netscape-cert-type-crit"> - <td> - <input type="checkbox" name="netscape-cert-type-ssl-client"> SSL Client</P> - <input type="checkbox" name="netscape-cert-type-ssl-server"> SSL Server</P> - <input type="checkbox" name="netscape-cert-type-smime"> S/MIME</P> - <input type="checkbox" name="netscape-cert-type-object-signing"> Object Signing</P> - <input type="checkbox" name="netscape-cert-type-reserved"> Reserved for future use (bit 4)</P> - <input type="checkbox" name="netscape-cert-type-ssl-ca"> SSL CA</P> - <input type="checkbox" name="netscape-cert-type-smime-ca"> S/MIME CA</P> - <input type="checkbox" name="netscape-cert-type-object-signing-ca"> Object Signing CA</P> - </tr> - <tr> - <td> - <b>Netscape Base URL:</b></p> - Activate extension: <input type="checkbox" name="netscape-base-url"></P> - Critical: <input type="checkbox" name="netscape-base-url-crit"> - <td> - <input type="text" name="netscape-base-url-text" size="50"> - </tr> - <tr> - <td> - <b>Netscape Revocation URL:</b></p> - Activate extension: <input type="checkbox" name="netscape-revocation-url"></P> - Critical: <input type="checkbox" name="netscape-revocation-url-crit"> - <td> - <input type="text" name="netscape-revocation-url-text" size="50"> - </tr> - <tr> - <td> - <b>Netscape CA Revocation URL:</b></p> - Activate extension: <input type="checkbox" name="netscape-ca-revocation-url"></P> - Critical: <input type="checkbox" name="netscape-ca-revocation-url-crit"> - <td> - <input type="text" name="netscape-ca-revocation-url-text" size="50"> - </tr> - <tr> - <td> - <b>Netscape Certificate Renewal URL:</b></p> - Activate extension: <input type="checkbox" name="netscape-cert-renewal-url"></P> - Critical: <input type="checkbox" name="netscape-cert-renewal-url-crit"> - <td> - <input type="text" name="netscape-cert-renewal-url-text" size="50"> - </tr> - <tr> - <td> - <b>Netscape CA Policy URL:</b></p> - Activate extension: <input type="checkbox" name="netscape-ca-policy-url"></P> - Critical: <input type="checkbox" name="netscape-ca-policy-url-crit"> - <td> - <input type="text" name="netscape-ca-policy-url-text" size="50"> - </tr> - <tr> - <td> - <b>Netscape SSL Server Name:</b></p> - Activate extension: <input type="checkbox" name="netscape-ssl-server-name"></P> - Critical: <input type="checkbox" name="netscape-ssl-server-name-crit"> - <td> - <input type="text" name="netscape-ssl-server-name-text" size="50"> - </tr> - <tr> - <td> - <b>Netscape Comment:</b></p> - Activate extension: <input type="checkbox" name="netscape-comment"></P> - Critical: <input type="checkbox" name="netscape-comment-crit"> - <td> - <textarea name="netscape-comment-text" rows="5" cols="50"></textarea> - </tr> - </table> - </p> - <hr> - </p> - <table border=1 cellspacing=5 cellpadding=5> - <form method="post" name="primary_form" action="http://interzone.mcom.com/burp.cgi"> - <tr> - <td> - <b>Key Usage: </b></p> - Activate extension: <input type="checkbox" name="keyUsage"></P> - Critical: <input type="checkbox" name="keyUsage-crit"> - <td> - <input type="checkbox" name="keyUsage-digitalSignature"> Digital Signature</P> - <input type="checkbox" name="keyUsage-nonRepudiation"> Non Repudiation</P> - <input type="checkbox" name="keyUsage-keyEncipherment"> Key Encipherment</P> - <input type="checkbox" name="keyUsage-dataEncipherment"> Data Encipherment</P> - <input type="checkbox" name="keyUsage-keyAgreement"> Key Agreement</P> - <input type="checkbox" name="keyUsage-keyCertSign"> Key Certificate Signing</P> - <input type="checkbox" name="keyUsage-cRLSign"> CRL Signing</P> - </tr> - <tr> - <td> - <b>Extended Key Usage: </b></p> - Activate extension: <input type="checkbox" name="extKeyUsage"></P> - Critical: <input type="checkbox" name="extKeyUsage-crit"> - <td> - <input type="checkbox" name="extKeyUsage-serverAuth"> Server Auth</P> - <input type="checkbox" name="extKeyUsage-clientAuth"> Client Auth</P> - <input type="checkbox" name="extKeyUsage-codeSign"> Code Signing</P> - <input type="checkbox" name="extKeyUsage-emailProtect"> Email Protection</P> - <input type="checkbox" name="extKeyUsage-timeStamp"> Timestamp</P> - <input type="checkbox" name="extKeyUsage-ocspResponder"> OCSP Responder</P> - <input type="checkbox" name="extKeyUsage-NS-govtApproved"> Step-up</P> - </tr> - <tr> - <td> - <b>Basic Constraints:</b></p> - Activate extension: <input type="checkbox" name="basicConstraints"></P> - Critical: <input type="checkbox" name="basicConstraints-crit"> - <td> - CA:</p> - <dd><input type=radio name="basicConstraints-cA-radio" value="CA"> True</p> - <dd><input type=radio name="basicConstraints-cA-radio" value="NotCA"> False</p> - <input type="checkbox" name="basicConstraints-pathLengthConstraint"> - Include Path length: <input type="text" name="basicConstraints-pathLengthConstraint-text" size="2"></p> - </tr> - <tr> - <td> - <b>Authority Key Identifier:</b></p> - Activate extension: <input type="checkbox" name="authorityKeyIdentifier"> - <td> - <input type="radio" name="authorityKeyIdentifier-radio" value="keyIdentifier"> Key Identider</p> - <input type="radio" name="authorityKeyIdentifier-radio" value="authorityCertIssuer"> Issuer Name and Serial number</p> - </tr> - <tr> - <td> - <b>Subject Key Identifier:</b></p> - Activate extension: <input type="checkbox" name="subjectKeyIdentifier"> - <td> - Key Identifier: - <input type="text" name="subjectKeyIdentifier-text"></p> - This is an:<p> - <dd><dd><input type="radio" name="subjectKeyIdentifier-radio" value="ascii"> ascii text value<p> - <dd><dd><input type="radio" name="subjectKeyIdentifier-radio" value="hex"> hex value<p> - </tr> - <tr> - <td> - <b>Private Key Usage Period:</b></p> - Activate extension: <input type="checkbox" name="privKeyUsagePeriod"></p> - Critical: <input type="checkbox" name="privKeyUsagePeriod-crit"> - <td> - Use:</p> - <dd><input type="radio" name="privKeyUsagePeriod-radio" value="notBefore"> Not Before</p> - <dd><input type="radio" name="privKeyUsagePeriod-radio" value="notAfter"> Not After</p> - <dd><input type="radio" name="privKeyUsagePeriod-radio" value="both" > Both</p> - <b>Not to be used to sign before:</b></p> - <dd><input type="radio" name="privKeyUsagePeriod-notBefore-radio" value="auto"> Set to time of certificate issue</p> - <dd><input type="radio" name="privKeyUsagePeriod-notBefore-radio" value="manual"> Use This value</p> - <dd><dd>(YYYY/MM/DD HH:MM:SS): - <input type="text" name="privKeyUsagePeriod-notBefore-year" size="4" maxlength="4">/ - <input type="text" name="privKeyUsagePeriod-notBefore-month" size="2" maxlength="2">/ - <input type="text" name="privKeyUsagePeriod-notBefore-day" size="2" maxlength="2"> - <input type="text" name="privKeyUsagePeriod-notBefore-hour" size="2" maxlength="2">: - <input type="text" name="privKeyUsagePeriod-notBefore-minute" size="2" maxlength="2">: - <input type="text" name="privKeyUsagePeriod-notBefore-second" size="2" maxlength="2"></p> - <b>Not to be used to sign after:</b></p> - <dd>(YYYY/MM/DD HH:MM:SS): - <input type="text" name="privKeyUsagePeriod-notAfter-year" size="4" maxlength="4">/ - <input type="text" name="privKeyUsagePeriod-notAfter-month" size="2" maxlength="2">/ - <input type="text" name="privKeyUsagePeriod-notAfter-day" size="2" maxlength="2"> - <input type="text" name="privKeyUsagePeriod-notAfter-hour" size="2" maxlength="2">: - <input type="text" name="privKeyUsagePeriod-notAfter-minute" size="2" maxlength="2">: - <input type="text" name="privKeyUsagePeriod-notAfter-second" size="2" maxlength="2"></p> - </tr> - <tr> - <td> - <b>Subject Alternative Name:</b></p> - Activate extension: <input type="checkbox" name="SubAltName"></P> - Critical: <input type="checkbox" name="SubAltName-crit"> - <td> - <table> - <tr> - <td> - General Names:</p> - <select name="SubAltNameSelect" multiple size="10"> - </select></p></p> - <input type="button" name="SubAltName-add" value="Add" onClick="{parent.addSubAltName(this.form)}"> - <input type="button" name="SubAltName-delete" value="Delete" onClick="parent.deleteSubAltName(this.form)"> - </td><td> - <table><tr><td> - Name Type: </td></tr><tr><td> - <input type="radio" name="SubAltNameRadio" value="otherName" onClick="parent.setSubAltNameType(form)"> Other Name, - OID: <input type="text" name="SubAltNameOtherNameOID" size="6"> </td><td> - <input type="radio" name="SubAltNameRadio" value="rfc822Name" onClick="parent.setSubAltNameType(form)"> RFC 822 Name</td></tr><td> - <input type="radio" name="SubAltNameRadio" value="dnsName" onClick="parent.setSubAltNameType(form)"> DNS Name </td><td> - <input type="radio" name="SubAltNameRadio" value="x400" onClick="parent.setSubAltNameType(form)"> X400 Address</td></tr><td> - <input type="radio" name="SubAltNameRadio" value="directoryName" onClick="parent.setSubAltNameType(form)"> Directory Name</td><td> - <input type="radio" name="SubAltNameRadio" value="ediPartyName" onClick="parent.setSubAltNameType(form)"> EDI Party Name</td></tr><td> - <input type="radio" name="SubAltNameRadio" value="URL" onClick="parent.setSubAltNameType(form)"> Uniform Resource Locator</td><td> - <input type="radio" name="SubAltNameRadio" value="ipAddress" onClick="parent.setSubAltNameType(form)"> IP Address</td></tr><td> - <input type="radio" name="SubAltNameRadio" value="regID"onClick="parent.setSubAltNameType(form)"> Registered ID</td><td> - <input type="radio" name="SubAltNameRadio" value="nscpNickname" onClick="parent.setSubAltNameType(form)"> Netscape Certificate Nickname</td><td></tr> - </table> - Name: <input type="text" name="SubAltNameText"> - Binary Encoded: <input type="checkbox" name="SubAltNameDataType" value="binary" onClick="parent.setSubAltNameType(form)"></p> - </tr> - </table> - </tr> - - - <tr> - <td> - <b>Issuer Alternative Name:</b></p> - Activate extension: <input type="checkbox" name="IssuerAltName"></P> - Critical: <input type="checkbox" name="IssuerAltName-crit"> - <td> - <input type="radio" name="IssuerAltNameSourceRadio" value="auto"> Use the Subject Alternative Name from the Issuers Certificate</p> - <input type="radio" name="IssuerAltNameSourceRadio" value="man"> Use this Name: - <table> - <tr> - <td> - General Names:</p> - <select name="IssuerAltNameSelect" multiple size="10"> - </select></p></p> - <input type="button" name="IssuerAltName-add" value="Add" onClick="{parent.addIssuerAltName(this.form)}"> - <input type="button" name="IssuerAltName-delete" value="Delete" onClick="parent.deleteIssuerAltName(this.form)"> - </td><td> - <table><tr><td> - Name Type: </td></tr><tr><td> - <input type="radio" name="IssuerAltNameRadio" value="otherName" onClick="parent.setIssuerAltNameType(form)"> Other Name, - OID: <input type="text" name="IssuerAltNameOtherNameOID" size="6"> </td><td> - <input type="radio" name="IssuerAltNameRadio" value="rfc822Name" onClick="parent.setIssuerAltNameType(form)"> RFC 822 Name</td></tr><td> - <input type="radio" name="IssuerAltNameRadio" value="dnsName" onClick="parent.setIssuerAltNameType(form)"> DNS Name </td><td> - <input type="radio" name="IssuerAltNameRadio" value="x400" onClick="parent.setIssuerAltNameType(form)"> X400 Address</td></tr><td> - <input type="radio" name="IssuerAltNameRadio" value="directoryName" onClick="parent.setIssuerAltNameType(form)"> Directory Name</td><td> - <input type="radio" name="IssuerAltNameRadio" value="ediPartyName" onClick="parent.setIssuerAltNameType(form)"> EDI Party Name</td></tr><td> - <input type="radio" name="IssuerAltNameRadio" value="URL" onClick="parent.setIssuerAltNameType(form)"> Uniform Resource Locator</td><td> - <input type="radio" name="IssuerAltNameRadio" value="ipAddress" onClick="parent.setIssuerAltNameType(form)"> IP Address</td></tr><td> - <input type="radio" name="IssuerAltNameRadio" value="regID" onClick="parent.setIssuerAltNameType(form)"> Registered ID</td><td></tr> - </table> - Name: <input type="text" name="IssuerAltNameText"> - Binary Encoded: <input type="checkbox" name="IssuerAltNameDataType" value="binary" onClick="parent.setIssuerAltNameType(form)"></p> - </tr> - </table> - </tr> - - <tr> - <td> - <b>Name Constraints:</b></p> - Activate extension: <input type="checkbox" name="NameConstraints"></P> - <td> - <table> - <tr> - <td> - Name Constraints:</p> - - - <select name="NameConstraintSelect" multiple size="10"> - </select></p></p> - <input type="button" name="NameConstraint-add" value="Add" onClick="{parent.addNameConstraint(this.form)}"> - <input type="button" name="NameConstraint-delete" value="Delete" onClick="parent.deleteNameConstraint(this.form)"> - </td><td> - <table><tr><td> - Name Type: </td></tr><tr><td> - <input type="radio" name="NameConstraintRadio" value="otherName" onClick="parent.setNameConstraintNameType(form)"> Other Name, - OID: <input type="text" name="NameConstraintOtherNameOID" size="6"> </td><td> - <input type="radio" name="NameConstraintRadio" value="rfc822Name" onClick="parent.setNameConstraintNameType(form)"> RFC 822 Name</td></tr><td> - <input type="radio" name="NameConstraintRadio" value="dnsName" onClick="parent.setNameConstraintNameType(form)"> DNS Name </td><td> - <input type="radio" name="NameConstraintRadio" value="x400" onClick="parent.setNameConstraintNameType(form)"> X400 Address</td></tr><td> - <input type="radio" name="NameConstraintRadio" value="directoryName" onClick="parent.setNameConstraintNameType(form)"> Directory Name</td><td> - <input type="radio" name="NameConstraintRadio" value="ediPartyName" onClick="parent.setNameConstraintNameType(form)"> EDI Party Name</td></tr><td> - <input type="radio" name="NameConstraintRadio" value="URL" onClick="parent.setNameConstraintNameType(form)"> Uniform Resource Locator</td><td> - <input type="radio" name="NameConstraintRadio" value="ipAddress" onClick="parent.setNameConstraintNameType(form)"> IP Address</td></tr><td> - <input type="radio" name="NameConstraintRadio" value="regID" onClick="parent.setNameConstraintNameType(form)"> Registered ID</td><td></tr> - </table> - Name: <input type="text" name="NameConstraintText"> - Binary Encoded: <input type="checkbox" name="NameConstraintNameDataType" value="binary" onClick="parent.setNameConstraintNameType(form)"></p> - Constraint type:<p> - <dd><input type="radio" name="NameConstraintTypeRadio" value="permited"> permited<p> - <dd><input type="radio" name="NameConstraintTypeRadio" value="excluded"> excluded<p> - Minimum: <input type="text" name="NameConstraintMin" size="8" maxlength="8"></p> - Maximum: <input type="text" name="NameConstraintMax" size="8" maxlength="8"></p> - - - - </tr> - </table> - </tr> - </table> - </form> - - - - - - - - - - diff --git a/security/nss/cmd/certcgi/certcgi.c b/security/nss/cmd/certcgi/certcgi.c deleted file mode 100644 index 3e66a243f..000000000 --- a/security/nss/cmd/certcgi/certcgi.c +++ /dev/null @@ -1,2433 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -/* Cert-O-Matic CGI */ - - -#include "nspr.h" -#include "prtypes.h" -#include "prtime.h" -#include "prlong.h" - -#include "pk11func.h" -#include "cert.h" -#include "cryptohi.h" -#include "secoid.h" -#include "secder.h" -#include "genname.h" -#include "xconst.h" -#include "secutil.h" -#include "pk11pqg.h" -#include "certxutl.h" -#include "nss.h" - - -/* #define TEST 1 */ -/* #define FILEOUT 1 */ -/* #define OFFLINE 1 */ -#define START_FIELDS 100 -#define PREFIX_LEN 6 -#define SERIAL_FILE "../serial" -#define DB_DIRECTORY ".." - -static char *progName; - -typedef struct PairStr Pair; - -struct PairStr { - char *name; - char *data; -}; - - -char prefix[PREFIX_LEN]; - - -const SEC_ASN1Template CERTIA5TypeTemplate[] = { - { SEC_ASN1_IA5_STRING } -}; - - - -SECKEYPrivateKey *privkeys[9] = {NULL, NULL, NULL, NULL, NULL, NULL, NULL, - NULL, NULL}; - - -#ifdef notdef -const SEC_ASN1Template CERT_GeneralNameTemplate[] = { - { SEC_ASN1_SEQUENCE_OF, 0, SEC_AnyTemplate } -}; -#endif - - -static void -error_out(char *error_string) -{ - printf("Content-type: text/plain\n\n"); - printf(error_string); - fflush(stderr); - fflush(stdout); - exit(1); -} - -static void -error_allocate(void) -{ - error_out("ERROR: Unable to allocate memory"); -} - - -static char * -make_copy_string(char *read_pos, - int length, - char sentinal_value) - /* copys string from to a new string it creates and - returns a pointer to the new string */ -{ - int remaining = length; - char *write_pos; - char *new; - - new = write_pos = (char *) PORT_Alloc (length); - if (new == NULL) { - error_allocate(); - } - while (*read_pos != sentinal_value) { - if (remaining == 1) { - remaining += length; - length = length * 2; - new = PORT_Realloc(new,length); - if (new == NULL) { - error_allocate(); - } - write_pos = new + length - remaining; - } - *write_pos = *read_pos; - ++write_pos; - ++read_pos; - remaining = remaining - 1; - } - *write_pos = '\0'; - return new; -} - - -static char * -PasswordStub(PK11SlotInfo *slot, - void *cx) -{ - return NULL; -} - - -static SECStatus -clean_input(Pair *data) - /* converts the non-alphanumeric characters in a form post - from hex codes back to characters */ -{ - int length; - int hi_digit; - int low_digit; - char character; - char *begin_pos; - char *read_pos; - char *write_pos; - PRBool name = PR_TRUE; - - begin_pos = data->name; - while (begin_pos != NULL) { - length = strlen(begin_pos); - read_pos = write_pos = begin_pos; - while ((read_pos - begin_pos) < length) { - if (*read_pos == '+') { - *read_pos = ' '; - } - if (*read_pos == '%') { - hi_digit = *(read_pos + 1); - low_digit = *(read_pos +2); - read_pos += 3; - if (isdigit(hi_digit)){ - hi_digit = hi_digit - '0'; - } else { - hi_digit = toupper(hi_digit); - if (isxdigit(hi_digit)) { - hi_digit = (hi_digit - 'A') + 10; - } else { - error_out("ERROR: Form data incorrectly formated"); - } - } - if (isdigit(low_digit)){ - low_digit = low_digit - '0'; - } else { - low_digit = toupper(low_digit); - if ((low_digit >='A') && (low_digit <= 'F')) { - low_digit = (low_digit - 'A') + 10; - } else { - error_out("ERROR: Form data incorrectly formated"); - } - } - character = (hi_digit << 4) | low_digit; - if (character != 10) { - *write_pos = character; - ++write_pos; - } - } else { - *write_pos = *read_pos; - ++write_pos; - ++read_pos; - } - } - *write_pos = '\0'; - if (name == PR_TRUE) { - begin_pos = data->data; - name = PR_FALSE; - } else { - data++; - begin_pos = data->name; - name = PR_TRUE; - } - } - return SECSuccess; -} - -static char * -make_name(char *new_data) - /* gets the next field name in the input string and returns - a pointer to a string containing a copy of it */ -{ - int length = 20; - char *name; - - name = make_copy_string(new_data, length, '='); - return name; -} - -static char * -make_data(char *new_data) - /* gets the data for the next field in the input string - and returns a pointer to a string containing it */ -{ - int length = 100; - char *data; - char *read_pos; - - read_pos = new_data; - while (*(read_pos - 1) != '=') { - ++read_pos; - } - data = make_copy_string(read_pos, length, '&'); - return data; -} - - -static Pair -make_pair(char *new_data) - /* makes a pair name/data pair from the input string */ -{ - Pair temp; - - temp.name = make_name(new_data); - temp.data = make_data(new_data); - return temp; -} - - - -static Pair * -make_datastruct(char *data, int len) - /* parses the input from the form post into a data - structure of field name/data pairs */ -{ - Pair *datastruct; - Pair *current; - char *curr_pos; - int fields = START_FIELDS; - int remaining = START_FIELDS; - - curr_pos = data; - datastruct = current = (Pair *) PORT_Alloc(fields * sizeof(Pair)); - if (datastruct == NULL) { - error_allocate(); - } - while (curr_pos - data < len) { - if (remaining == 1) { - remaining += fields; - fields = fields * 2; - datastruct = (Pair *) PORT_Realloc - (datastruct, fields * sizeof(Pair)); - if (datastruct == NULL) { - error_allocate(); - } - current = datastruct + (fields - remaining); - } - *current = make_pair(curr_pos); - while (*curr_pos != '&') { - ++curr_pos; - } - ++curr_pos; - ++current; - remaining = remaining - 1; - } - current->name = NULL; - return datastruct; -} - -static char * -return_name(Pair *data_struct, - int n) - /* returns a pointer to the name of the nth - (starting from 0) item in the data structure */ -{ - char *name; - - if ((data_struct + n)->name != NULL) { - name = (data_struct + n)->name; - return name; - } else { - return NULL; - } -} - -static char * -return_data(Pair *data_struct,int n) - /* returns a pointer to the data of the nth (starting from 0) - itme in the data structure */ -{ - char *data; - - data = (data_struct + n)->data; - return data; -} - - -static char * -add_prefix(char *field_name) -{ - extern char prefix[PREFIX_LEN]; - int i = 0; - char *rv; - char *write; - - rv = write = PORT_Alloc(PORT_Strlen(prefix) + PORT_Strlen(field_name) + 1); - for(i = 0; i < PORT_Strlen(prefix); i++) { - *write = prefix[i]; - write++; - } - *write = '\0'; - rv = PORT_Strcat(rv,field_name); - return rv; -} - - -static char * -find_field(Pair *data, - char *field_name, - PRBool add_pre) - /* returns a pointer to the data of the first pair - thats name matches the string it is passed */ -{ - int i = 0; - char *retrieved; - int found = 0; - - if (add_pre) { - field_name = add_prefix(field_name); - } - while(return_name(data, i) != NULL) { - if (PORT_Strcmp(return_name(data, i), field_name) == 0) { - retrieved = return_data(data, i); - found = 1; - break; - } - i++; - } - if (!found) { - retrieved = NULL; - } - return retrieved; -} - -static PRBool -find_field_bool(Pair *data, - char *fieldname, - PRBool add_pre) -{ - char *rv; - - rv = find_field(data, fieldname, add_pre); - - if ((rv != NULL) && (PORT_Strcmp(rv, "true")) == 0) { - return PR_TRUE; - } else { - return PR_FALSE; - } -} - -static char * -update_data_by_name(Pair *data, - char *field_name, - char *new_data) - /* replaces the data in the data structure associated with - a name with new data, returns null if not found */ -{ - int i = 0; - int found = 0; - int length = 100; - char *new; - - while (return_name(data, i) != NULL) { - if (PORT_Strcmp(return_name(data, i), field_name) == 0) { - new = make_copy_string( new_data, length, '\0'); - PORT_Free(return_data(data, i)); - found = 1; - (*(data + i)).data = new; - break; - } - i++; - } - if (!found) { - new = NULL; - } - return new; -} - -static char * -update_data_by_index(Pair *data, - int n, - char *new_data) - /* replaces the data of a particular index in the data structure */ -{ - int length = 100; - char *new; - - new = make_copy_string(new_data, length, '\0'); - PORT_Free(return_data(data, n)); - (*(data + n)).data = new; - return new; -} - - -static Pair * -add_field(Pair *data, - char* field_name, - char* field_data) - /* adds a new name/data pair to the data structure */ -{ - int i = 0; - int j; - int name_length = 100; - int data_length = 100; - - while(return_name(data, i) != NULL) { - i++; - } - j = START_FIELDS; - while ( j < (i + 1) ) { - j = j * 2; - } - if (j == (i + 1)) { - data = (Pair *) PORT_Realloc(data, (j * 2) * sizeof(Pair)); - if (data == NULL) { - error_allocate(); - } - } - (*(data + i)).name = make_copy_string(field_name, name_length, '\0'); - (*(data + i)).data = make_copy_string(field_data, data_length, '\0'); - (data + i + 1)->name = NULL; - return data; -} - - -static CERTCertificateRequest * -makeCertReq(Pair *form_data, - int which_priv_key) - /* makes and encodes a certrequest */ -{ - - PK11SlotInfo *slot; - CERTCertificateRequest *certReq = NULL; - CERTSubjectPublicKeyInfo *spki; - SECKEYPrivateKey *privkey = NULL; - SECKEYPublicKey *pubkey = NULL; - CERTName *name; - char *key; - extern SECKEYPrivateKey *privkeys[9]; - int keySizeInBits; - char *challenge = "foo"; - SECStatus rv = SECSuccess; - PQGParams *pqgParams = NULL; - PQGVerify *pqgVfy = NULL; - - name = CERT_AsciiToName(find_field(form_data, "subject", PR_TRUE)); - if (name == NULL) { - error_out("ERROR: Unable to create Subject Name"); - } - key = find_field(form_data, "key", PR_TRUE); - if (key == NULL) { - switch (*find_field(form_data, "keysize", PR_TRUE)) { - case '0': - keySizeInBits = 2048; - break; - case '1': - keySizeInBits = 1024; - break; - case '2': - keySizeInBits = 512; - break; - default: - error_out("ERROR: Unsupported Key length selected"); - } - if (find_field_bool(form_data, "keyType-dsa", PR_TRUE)) { - rv = PK11_PQG_ParamGen(keySizeInBits, &pqgParams, &pqgVfy); - if (rv != SECSuccess) { - error_out("ERROR: Unable to generate PQG parameters"); - } - slot = PK11_GetBestSlot(CKM_DSA_KEY_PAIR_GEN, NULL); - privkey = PK11_GenerateKeyPair(slot, CKM_DSA_KEY_PAIR_GEN, - pqgParams,&pubkey, PR_FALSE, - PR_TRUE, NULL); - } else { - privkey = SECKEY_CreateRSAPrivateKey(keySizeInBits, &pubkey, NULL); - } - privkeys[which_priv_key] = privkey; - spki = SECKEY_CreateSubjectPublicKeyInfo(pubkey); - } else { - spki = SECKEY_ConvertAndDecodePublicKeyAndChallenge(key, challenge, - NULL); - if (spki == NULL) { - error_out("ERROR: Unable to decode Public Key and Challenge String"); - } - } - certReq = CERT_CreateCertificateRequest(name, spki, NULL); - if (certReq == NULL) { - error_out("ERROR: Unable to create Certificate Request"); - } - if (pubkey != NULL) { - SECKEY_DestroyPublicKey(pubkey); - } - if (spki != NULL) { - SECKEY_DestroySubjectPublicKeyInfo(spki); - } - if (pqgParams != NULL) { - PK11_PQG_DestroyParams(pqgParams); - } - if (pqgVfy != NULL) { - PK11_PQG_DestroyVerify(pqgVfy); - } - return certReq; -} - - - -static CERTCertificate * -MakeV1Cert(CERTCertDBHandle *handle, - CERTCertificateRequest *req, - char *issuerNameStr, - PRBool selfsign, - int serialNumber, - int warpmonths, - Pair *data) -{ - CERTCertificate *issuerCert = NULL; - CERTValidity *validity; - CERTCertificate *cert = NULL; - PRExplodedTime printableTime; - PRTime now, - after; - SECStatus rv; - - - - if ( !selfsign ) { - issuerCert = CERT_FindCertByNameString(handle, issuerNameStr); - if (!issuerCert) { - error_out("ERROR: Could not find issuer's certificate"); - return NULL; - } - } - if (find_field_bool(data, "manValidity", PR_TRUE)) { - rv = DER_AsciiToTime(&now, find_field(data, "notBefore", PR_TRUE)); - } else { - now = PR_Now(); - } - PR_ExplodeTime (now, PR_GMTParameters, &printableTime); - if ( warpmonths ) { - printableTime.tm_month += warpmonths; - now = PR_ImplodeTime (&printableTime); - PR_ExplodeTime (now, PR_GMTParameters, &printableTime); - } - if (find_field_bool(data, "manValidity", PR_TRUE)) { - rv = DER_AsciiToTime(&after, find_field(data, "notAfter", PR_TRUE)); - PR_ExplodeTime (after, PR_GMTParameters, &printableTime); - } else { - printableTime.tm_month += 3; - after = PR_ImplodeTime (&printableTime); - } - /* note that the time is now in micro-second unit */ - validity = CERT_CreateValidity (now, after); - - if ( selfsign ) { - cert = CERT_CreateCertificate - (serialNumber,&(req->subject), validity, req); - } else { - cert = CERT_CreateCertificate - (serialNumber,&(issuerCert->subject), validity, req); - } - - CERT_DestroyValidity(validity); - if ( issuerCert ) { - CERT_DestroyCertificate (issuerCert); - } - return(cert); -} - -static int -get_serial_number(Pair *data) -{ - int serial = 0; - int error; - char *filename = SERIAL_FILE; - char *SN; - FILE *serialFile; - - - if (find_field_bool(data, "serial-auto", PR_TRUE)) { - serialFile = fopen(filename, "r"); - if (serialFile != NULL) { - fread(&serial, sizeof(int), 1, serialFile); - if (ferror(serialFile) != 0) { - error_out("Error: Unable to read serial number file"); - } - if (serial == 4294967295) { - serial = 21; - } - fclose(serialFile); - ++serial; - serialFile = fopen(filename,"w"); - if (serialFile == NULL) { - error_out("ERROR: Unable to open serial number file for writing"); - } - fwrite(&serial, sizeof(int), 1, serialFile); - if (ferror(serialFile) != 0) { - error_out("Error: Unable to write to serial number file"); - } - } else { - fclose(serialFile); - serialFile = fopen(filename,"w"); - if (serialFile == NULL) { - error_out("ERROR: Unable to open serial number file"); - } - serial = 21; - fwrite(&serial, sizeof(int), 1, serialFile); - if (ferror(serialFile) != 0) { - error_out("Error: Unable to write to serial number file"); - } - error = ferror(serialFile); - if (error != 0) { - error_out("ERROR: Unable to write to serial file"); - } - } - fclose(serialFile); - } else { - SN = find_field(data, "serial_value", PR_TRUE); - while (*SN != '\0') { - serial = serial * 16; - if ((*SN >= 'A') && (*SN <='F')) { - serial += *SN - 'A' + 10; - } else { - if ((*SN >= 'a') && (*SN <='f')) { - serial += *SN - 'a' + 10; - } else { - serial += *SN - '0'; - } - } - ++SN; - } - } - return serial; -} - - - -typedef SECStatus (* EXTEN_VALUE_ENCODER) - (PRArenaPool *extHandle, void *value, SECItem *encodedValue); - -static SECStatus -EncodeAndAddExtensionValue( - PRArenaPool *arena, - void *extHandle, - void *value, - PRBool criticality, - int extenType, - EXTEN_VALUE_ENCODER EncodeValueFn) -{ - SECItem encodedValue; - SECStatus rv; - - - encodedValue.data = NULL; - encodedValue.len = 0; - rv = (*EncodeValueFn)(arena, value, &encodedValue); - if (rv != SECSuccess) { - error_out("ERROR: Unable to encode extension value"); - } - rv = CERT_AddExtension - (extHandle, extenType, &encodedValue, criticality, PR_TRUE); - return (rv); -} - - - -static SECStatus -AddKeyUsage (void *extHandle, - Pair *data) -{ - SECItem bitStringValue; - unsigned char keyUsage = 0x0; - - if (find_field_bool(data,"keyUsage-digitalSignature", PR_TRUE)){ - keyUsage |= (0x80 >> 0); - } - if (find_field_bool(data,"keyUsage-nonRepudiation", PR_TRUE)){ - keyUsage |= (0x80 >> 1); - } - if (find_field_bool(data,"keyUsage-keyEncipherment", PR_TRUE)){ - keyUsage |= (0x80 >> 2); - } - if (find_field_bool(data,"keyUsage-dataEncipherment", PR_TRUE)){ - keyUsage |= (0x80 >> 3); - } - if (find_field_bool(data,"keyUsage-keyAgreement", PR_TRUE)){ - keyUsage |= (0x80 >> 4); - } - if (find_field_bool(data,"keyUsage-keyCertSign", PR_TRUE)) { - keyUsage |= (0x80 >> 5); - } - if (find_field_bool(data,"keyUsage-cRLSign", PR_TRUE)) { - keyUsage |= (0x80 >> 6); - } - - bitStringValue.data = &keyUsage; - bitStringValue.len = 1; - - return (CERT_EncodeAndAddBitStrExtension - (extHandle, SEC_OID_X509_KEY_USAGE, &bitStringValue, - (find_field_bool(data, "keyUsage-crit", PR_TRUE)))); - -} - -static CERTOidSequence * -CreateOidSequence(void) -{ - CERTOidSequence *rv = (CERTOidSequence *)NULL; - PRArenaPool *arena = (PRArenaPool *)NULL; - - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if( (PRArenaPool *)NULL == arena ) { - goto loser; - } - - rv = (CERTOidSequence *)PORT_ArenaZAlloc(arena, sizeof(CERTOidSequence)); - if( (CERTOidSequence *)NULL == rv ) { - goto loser; - } - - rv->oids = (SECItem **)PORT_ArenaZAlloc(arena, sizeof(SECItem *)); - if( (SECItem **)NULL == rv->oids ) { - goto loser; - } - - rv->arena = arena; - return rv; - - loser: - if( (PRArenaPool *)NULL != arena ) { - PORT_FreeArena(arena, PR_FALSE); - } - - return (CERTOidSequence *)NULL; -} - -static SECStatus -AddOidToSequence(CERTOidSequence *os, SECOidTag oidTag) -{ - SECItem **oids; - PRUint32 count = 0; - SECOidData *od; - - od = SECOID_FindOIDByTag(oidTag); - if( (SECOidData *)NULL == od ) { - return SECFailure; - } - - for( oids = os->oids; (SECItem *)NULL != *oids; oids++ ) { - count++; - } - - /* ArenaZRealloc */ - - { - PRUint32 i; - - oids = (SECItem **)PORT_ArenaZAlloc(os->arena, sizeof(SECItem *) * (count+2)); - if( (SECItem **)NULL == oids ) { - return SECFailure; - } - - for( i = 0; i < count; i++ ) { - oids[i] = os->oids[i]; - } - - /* ArenaZFree(os->oids); */ - } - - os->oids = oids; - os->oids[count] = &od->oid; - - return SECSuccess; -} - -static SECItem * -EncodeOidSequence(CERTOidSequence *os) -{ - SECItem *rv; - extern const SEC_ASN1Template CERT_OidSeqTemplate[]; - - rv = (SECItem *)PORT_ArenaZAlloc(os->arena, sizeof(SECItem)); - if( (SECItem *)NULL == rv ) { - goto loser; - } - - if( !SEC_ASN1EncodeItem(os->arena, rv, os, CERT_OidSeqTemplate) ) { - goto loser; - } - - return rv; - - loser: - return (SECItem *)NULL; -} - -static SECStatus -AddExtKeyUsage(void *extHandle, Pair *data) -{ - SECStatus rv; - CERTOidSequence *os; - SECItem *value; - PRBool crit; - - os = CreateOidSequence(); - if( (CERTOidSequence *)NULL == os ) { - return SECFailure; - } - - if( find_field_bool(data, "extKeyUsage-serverAuth", PR_TRUE) ) { - rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_SERVER_AUTH); - if( SECSuccess != rv ) goto loser; - } - - if( find_field_bool(data, "extKeyUsage-clientAuth", PR_TRUE) ) { - rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_CLIENT_AUTH); - if( SECSuccess != rv ) goto loser; - } - - if( find_field_bool(data, "extKeyUsage-codeSign", PR_TRUE) ) { - rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_CODE_SIGN); - if( SECSuccess != rv ) goto loser; - } - - if( find_field_bool(data, "extKeyUsage-emailProtect", PR_TRUE) ) { - rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_EMAIL_PROTECT); - if( SECSuccess != rv ) goto loser; - } - - if( find_field_bool(data, "extKeyUsage-timeStamp", PR_TRUE) ) { - rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_TIME_STAMP); - if( SECSuccess != rv ) goto loser; - } - - if( find_field_bool(data, "extKeyUsage-ocspResponder", PR_TRUE) ) { - rv = AddOidToSequence(os, SEC_OID_OCSP_RESPONDER); - if( SECSuccess != rv ) goto loser; - } - - if( find_field_bool(data, "extKeyUsage-NS-govtApproved", PR_TRUE) ) { - rv = AddOidToSequence(os, SEC_OID_NS_KEY_USAGE_GOVT_APPROVED); - if( SECSuccess != rv ) goto loser; - } - - value = EncodeOidSequence(os); - - crit = find_field_bool(data, "extKeyUsage-crit", PR_TRUE); - - rv = CERT_AddExtension(extHandle, SEC_OID_X509_EXT_KEY_USAGE, value, - crit, PR_TRUE); - /*FALLTHROUGH*/ - loser: - CERT_DestroyOidSequence(os); - return rv; -} - -static SECStatus -AddSubKeyID(void *extHandle, - Pair *data, - CERTCertificate *subjectCert) -{ - SECItem encodedValue; - SECStatus rv; - char *read; - char *write; - char *first; - char character; - int high_digit = 0, - low_digit = 0; - int len; - PRBool odd = PR_FALSE; - - - encodedValue.data = NULL; - encodedValue.len = 0; - first = read = write = find_field(data,"subjectKeyIdentifier-text", - PR_TRUE); - len = PORT_Strlen(first); - odd = ((len % 2) != 0 ) ? PR_TRUE : PR_FALSE; - if (find_field_bool(data, "subjectKeyIdentifier-radio-hex", PR_TRUE)) { - if (odd) { - error_out("ERROR: Improperly formated subject key identifier, hex values must be expressed as an octet string"); - } - while (*read != '\0') { - if (!isxdigit(*read)) { - error_out("ERROR: Improperly formated subject key identifier"); - } - *read = toupper(*read); - if ((*read >= 'A') && (*read <= 'F')) { - high_digit = *read - 'A' + 10; - } else { - high_digit = *read - '0'; - } - ++read; - if (!isxdigit(*read)) { - error_out("ERROR: Improperly formated subject key identifier"); - } - *read = toupper(*read); - if ((*read >= 'A') && (*read <= 'F')) { - low_digit = *(read) - 'A' + 10; - } else { - low_digit = *(read) - '0'; - } - character = (high_digit << 4) | low_digit; - *write = character; - ++write; - ++read; - } - *write = '\0'; - len = write - first; - } - subjectCert->subjectKeyID.data = (unsigned char *) find_field - (data,"subjectKeyIdentifier-text", PR_TRUE); - subjectCert->subjectKeyID.len = len; - rv = CERT_EncodeSubjectKeyID - (NULL, find_field(data,"subjectKeyIdentifier-text", PR_TRUE), - len, &encodedValue); - if (rv) { - return (rv); - } - return (CERT_AddExtension(extHandle, SEC_OID_X509_SUBJECT_KEY_ID, - &encodedValue, PR_FALSE, PR_TRUE)); -} - - -static SECStatus -AddAuthKeyID (void *extHandle, - Pair *data, - char *issuerNameStr, - CERTCertDBHandle *handle) -{ - CERTAuthKeyID *authKeyID = NULL; - PRArenaPool *arena = NULL; - SECStatus rv = SECSuccess; - CERTCertificate *issuerCert = NULL; - CERTGeneralName *genNames; - CERTName *directoryName = NULL; - - - issuerCert = CERT_FindCertByNameString(handle, issuerNameStr); - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if ( !arena ) { - error_allocate(); - } - - authKeyID = PORT_ArenaZAlloc (arena, sizeof (CERTAuthKeyID)); - if (authKeyID == NULL) { - error_allocate(); - } - if (find_field_bool(data, "authorityKeyIdentifier-radio-keyIdentifier", - PR_TRUE)) { - authKeyID->keyID.data = PORT_ArenaAlloc (arena, PORT_Strlen - ((char *)issuerCert->subjectKeyID.data)); - if (authKeyID->keyID.data == NULL) { - error_allocate(); - } - PORT_Memcpy (authKeyID->keyID.data, issuerCert->subjectKeyID.data, - authKeyID->keyID.len = - PORT_Strlen((char *)issuerCert->subjectKeyID.data)); - } else { - - PORT_Assert (arena); - genNames = (CERTGeneralName *) PORT_ArenaZAlloc (arena, (sizeof(CERTGeneralName))); - if (genNames == NULL){ - error_allocate(); - } - genNames->l.next = genNames->l.prev = &(genNames->l); - genNames->type = certDirectoryName; - - directoryName = CERT_AsciiToName(issuerCert->subjectName); - if (!directoryName) { - error_out("ERROR: Unable to create Directory Name"); - } - rv = CERT_CopyName (arena, &genNames->name.directoryName, - directoryName); - CERT_DestroyName (directoryName); - if (rv != SECSuccess) { - error_out("ERROR: Unable to copy Directory Name"); - } - authKeyID->authCertIssuer = genNames; - if (authKeyID->authCertIssuer == NULL && SECFailure == - PORT_GetError ()) { - error_out("ERROR: Unable to get Issuer General Name for Authority Key ID Extension"); - } - authKeyID->authCertSerialNumber = issuerCert->serialNumber; - } - rv = EncodeAndAddExtensionValue(arena, extHandle, authKeyID, PR_FALSE, - SEC_OID_X509_AUTH_KEY_ID, - (EXTEN_VALUE_ENCODER) - CERT_EncodeAuthKeyID); - if (arena) { - PORT_FreeArena (arena, PR_FALSE); - } - return (rv); -} - - -static SECStatus -AddPrivKeyUsagePeriod(void *extHandle, - Pair *data, - CERTCertificate *cert) -{ - char *notBeforeStr; - char *notAfterStr; - PRArenaPool *arena = NULL; - SECStatus rv = SECSuccess; - PKUPEncodedContext *pkup; - - - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if ( !arena ) { - error_allocate(); - } - pkup = PORT_ArenaZAlloc (arena, sizeof (PKUPEncodedContext)); - if (pkup == NULL) { - error_allocate(); - } - notBeforeStr = (char *) PORT_Alloc(16 ); - notAfterStr = (char *) PORT_Alloc(16 ); - *notBeforeStr = '\0'; - *notAfterStr = '\0'; - pkup->arena = arena; - pkup->notBefore.len = 0; - pkup->notBefore.data = NULL; - pkup->notAfter.len = 0; - pkup->notAfter.data = NULL; - if (find_field_bool(data, "privKeyUsagePeriod-radio-notBefore", PR_TRUE) || - find_field_bool(data, "privKeyUsagePeriod-radio-both", PR_TRUE)) { - pkup->notBefore.len = 15; - pkup->notBefore.data = (unsigned char *)notBeforeStr; - if (find_field_bool(data, "privKeyUsagePeriod-notBefore-radio-manual", - PR_TRUE)) { - PORT_Strcat(notBeforeStr,find_field(data, - "privKeyUsagePeriod-notBefore-year", - PR_TRUE)); - PORT_Strcat(notBeforeStr,find_field(data, - "privKeyUsagePeriod-notBefore-month", - PR_TRUE)); - PORT_Strcat(notBeforeStr,find_field(data, - "privKeyUsagePeriod-notBefore-day", - PR_TRUE)); - PORT_Strcat(notBeforeStr,find_field(data, - "privKeyUsagePeriod-notBefore-hour", - PR_TRUE)); - PORT_Strcat(notBeforeStr,find_field(data, - "privKeyUsagePeriod-notBefore-minute", - PR_TRUE)); - PORT_Strcat(notBeforeStr,find_field(data, - "privKeyUsagePeriod-notBefore-second", - PR_TRUE)); - if ((*(notBeforeStr + 14) != '\0') || - (!isdigit(*(notBeforeStr + 13))) || - (*(notBeforeStr + 12) >= '5' && *(notBeforeStr + 12) <= '0') || - (!isdigit(*(notBeforeStr + 11))) || - (*(notBeforeStr + 10) >= '5' && *(notBeforeStr + 10) <= '0') || - (!isdigit(*(notBeforeStr + 9))) || - (*(notBeforeStr + 8) >= '2' && *(notBeforeStr + 8) <= '0') || - (!isdigit(*(notBeforeStr + 7))) || - (*(notBeforeStr + 6) >= '3' && *(notBeforeStr + 6) <= '0') || - (!isdigit(*(notBeforeStr + 5))) || - (*(notBeforeStr + 4) >= '1' && *(notBeforeStr + 4) <= '0') || - (!isdigit(*(notBeforeStr + 3))) || - (!isdigit(*(notBeforeStr + 2))) || - (!isdigit(*(notBeforeStr + 1))) || - (!isdigit(*(notBeforeStr + 0))) || - (*(notBeforeStr + 8) == '2' && *(notBeforeStr + 9) >= '4') || - (*(notBeforeStr + 6) == '3' && *(notBeforeStr + 7) >= '1') || - (*(notBeforeStr + 4) == '1' && *(notBeforeStr + 5) >= '2')) { - error_out("ERROR: Improperly formated private key usage period"); - } - *(notBeforeStr + 14) = 'Z'; - *(notBeforeStr + 15) = '\0'; - } else { - if ((*(cert->validity.notBefore.data) > '5') || - ((*(cert->validity.notBefore.data) == '5') && - (*(cert->validity.notBefore.data + 1) != '0'))) { - PORT_Strcat(notBeforeStr, "19"); - } else { - PORT_Strcat(notBeforeStr, "20"); - } - PORT_Strcat(notBeforeStr, (char *)cert->validity.notBefore.data); - } - } - if (find_field_bool(data, "privKeyUsagePeriod-radio-notAfter", PR_TRUE) || - find_field_bool(data, "privKeyUsagePeriod-radio-both", PR_TRUE)) { - pkup->notAfter.len = 15; - pkup->notAfter.data = (unsigned char *)notAfterStr; - PORT_Strcat(notAfterStr,find_field(data,"privKeyUsagePeriod-notAfter-year", - PR_TRUE)); - PORT_Strcat(notAfterStr,find_field(data,"privKeyUsagePeriod-notAfter-month", - PR_TRUE)); - PORT_Strcat(notAfterStr,find_field(data,"privKeyUsagePeriod-notAfter-day", - PR_TRUE)); - PORT_Strcat(notAfterStr,find_field(data,"privKeyUsagePeriod-notAfter-hour", - PR_TRUE)); - PORT_Strcat(notAfterStr,find_field(data,"privKeyUsagePeriod-notAfter-minute", - PR_TRUE)); - PORT_Strcat(notAfterStr,find_field(data,"privKeyUsagePeriod-notAfter-second", - PR_TRUE)); - if ((*(notAfterStr + 14) != '\0') || - (!isdigit(*(notAfterStr + 13))) || - (*(notAfterStr + 12) >= '5' && *(notAfterStr + 12) <= '0') || - (!isdigit(*(notAfterStr + 11))) || - (*(notAfterStr + 10) >= '5' && *(notAfterStr + 10) <= '0') || - (!isdigit(*(notAfterStr + 9))) || - (*(notAfterStr + 8) >= '2' && *(notAfterStr + 8) <= '0') || - (!isdigit(*(notAfterStr + 7))) || - (*(notAfterStr + 6) >= '3' && *(notAfterStr + 6) <= '0') || - (!isdigit(*(notAfterStr + 5))) || - (*(notAfterStr + 4) >= '1' && *(notAfterStr + 4) <= '0') || - (!isdigit(*(notAfterStr + 3))) || - (!isdigit(*(notAfterStr + 2))) || - (!isdigit(*(notAfterStr + 1))) || - (!isdigit(*(notAfterStr + 0))) || - (*(notAfterStr + 8) == '2' && *(notAfterStr + 9) >= '4') || - (*(notAfterStr + 6) == '3' && *(notAfterStr + 7) >= '1') || - (*(notAfterStr + 4) == '1' && *(notAfterStr + 5) >= '2')) { - error_out("ERROR: Improperly formated private key usage period"); - } - *(notAfterStr + 14) = 'Z'; - *(notAfterStr + 15) = '\0'; - } - - PORT_Assert (arena); - - rv = EncodeAndAddExtensionValue(arena, extHandle, pkup, - find_field_bool(data, - "privKeyUsagePeriod-crit", - PR_TRUE), - SEC_OID_X509_PRIVATE_KEY_USAGE_PERIOD, - (EXTEN_VALUE_ENCODER) - CERT_EncodePublicKeyUsagePeriod); - if (arena) { - PORT_FreeArena (arena, PR_FALSE); - } - if (notBeforeStr != NULL) { - PORT_Free(notBeforeStr); - } - if (notAfterStr != NULL) { - PORT_Free(notAfterStr); - } - return (rv); -} - -static SECStatus -AddBasicConstraint(void *extHandle, - Pair *data) -{ - CERTBasicConstraints basicConstraint; - SECItem encodedValue; - SECStatus rv; - - encodedValue.data = NULL; - encodedValue.len = 0; - basicConstraint.pathLenConstraint = CERT_UNLIMITED_PATH_CONSTRAINT; - basicConstraint.isCA = (find_field_bool(data,"basicConstraints-cA-radio-CA", - PR_TRUE)); - if (find_field_bool(data,"basicConstraints-pathLengthConstraint", PR_TRUE)){ - basicConstraint.pathLenConstraint = atoi - (find_field(data,"basicConstraints-pathLengthConstraint-text", - PR_TRUE)); - } - - rv = CERT_EncodeBasicConstraintValue (NULL, &basicConstraint, - &encodedValue); - if (rv) - return (rv); - rv = CERT_AddExtension(extHandle, SEC_OID_X509_BASIC_CONSTRAINTS, - &encodedValue, - (find_field_bool(data,"basicConstraints-crit", - PR_TRUE)), PR_TRUE); - - PORT_Free (encodedValue.data); - return (rv); -} - - - -static SECStatus -AddNscpCertType (void *extHandle, - Pair *data) -{ - SECItem bitStringValue; - unsigned char CertType = 0x0; - - if (find_field_bool(data,"netscape-cert-type-ssl-client", PR_TRUE)){ - CertType |= (0x80 >> 0); - } - if (find_field_bool(data,"netscape-cert-type-ssl-server", PR_TRUE)){ - CertType |= (0x80 >> 1); - } - if (find_field_bool(data,"netscape-cert-type-smime", PR_TRUE)){ - CertType |= (0x80 >> 2); - } - if (find_field_bool(data,"netscape-cert-type-object-signing", PR_TRUE)){ - CertType |= (0x80 >> 3); - } - if (find_field_bool(data,"netscape-cert-type-reserved", PR_TRUE)){ - CertType |= (0x80 >> 4); - } - if (find_field_bool(data,"netscape-cert-type-ssl-ca", PR_TRUE)) { - CertType |= (0x80 >> 5); - } - if (find_field_bool(data,"netscape-cert-type-smime-ca", PR_TRUE)) { - CertType |= (0x80 >> 6); - } - if (find_field_bool(data,"netscape-cert-type-object-signing-ca", PR_TRUE)) { - CertType |= (0x80 >> 7); - } - - bitStringValue.data = &CertType; - bitStringValue.len = 1; - - return (CERT_EncodeAndAddBitStrExtension - (extHandle, SEC_OID_NS_CERT_EXT_CERT_TYPE, &bitStringValue, - (find_field_bool(data, "netscape-cert-type-crit", PR_TRUE)))); -} - - -static SECStatus -add_IA5StringExtension(void *extHandle, - char *string, - PRBool crit, - int idtag) -{ - SECItem encodedValue; - SECStatus rv; - - encodedValue.data = NULL; - encodedValue.len = 0; - - rv = CERT_EncodeIA5TypeExtension(NULL, string, &encodedValue); - if (rv) { - return (rv); - } - return (CERT_AddExtension(extHandle, idtag, &encodedValue, crit, PR_TRUE)); -} - -static SECItem * -string_to_oid(char *string) -{ - int i; - int length = 20; - int remaining; - int first_value; - int second_value; - int value; - int oidLength; - unsigned char *oidString; - unsigned char *write; - unsigned char *read; - unsigned char *temp; - SECItem *oid; - - - remaining = length; - i = 0; - while (*string == ' ') { - string++; - } - while (isdigit(*(string + i))) { - i++; - } - if (*(string + i) == '.') { - *(string + i) = '\0'; - } else { - error_out("ERROR: Improperly formated OID"); - } - first_value = atoi(string); - if (first_value < 0 || first_value > 2) { - error_out("ERROR: Improperly formated OID"); - } - string += i + 1; - i = 0; - while (isdigit(*(string + i))) { - i++; - } - if (*(string + i) == '.') { - *(string + i) = '\0'; - } else { - error_out("ERROR: Improperly formated OID"); - } - second_value = atoi(string); - if (second_value < 0 || second_value > 39) { - error_out("ERROR: Improperly formated OID"); - } - oidString = PORT_ZAlloc(2); - *oidString = (first_value * 40) + second_value; - *(oidString + 1) = '\0'; - oidLength = 1; - string += i + 1; - i = 0; - temp = write = PORT_ZAlloc(length); - while (*string != '\0') { - value = 0; - while(isdigit(*(string + i))) { - i++; - } - if (*(string + i) == '\0') { - value = atoi(string); - string += i; - } else { - if (*(string + i) == '.') { - *(string + i) = '\0'; - value = atoi(string); - string += i + 1; - } else { - *(string + i) = '\0'; - i++; - value = atoi(string); - while (*(string + i) == ' ') - i++; - if (*(string + i) != '\0') { - error_out("ERROR: Improperly formated OID"); - } - } - } - i = 0; - while (value != 0) { - if (remaining < 1) { - remaining += length; - length = length * 2; - temp = PORT_Realloc(temp, length); - write = temp + length - remaining; - } - *write = (value & 0x7f) | (0x80); - write++; - remaining--; - value = value >> 7; - } - *temp = *temp & (0x7f); - oidLength += write - temp; - oidString = PORT_Realloc(oidString, (oidLength + 1)); - read = write - 1; - write = oidLength + oidString - 1; - for (i = 0; i < (length - remaining); i++) { - *write = *read; - write--; - read++; - } - write = temp; - remaining = length; - } - *(oidString + oidLength) = '\0'; - oid = (SECItem *) PORT_ZAlloc(sizeof(SECItem)); - oid->data = oidString; - oid->len = oidLength; - PORT_Free(temp); - return oid; -} - -static SECItem * -string_to_ipaddress(char *string) -{ - int i = 0; - int value; - int j = 0; - SECItem *ipaddress; - - - while (*string == ' ') { - string++; - } - ipaddress = (SECItem *) PORT_ZAlloc(sizeof(SECItem)); - ipaddress->data = PORT_ZAlloc(9); - while (*string != '\0' && j < 8) { - while (isdigit(*(string + i))) { - i++; - } - if (*(string + i) == '.') { - *(string + i) = '\0'; - value = atoi(string); - string = string + i + 1; - i = 0; - } else { - if (*(string + i) == '\0') { - value = atoi(string); - string = string + i; - i = 0; - } else { - *(string + i) = '\0'; - while (*(string + i) == ' ') { - i++; - } - if (*(string + i) == '\0') { - value = atoi(string); - string = string + i; - i = 0; - } else { - error_out("ERROR: Improperly formated IP Address"); - } - } - } - if (value >= 0 || value < 256) { - *(ipaddress->data + j) = value; - } else { - error_out("ERROR: Improperly formated IP Address"); - } - j++; - } - *(ipaddress->data + j) = '\0'; - if (j != 4 && j != 8) { - error_out("ERROR: Improperly formated IP Address"); - } - ipaddress->len = j; - return ipaddress; -} - -static SECItem * -string_to_binary(char *string) -{ - SECItem *rv; - int high_digit; - int low_digit; - - rv = (SECItem *) PORT_ZAlloc(sizeof(SECItem)); - if (rv == NULL) { - error_allocate(); - } - rv->data = (unsigned char *) PORT_ZAlloc((PORT_Strlen(string))/3 + 2); - while (!isxdigit(*string)) { - string++; - } - rv->len = 0; - while (*string != '\0') { - if (isxdigit(*string)) { - if (*string >= '0' && *string <= '9') { - high_digit = *string - '0'; - } else { - *string = toupper(*string); - high_digit = *string - 'A'; - } - string++; - if (*string >= '0' && *string <= '9') { - low_digit = *string - '0'; - } else { - *string = toupper(*string); - low_digit = *string = 'A'; - } - (rv->len)++; - } else { - if (*string == ':') { - string++; - } else { - if (*string == ' ') { - while (*string == ' ') { - string++; - } - } - if (*string != '\0') { - error_out("ERROR: Improperly formated binary encoding"); - } - } - } - } - - return rv; -} - -static SECStatus -MakeGeneralName(char *name, - CERTGeneralName *genName, - PRArenaPool *arena) -{ - SECItem *oid; - SECOidData *oidData; - SECItem *ipaddress; - SECItem *temp = NULL; - int i; - int nameType; - PRBool binary = PR_FALSE; - SECStatus rv = SECSuccess; - PRBool nickname; - - PORT_Assert(genName); - PORT_Assert(arena); - nameType = *(name + PORT_Strlen(name) - 1) - '0'; - if (nameType == 0 && *(name +PORT_Strlen(name) - 2) == '1') { - nickname = PR_TRUE; - nameType = certOtherName; - } - if (nameType < 1 || nameType > 9) { - error_out("ERROR: Unknown General Name Type"); - } - *(name + PORT_Strlen(name) - 4) = '\0'; - genName->type = nameType; - - switch (genName->type) { - case certURI: - case certRFC822Name: - case certDNSName: { - genName->name.other.data = (unsigned char *)name; - genName->name.other.len = PORT_Strlen(name); - break; - } - - case certIPAddress: { - ipaddress = string_to_ipaddress(name); - genName->name.other.data = ipaddress->data; - genName->name.other.len = ipaddress->len; - break; - } - - case certRegisterID: { - oid = string_to_oid(name); - genName->name.other.data = oid->data; - genName->name.other.len = oid->len; - break; - } - - case certEDIPartyName: - case certX400Address: { - - genName->name.other.data = PORT_ArenaAlloc (arena, - PORT_Strlen (name) + 2); - if (genName->name.other.data == NULL) { - error_allocate(); - } - - PORT_Memcpy (genName->name.other.data + 2, name, PORT_Strlen (name)); - /* This may not be accurate for all cases. - For now, use this tag type */ - genName->name.other.data[0] = (char)(((genName->type - 1) & - 0x1f)| 0x80); - genName->name.other.data[1] = (char)PORT_Strlen (name); - genName->name.other.len = PORT_Strlen (name) + 2; - break; - } - - case certOtherName: { - i = 0; - if (!nickname) { - while (!isdigit(*(name + PORT_Strlen(name) - i))) { - i++; - } - if (*(name + PORT_Strlen(name) - i) == '1') { - binary = PR_TRUE; - } else { - binary = PR_FALSE; - } - while (*(name + PORT_Strlen(name) - i) != '-') { - i++; - } - *(name + PORT_Strlen(name) - i - 1) = '\0'; - i = 0; - while (*(name + i) != '-') { - i++; - } - *(name + i - 1) = '\0'; - oid = string_to_oid(name + i + 2); - } else { - oidData = SECOID_FindOIDByTag(SEC_OID_NETSCAPE_NICKNAME); - oid = &oidData->oid; - while (*(name + PORT_Strlen(name) - i) != '-') { - i++; - } - *(name + PORT_Strlen(name) - i) = '\0'; - } - genName->name.OthName.oid.data = oid->data; - genName->name.OthName.oid.len = oid->len; - if (binary) { - temp = string_to_binary(name); - genName->name.OthName.name.data = temp->data; - genName->name.OthName.name.len = temp->len; - } else { - temp = (SECItem *) PORT_ZAlloc(sizeof(SECItem)); - if (temp == NULL) { - error_allocate(); - } - temp->data = (unsigned char *)name; - temp->len = PORT_Strlen(name); - SEC_ASN1EncodeItem (arena, &(genName->name.OthName.name), temp, - CERTIA5TypeTemplate); - } - PORT_Free(temp); - break; - } - - case certDirectoryName: { - CERTName *directoryName = NULL; - - directoryName = CERT_AsciiToName (name); - if (!directoryName) { - error_out("ERROR: Improperly formated alternative name"); - break; - } - rv = CERT_CopyName (arena, &genName->name.directoryName, - directoryName); - CERT_DestroyName (directoryName); - - break; - } - } - genName->l.next = &(genName->l); - genName->l.prev = &(genName->l); - return rv; -} - - -static CERTGeneralName * -MakeAltName(Pair *data, - char *which, - PRArenaPool *arena) -{ - CERTGeneralName *SubAltName; - CERTGeneralName *current; - CERTGeneralName *newname; - char *name = NULL; - SECStatus rv = SECSuccess; - int len; - - - len = PORT_Strlen(which); - name = find_field(data, which, PR_TRUE); - SubAltName = current = (CERTGeneralName *) PORT_ZAlloc - (sizeof(CERTGeneralName)); - if (current == NULL) { - error_allocate(); - } - while (name != NULL) { - - rv = MakeGeneralName(name, current, arena); - - if (rv != SECSuccess) { - break; - } - if (*(which + len -1) < '9') { - *(which + len - 1) = *(which + len - 1) + 1; - } else { - if (isdigit(*(which + len - 2) )) { - *(which + len - 2) = *(which + len - 2) + 1; - *(which + len - 1) = '0'; - } else { - *(which + len - 1) = '1'; - *(which + len) = '0'; - *(which + len + 1) = '\0'; - len++; - } - } - len = PORT_Strlen(which); - name = find_field(data, which, PR_TRUE); - if (name != NULL) { - newname = (CERTGeneralName *) PORT_ZAlloc(sizeof(CERTGeneralName)); - if (newname == NULL) { - error_allocate(); - } - current->l.next = &(newname->l); - newname->l.prev = &(current->l); - current = newname; - newname = NULL; - } else { - current->l.next = &(SubAltName->l); - SubAltName->l.prev = &(current->l); - } - } - if (rv == SECFailure) { - return NULL; - } - return SubAltName; -} - -static CERTNameConstraints * -MakeNameConstraints(Pair *data, - PRArenaPool *arena) -{ - CERTNameConstraints *NameConstraints; - CERTNameConstraint *current = NULL; - CERTNameConstraint *last_permited = NULL; - CERTNameConstraint *last_excluded = NULL; - char *constraint = NULL; - char *which; - SECStatus rv = SECSuccess; - int len; - int i; - long max; - long min; - PRBool permited; - - - NameConstraints = (CERTNameConstraints *) PORT_ZAlloc - (sizeof(CERTNameConstraints)); - which = make_copy_string("NameConstraintSelect0", 25,'\0'); - len = PORT_Strlen(which); - constraint = find_field(data, which, PR_TRUE); - NameConstraints->permited = NameConstraints->excluded = NULL; - while (constraint != NULL) { - current = (CERTNameConstraint *) PORT_ZAlloc - (sizeof(CERTNameConstraint)); - if (current == NULL) { - error_allocate(); - } - i = 0; - while (*(constraint + PORT_Strlen(constraint) - i) != '-') { - i++; - } - *(constraint + PORT_Strlen(constraint) - i - 1) = '\0'; - max = (long) atoi(constraint + PORT_Strlen(constraint) + 3); - if (max > 0) { - (void) SEC_ASN1EncodeInteger(arena, ¤t->max, max); - } - i = 0; - while (*(constraint + PORT_Strlen(constraint) - i) != '-') { - i++; - } - *(constraint + PORT_Strlen(constraint) - i - 1) = '\0'; - min = (long) atoi(constraint + PORT_Strlen(constraint) + 3); - (void) SEC_ASN1EncodeInteger(arena, ¤t->min, min); - while (*(constraint + PORT_Strlen(constraint) - i) != '-') { - i++; - } - *(constraint + PORT_Strlen(constraint) - i - 1) = '\0'; - if (*(constraint + PORT_Strlen(constraint) + 3) == 'p') { - permited = PR_TRUE; - } else { - permited = PR_FALSE; - } - rv = MakeGeneralName(constraint, &(current->name), arena); - - if (rv != SECSuccess) { - break; - } - if (*(which + len - 1) < '9') { - *(which + len - 1) = *(which + len - 1) + 1; - } else { - if (isdigit(*(which + len - 2) )) { - *(which + len - 2) = *(which + len - 2) + 1; - *(which + len - 1) = '0'; - } else { - *(which + len - 1) = '1'; - *(which + len) = '0'; - *(which + len + 1) = '\0'; - len++; - } - } - len = PORT_Strlen(which); - if (permited) { - if (NameConstraints->permited == NULL) { - NameConstraints->permited = last_permited = current; - } - last_permited->l.next = &(current->l); - current->l.prev = &(last_permited->l); - last_permited = current; - } else { - if (NameConstraints->excluded == NULL) { - NameConstraints->excluded = last_excluded = current; - } - last_excluded->l.next = &(current->l); - current->l.prev = &(last_excluded->l); - last_excluded = current; - } - constraint = find_field(data, which, PR_TRUE); - if (constraint != NULL) { - current = (CERTNameConstraint *) PORT_ZAlloc(sizeof(CERTNameConstraint)); - if (current == NULL) { - error_allocate(); - } - } - } - if (NameConstraints->permited != NULL) { - last_permited->l.next = &(NameConstraints->permited->l); - NameConstraints->permited->l.prev = &(last_permited->l); - } - if (NameConstraints->excluded != NULL) { - last_excluded->l.next = &(NameConstraints->excluded->l); - NameConstraints->excluded->l.prev = &(last_excluded->l); - } - if (which != NULL) { - PORT_Free(which); - } - if (rv == SECFailure) { - return NULL; - } - return NameConstraints; -} - - - -static SECStatus -AddAltName(void *extHandle, - Pair *data, - char *issuerNameStr, - CERTCertDBHandle *handle, - int type) -{ - PRBool autoIssuer = PR_FALSE; - PRArenaPool *arena = NULL; - CERTGeneralName *genName = NULL; - CERTName *directoryName = NULL; - char *which = NULL; - char *name = NULL; - SECStatus rv = SECSuccess; - SECItem *issuersAltName = NULL; - CERTCertificate *issuerCert = NULL; - void *mark = NULL; - - - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if (arena == NULL) { - error_allocate(); - } - if (type == 0) { - which = make_copy_string("SubAltNameSelect0", 20,'\0'); - genName = MakeAltName(data, which, arena); - } else { - if (autoIssuer) { - autoIssuer = find_field_bool(data,"IssuerAltNameSourceRadio-auto", - PR_TRUE); - issuerCert = CERT_FindCertByNameString(handle, issuerNameStr); - rv = cert_FindExtension((*issuerCert).extensions, - SEC_OID_X509_SUBJECT_ALT_NAME, - issuersAltName); - if (issuersAltName == NULL) { - name = PORT_Alloc(PORT_Strlen((*issuerCert).subjectName) + 4); - PORT_Strcpy(name, (*issuerCert).subjectName); - PORT_Strcat(name, " - 5"); - } - } else { - which = make_copy_string("IssuerAltNameSelect0", 20,'\0'); - genName = MakeAltName(data, which, arena); - } - } - if (type == 0) { - EncodeAndAddExtensionValue(arena, extHandle, genName, - find_field_bool(data, "SubAltName-crit", - PR_TRUE), - SEC_OID_X509_SUBJECT_ALT_NAME, - (EXTEN_VALUE_ENCODER) - CERT_EncodeAltNameExtension); - - } else { - if (autoIssuer && (name == NULL)) { - rv = CERT_AddExtension - (extHandle, SEC_OID_X509_ISSUER_ALT_NAME, issuersAltName, - find_field_bool(data, "IssuerAltName-crit", PR_TRUE), PR_TRUE); - } else { - EncodeAndAddExtensionValue(arena, extHandle, genName, - find_field_bool(data, - "IssuerAltName-crit", - PR_TRUE), - SEC_OID_X509_ISSUER_ALT_NAME, - (EXTEN_VALUE_ENCODER) - CERT_EncodeAltNameExtension); - } - } - if (which != NULL) { - PORT_Free(which); - } - if (issuerCert != NULL) { - CERT_DestroyCertificate(issuerCert); - } -#if 0 - if (arena != NULL) { - PORT_ArenaRelease (arena, mark); - } -#endif - return rv; -} - - -static SECStatus -AddNameConstraints(void *extHandle, - Pair *data) -{ - PRBool autoIssuer = PR_FALSE; - PRArenaPool *arena = NULL; - CERTNameConstraints *constraints = NULL; - char *constraint = NULL; - SECStatus rv = SECSuccess; - - - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if (arena == NULL) { - error_allocate(); - } - constraints = MakeNameConstraints(data, arena); - if (constraints != NULL) { - EncodeAndAddExtensionValue(arena, extHandle, constraints, PR_TRUE, - SEC_OID_X509_NAME_CONSTRAINTS, - (EXTEN_VALUE_ENCODER) - CERT_EncodeNameConstraintsExtension); - } - if (arena != NULL) { - PORT_ArenaRelease (arena, NULL); - } - return rv; -} - - -static SECStatus -add_extensions(CERTCertificate *subjectCert, - Pair *data, - char *issuerNameStr, - CERTCertDBHandle *handle) -{ - void *extHandle; - SECStatus rv = SECSuccess; - - - extHandle = CERT_StartCertExtensions (subjectCert); - if (extHandle == NULL) { - error_out("ERROR: Unable to get certificates extension handle"); - } - if (find_field_bool(data, "keyUsage", PR_TRUE)) { - rv = AddKeyUsage(extHandle, data); - if (rv != SECSuccess) { - error_out("ERROR: Unable to add Key Usage extension"); - } - } - - if( find_field_bool(data, "extKeyUsage", PR_TRUE) ) { - rv = AddExtKeyUsage(extHandle, data); - if( SECSuccess != rv ) { - error_out("ERROR: Unable to add Extended Key Usage extension"); - } - } - - if (find_field_bool(data, "basicConstraints", PR_TRUE)) { - rv = AddBasicConstraint(extHandle, data); - if (rv != SECSuccess) { - error_out("ERROR: Unable to add Basic Constraint extension"); - } - } - if (find_field_bool(data, "subjectKeyIdentifier", PR_TRUE)) { - rv = AddSubKeyID(extHandle, data, subjectCert); - if (rv != SECSuccess) { - error_out("ERROR: Unable to add Subject Key Identifier Extension"); - } - } - if (find_field_bool(data, "authorityKeyIdentifier", PR_TRUE)) { - rv = AddAuthKeyID (extHandle, data, issuerNameStr, handle); - if (rv != SECSuccess) { - error_out("ERROR: Unable to add Authority Key Identifier extension"); - } - } - if (find_field_bool(data, "privKeyUsagePeriod", PR_TRUE)) { - rv = AddPrivKeyUsagePeriod (extHandle, data, subjectCert); - if (rv != SECSuccess) { - error_out("ERROR: Unable to add Private Key Usage Period extension"); - } - } - if (find_field_bool(data, "SubAltName", PR_TRUE)) { - rv = AddAltName (extHandle, data, NULL, NULL, 0); - if (rv != SECSuccess) { - error_out("ERROR: Unable to add Subject Alternative Name extension"); - } - } - if (find_field_bool(data, "IssuerAltName", PR_TRUE)) { - rv = AddAltName (extHandle, data, issuerNameStr, handle, 1); - if (rv != SECSuccess) { - error_out("ERROR: Unable to add Issuer Alternative Name Extension"); - } - } - if (find_field_bool(data, "NameConstraints", PR_TRUE)) { - rv = AddNameConstraints(extHandle, data); - if (rv != SECSuccess) { - error_out("ERROR: Unable to add Name Constraints Extension"); - } - } - if (find_field_bool(data, "netscape-cert-type", PR_TRUE)) { - rv = AddNscpCertType(extHandle, data); - if (rv != SECSuccess) { - error_out("ERROR: Unable to add Netscape Certificate Type Extension"); - } - } - if (find_field_bool(data, "netscape-base-url", PR_TRUE)) { - rv = add_IA5StringExtension(extHandle, - find_field(data, "netscape-base-url-text", - PR_TRUE), - find_field_bool(data, - "netscape-base-url-crit", - PR_TRUE), - SEC_OID_NS_CERT_EXT_BASE_URL); - if (rv != SECSuccess) { - error_out("ERROR: Unable to add Netscape Base URL Extension"); - } - } - if (find_field_bool(data, "netscape-revocation-url", PR_TRUE)) { - rv = add_IA5StringExtension(extHandle, - find_field(data, - "netscape-revocation-url-text", - PR_TRUE), - find_field_bool - (data, "netscape-revocation-url-crit", - PR_TRUE), - SEC_OID_NS_CERT_EXT_REVOCATION_URL); - if (rv != SECSuccess) { - error_out("ERROR: Unable to add Netscape Revocation URL Extension"); - } - } - if (find_field_bool(data, "netscape-ca-revocation-url", PR_TRUE)) { - rv = add_IA5StringExtension(extHandle, - find_field(data, - "netscape-ca-revocation-url-text", - PR_TRUE), - find_field_bool - (data, "netscape-ca-revocation-url-crit" - , PR_TRUE), - SEC_OID_NS_CERT_EXT_CA_REVOCATION_URL); - if (rv != SECSuccess) { - error_out("ERROR: Unable to add Netscape CA Revocation URL Extension"); - } - } - if (find_field_bool(data, "netscape-cert-renewal-url", PR_TRUE)) { - rv = add_IA5StringExtension(extHandle, - find_field(data, - "netscape-cert-renewal-url-text", - PR_TRUE), - find_field_bool - (data, "netscape-cert-renewal-url-crit", - PR_TRUE), - SEC_OID_NS_CERT_EXT_CERT_RENEWAL_URL); - if (rv != SECSuccess) { - error_out("ERROR: Unable to add Netscape Certificate Renewal URL Extension"); - } - } - if (find_field_bool(data, "netscape-ca-policy-url", PR_TRUE)) { - rv = add_IA5StringExtension(extHandle, - find_field(data, - "netscape-ca-policy-url-text", - PR_TRUE), - find_field_bool - (data, "netscape-ca-policy-url-crit", - PR_TRUE), - SEC_OID_NS_CERT_EXT_CA_POLICY_URL); - if (rv != SECSuccess) { - error_out("ERROR: Unable to add Netscape CA Policy URL Extension"); - } - } - if (find_field_bool(data, "netscape-ssl-server-name", PR_TRUE)) { - rv = add_IA5StringExtension(extHandle, - find_field(data, - "netscape-ssl-server-name-text", - PR_TRUE), - find_field_bool - (data, "netscape-ssl-server-name-crit", - PR_TRUE), - SEC_OID_NS_CERT_EXT_SSL_SERVER_NAME); - if (rv != SECSuccess) { - error_out("ERROR: Unable to add Netscape SSL Server Name Extension"); - } - } - if (find_field_bool(data, "netscape-comment", PR_TRUE)) { - rv = add_IA5StringExtension(extHandle, - find_field(data, "netscape-comment-text", - PR_TRUE), - find_field_bool(data, - "netscape-comment-crit", - PR_TRUE), - SEC_OID_NS_CERT_EXT_COMMENT); - if (rv != SECSuccess) { - error_out("ERROR: Unable to add Netscape Comment Extension"); - } - } - CERT_FinishExtensions(extHandle); - return (rv); -} - - - -char * -return_dbpasswd(PK11SlotInfo *slot, PRBool retry, void *data) -{ - char *rv; - - /* don't clobber our poor smart card */ - if (retry == PR_TRUE) { - return NULL; - } - rv = PORT_Alloc(4); - PORT_Strcpy(rv, "foo"); - return rv; -} - - -SECKEYPrivateKey * -FindPrivateKeyFromNameStr(char *name, - CERTCertDBHandle *certHandle) -{ - SECKEYPrivateKey *key; - CERTCertificate *cert; - CERTCertificate *p11Cert; - SECStatus status = SECSuccess; - - - /* We don't presently have a PK11 function to find a cert by - ** subject name. - ** We do have a function to find a cert in the internal slot's - ** cert db by subject name, but it doesn't setup the slot info. - ** So, this HACK works, but should be replaced as soon as we - ** have a function to search for certs accross slots by subject name. - */ - cert = CERT_FindCertByNameString(certHandle, name); - if (cert == NULL || cert->nickname == NULL) { - error_out("ERROR: Unable to retrieve issuers certificate"); - } - p11Cert = PK11_FindCertFromNickname(cert->nickname, NULL); - if (p11Cert == NULL) { - error_out("ERROR: Unable to retrieve issuers certificate"); - } - key = PK11_FindKeyByAnyCert(p11Cert, NULL); - return key; -} - -static SECItem * -SignCert(CERTCertificate *cert, - char *issuerNameStr, - Pair *data, - CERTCertDBHandle *handle, - int which_key) -{ - SECItem der; - SECItem *result = NULL; - SECKEYPrivateKey *caPrivateKey = NULL; - SECStatus rv; - PRArenaPool *arena; - SECOidTag algID; - - if (which_key == 0) { - caPrivateKey = FindPrivateKeyFromNameStr(issuerNameStr, handle); - } else { - caPrivateKey = privkeys[which_key - 1]; - } - if (caPrivateKey == NULL) { - error_out("ERROR: unable to retrieve issuers key"); - } - - arena = cert->arena; - - switch(caPrivateKey->keyType) { - case rsaKey: - algID = SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION; - break; - case dsaKey: - algID = SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST; - break; - default: - error_out("ERROR: Unknown key type for issuer."); - goto done; - break; - } - - rv = SECOID_SetAlgorithmID(arena, &cert->signature, algID, 0); - if (rv != SECSuccess) { - error_out("ERROR: Could not set signature algorithm id."); - } - - if (find_field_bool(data,"ver-1", PR_TRUE)) { - *(cert->version.data) = 0; - cert->version.len = 1; - } else { - *(cert->version.data) = 2; - cert->version.len = 1; - } - der.data = NULL; - der.len = 0; - (void) SEC_ASN1EncodeItem (arena, &der, cert, CERT_CertificateTemplate); - if (der.data == NULL) { - error_out("ERROR: Could not encode certificate.\n"); - } - rv = SEC_DerSignData (arena, &(cert->derCert), der.data, der.len, caPrivateKey, - algID); - if (rv != SECSuccess) { - error_out("ERROR: Could not sign encoded certificate data.\n"); - } -done: - SECKEY_DestroyPrivateKey(caPrivateKey); - return &(cert->derCert); -} - - -int -main(int argc, char **argv) -{ - int length = 500; - int remaining = 500; - int n; - int fields = 3; - int i; - int serial; - int chainLen; - int which_key; - char *pos; -#ifdef OFFLINE - char *form_output = "key=MIIBPTCBpzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA7SLqjWBL9Wl11Vlg%0AaMqZCvcQOL%2FnvSqYPPRP0XZy9SoAeyWzQnBOiCm2t8H5mK7r2jnKdAQOmfhjaJil%0A3hNVu3SekHOXF6Ze7bkWa6%2FSGVcY%2FojkydxFSgY43nd1iydzPQDp8WWLL%2BpVpt%2B%2B%0ATRhFtVXbF0fQI03j9h3BoTgP2lkCAwEAARYDZm9vMA0GCSqGSIb3DQEBBAUAA4GB%0AAJ8UfRKJ0GtG%2B%2BufCC6tAfTzKrq3CTBHnom55EyXcsAsv6WbDqI%2F0rLAPkn2Xo1r%0AnNhtMxIuj441blMt%2Fa3AGLOy5zmC7Qawt8IytvQikQ1XTpTBCXevytrmLjCmlURr%0ANJryTM48WaMQHiMiJpbXCqVJC1d%2FpEWBtqvALzZaOOIy&subject=CN%3D%22test%22%26serial-auto%3Dtrue%26serial_value%3D%26ver-1%3Dtrue%26ver-3%3Dfalse%26caChoiceradio-SignWithDefaultkey%3Dtrue%26caChoiceradio-SignWithRandomChain%3Dfalse%26autoCAs%3D%26caChoiceradio-SignWithSpecifiedChain%3Dfalse%26manCAs%3D%26%24"; -#else - char *form_output; -#endif - char *issuerNameStr; - char *certName; - char *DBdir = DB_DIRECTORY; - char *prefixs[10] = {"CA#1-", "CA#2-", "CA#3-", - "CA#4-", "CA#5-", "CA#6-", - "CA#7-", "CA#8-", "CA#9-", ""}; - Pair *form_data; - CERTCertificate *cert; - CERTCertDBHandle *handle; - CERTCertificateRequest *certReq = NULL; - int warpmonths = 0; - SECItem *certDER; -#ifdef FILEOUT - FILE *outfile; -#endif - SECStatus status = SECSuccess; - extern char prefix[PREFIX_LEN]; - SEC_PKCS7ContentInfo *certChain; - SECItem *encodedCertChain; - PRBool UChain = PR_FALSE; - - - progName = strrchr(argv[0], '/'); - progName = progName ? progName+1 : argv[0]; - - -#ifdef TEST - sleep(20); -#endif - SECU_ConfigDirectory(DBdir); - - PK11_SetPasswordFunc(return_dbpasswd); - status = NSS_InitReadWrite(DBdir); - if (status != SECSuccess) { - SECU_PrintPRandOSError(progName); - return -1; - } - handle = CERT_GetDefaultCertDB(); - - prefix[0]= '\0'; -#if !defined(OFFLINE) - form_output = (char*) PORT_Alloc(length); - if (form_output == NULL) { - error_allocate(); - } - pos = form_output; - while (feof(stdin) == 0 ) { - if (remaining <= 1) { - remaining += length; - length = length * 2; - form_output = PORT_Realloc(form_output, (length)); - if (form_output == NULL) { - error_allocate(); - } - pos = form_output + length - remaining; - } - n = fread(pos, 1, (size_t) (remaining - 1), stdin); - pos += n; - remaining -= n; - } - *pos = '&'; - pos++; - length = pos - form_output; -#else - length = PORT_Strlen(form_output); -#endif -#ifdef FILEOUT - printf("Content-type: text/plain\n\n"); - fwrite(form_output, 1, (size_t)length, stdout); - printf("\n"); -#endif -#ifdef FILEOUT - fwrite(form_output, 1, (size_t)length, stdout); - printf("\n"); - fflush(stdout); -#endif - form_data = make_datastruct(form_output, length); - status = clean_input(form_data); -#if !defined(OFFLINE) - PORT_Free(form_output); -#endif -#ifdef FILEOUT - i = 0; - while(return_name(form_data, i) != NULL) { - printf("%s",return_name(form_data,i)); - printf("=\n"); - printf("%s",return_data(form_data,i)); - printf("\n"); - i++; - } - printf("I got that done, woo hoo\n"); - fflush(stdout); -#endif - issuerNameStr = PORT_Alloc(200); - if (find_field_bool(form_data, "caChoiceradio-SignWithSpecifiedChain", - PR_FALSE)) { - UChain = PR_TRUE; - chainLen = atoi(find_field(form_data, "manCAs", PR_FALSE)); - PORT_Strcpy(prefix, prefixs[0]); - issuerNameStr = PORT_Strcpy(issuerNameStr, - "CN=Cert-O-Matic II, O=Cert-O-Matic II"); - if (chainLen == 0) { - UChain = PR_FALSE; - } - } else { - if (find_field_bool(form_data, "caChoiceradio-SignWithRandomChain", - PR_FALSE)) { - PORT_Strcpy(prefix,prefixs[9]); - chainLen = atoi(find_field(form_data, "autoCAs", PR_FALSE)); - if (chainLen < 1 || chainLen > 18) { - issuerNameStr = PORT_Strcpy(issuerNameStr, - "CN=CA18, O=Cert-O-Matic II"); - } - issuerNameStr = PORT_Strcpy(issuerNameStr, "CN=CA"); - issuerNameStr = PORT_Strcat(issuerNameStr, - find_field(form_data,"autoCAs", PR_FALSE)); - issuerNameStr = PORT_Strcat(issuerNameStr,", O=Cert-O-Matic II"); - } else { - issuerNameStr = PORT_Strcpy(issuerNameStr, - "CN=Cert-O-Matic II, O=Cert-O-Matic II"); - } - chainLen = 0; - } - - i = -1; - which_key = 0; - do { - extern SECStatus cert_GetKeyID(CERTCertificate *cert); - i++; - if (i != 0 && UChain) { - PORT_Strcpy(prefix, prefixs[i]); - } - /* find_field(form_data,"subject", PR_TRUE); */ - certReq = makeCertReq(form_data, which_key); -#ifdef OFFLINE - serial = 900; -#else - serial = get_serial_number(form_data); -#endif - cert = MakeV1Cert(handle, certReq, issuerNameStr, PR_FALSE, - serial, warpmonths, form_data); - if (certReq != NULL) { - CERT_DestroyCertificateRequest(certReq); - } - if (find_field_bool(form_data,"ver-3", PR_TRUE)) { - status = add_extensions(cert, form_data, issuerNameStr, handle); - if (status != SECSuccess) { - error_out("ERROR: Unable to add extensions"); - } - } - status = cert_GetKeyID(cert); - if (status == SECFailure) { - error_out("ERROR: Unable to get Key ID."); - } - certDER = SignCert(cert, issuerNameStr, form_data, handle, which_key); - CERT_NewTempCertificate(handle, certDER, NULL, PR_FALSE, PR_TRUE); - issuerNameStr = find_field(form_data, "subject", PR_TRUE); - /* SECITEM_FreeItem(certDER, PR_TRUE); */ - CERT_DestroyCertificate(cert); - if (i == (chainLen - 1)) { - i = 8; - } - ++which_key; - } while (i < 9 && UChain); - - - -#ifdef FILEOUT - outfile = fopen("../certout", "wb"); -#endif - certName = find_field(form_data, "subject", PR_FALSE); - cert = CERT_FindCertByNameString(handle, certName); - certChain = SEC_PKCS7CreateCertsOnly (cert, PR_TRUE, handle); - if (certChain == NULL) { - error_out("ERROR: No certificates in cert chain"); - } - encodedCertChain = SEC_PKCS7EncodeItem (NULL, NULL, certChain, NULL, NULL, - NULL); - if (encodedCertChain) { -#if !defined(FILEOUT) - printf("Content-type: application/x-x509-user-cert\r\n"); - printf("Content-length: %d\r\n\r\n", encodedCertChain->len); - fwrite (encodedCertChain->data, 1, encodedCertChain->len, stdout); -#else - fwrite (encodedCertChain->data, 1, encodedCertChain->len, outfile); -#endif - - } else { - error_out("Error: Unable to DER encode certificate"); - } -#ifdef FILEOUT - printf("\nI got here!\n"); - fflush(outfile); - fclose(outfile); -#endif - fflush(stdout); - if (NSS_Shutdown() != SECSuccess) { - exit(1); - } - return 0; -} - diff --git a/security/nss/cmd/certcgi/index.html b/security/nss/cmd/certcgi/index.html deleted file mode 100644 index 0bd79f3ce..000000000 --- a/security/nss/cmd/certcgi/index.html +++ /dev/null @@ -1,956 +0,0 @@ -<HTML> <!-- -*- Mode: Java; tab-width: 8 -*- --> -<!-- - - The contents of this file are subject to the Mozilla Public - - License Version 1.1 (the "License"); you may not use this file - - except in compliance with the License. You may obtain a copy of - - the License at http://www.mozilla.org/MPL/ - - - - Software distributed under the License is distributed on an "AS - - IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - - implied. See the License for the specific language governing - - rights and limitations under the License. - - - - The Original Code is the Netscape security libraries. - - - - The Initial Developer of the Original Code is Netscape - - Communications Corporation. Portions created by Netscape are - - Copyright (C) 1994-2000 Netscape Communications Corporation. All - - Rights Reserved. - - - - Contributor(s): - - - - Alternatively, the contents of this file may be used under the - - terms of the GNU General Public License Version 2 or later (the - - "GPL"), in which case the provisions of the GPL are applicable - - instead of those above. If you wish to allow use of your - - version of this file only under the terms of the GPL and not to - - allow others to use your version of this file under the MPL, - - indicate your decision by deleting the provisions above and - - replace them with the notice and other provisions required by - - the GPL. If you do not delete the provisions above, a recipient - - may use your version of this file under either the MPL or the - - GPL. - --> -<HEAD> -<meta http-equiv="Content-Type" content="text/html; charset=utf-8"> -<SCRIPT LANGUAGE="JavaScript1.2"> - -script_url = 'http://interzone.mcom.com/cgi-bin/certomatic/bin/certcgi.cgi' - -ext_page_ver1 = - make_page_intro('Version 1 extensions', "#FFFFFF") + - '<layer ID="ext1">' + - 'Version 1 X.509 certs do not support extensions' + - '</layer>' + - '</body></html>'; - -cur_page = 1; - -num_ca = 0; - -index_list = - '0, your_certificate_index_label,' + - '0, netscape_extensions_index_label,' + - '0, standard_extensions_index_label,' + - '0, certifying_authorities_index_label'; - -var main_page = - make_page_intro('Your Key', "#FFFFFF") + - '<layer ID="main" SRC="main.html">' + - '</layer>' + - '</body></html>' ; - -add_index_list = ''; - -max_pages = 13; - -ver = 3 - -ext_page_array = new Array(max_pages); - -index_label = 'Options'; - -your_certificate_index_label = 'Your Certificate'; - -netscape_extensions_index_label = 'Netscape X.509 Extensions'; - -standard_extensions_index_label = 'Standard X.509 Extensions'; - -certifying_authorities_index_label = 'Certifying Authorities'; - -add_sub_alt_name_index_label = 'Add Subject Alternative Name'; - -function setSubAltNameType(form) -{ - with(form) - { - if (SubAltNameRadio[0].checked) - { - return true; - } - if (SubAltNameRadio[3].checked || SubAltNameRadio[5].checked) - { - SubAltNameDataType.checked = true; - return true; - } - if (SubAltNameRadio[1].checked || SubAltNameRadio[2].checked || - SubAltNameRadio[4].checked || SubAltNameRadio[6].checked || - SubAltNameRadio[7].checked || SubAltNameRadio[8].checked) - { - SubAltNameDataType.checked = false; - return true; - } - } - return true; -} - -function setIssuerAltNameType(form) -{ - with(form) - { - if (IssuerAltNameRadio[0].checked) - { - return true; - } - if (IssuerAltNameRadio[3].checked || IssuerAltNameRadio[5].checked) - { - IssuerAltNameDataType.checked = true; - return true; - } - if (IssuerAltNameRadio[1].checked || IssuerAltNameRadio[2].checked || - IssuerAltNameRadio[4].checked || IssuerAltNameRadio[6].checked || - IssuerAltNameRadio[7].checked || IssuerAltNameRadio[8].checked) - { - IssuerAltNameDataType.checked = false; - return true; - } - } - return true; -} - - -function setNameConstraintNameType(form) -{ - with(form) - { - if (NameConstraintRadio[0].checked) - { - return true; - } - if (NameConstraintRadio[3].checked || NameConstraintRadio[5].checked) - { - NameConstraintNameDataType.checked = true; - return true; - } - if (NameConstraintRadio[1].checked || NameConstraintRadio[2].checked || - NameConstraintRadio[4].checked || NameConstraintRadio[6].checked || - NameConstraintRadio[7].checked || NameConstraintRadio[8].checked) - { - NameConstraintNameDataType.checked = false; - return true; - } - } - return true; -} - - -function addSubAltName(form) -{ - - with(form) - { - var len = SubAltNameSelect.length; - var value; - var i = 0; - while(!(i == (SubAltNameRadio.length - 1)) & !(SubAltNameRadio[i].checked == true)) - { - i++; - } - if (i != 0) - { - value = SubAltNameText.value + " - " + (i + 1); - } - else - { - value = SubAltNameText.value + " - " + SubAltNameOtherNameOID.value + " - "; - if (SubAltNameDataType.checked) - { - value += "1 - "; - } - else - { - value += "0 - "; - } - value += (i + 1); - if (SubAltNameOtherNameOID.value == "") - { - alert("Other names must include an OID"); - return false; - } - } - - if ((SubAltNameText.value == "") | (SubAltNameRadio[i].checked != true)) - { - alert("Alternative Names must include values for name and name type."); - } - else - { - SubAltNameSelect.options[len] = new Option(value, value); - } - } - return true; -} - -function deleteSubAltName(form) -{ - with(form) - { - while (SubAltNameSelect.selectedIndex >= 0) - { - SubAltNameSelect[SubAltNameSelect.selectedIndex] = null; - } - } -} - -function addIssuerAltName(form) -{ - with(form) - { - var len = IssuerAltNameSelect.length; - var value; - var i = 0; - - while(!(i == (IssuerAltNameRadio.length -1)) & !(IssuerAltNameRadio[i].checked == true)) - { - i++; - } - if (i != 0) - { - value = IssuerAltNameText.value + " - " + (i + 1); - } - else - { - value = IssuerAltNameText.value + " - " + IssuerAltNameOtherNameOID.value + " - "; - if (IssuerAltNameDataType.checked) - { - value += "1 - "; - } - else - { - value += "0 - "; - } - value += (i + 1); - if (IssuerAltNameOtherNameOID.value == "") - { - alert("Other names must include an OID"); - return false; - } - } - if ((IssuerAltNameText.value == "") | (IssuerAltNameRadio[i].checked != true)) - { - alert("Alternative Names must include values for name and name type.") - } - else - { - IssuerAltNameSelect.options[len] = new Option(value, value); - } - } - return true; -} - -function deleteIssuerAltName(form) -{ - with(form) - { - while (IssuerAltNameSelect.selectedIndex >= 0) - { - IssuerAltNameSelect[IssuerAltNameSelect.selectedIndex] = null; - } - } -} - - - -function addNameConstraint(form) -{ - with(form) - { - var len = NameConstraintSelect.length; - var value; - var i = 0; - var min = NameConstraintMin.value; - var max = NameConstraintMax.value; - - while(!(i == (NameConstraintRadio.length - 1) ) & !(NameConstraintRadio[i].checked == true)) - { - i++; - } - value = NameConstraintText.value + " - "; - if (i == 0) - { - value += NameConstraintOtherNameOID.value + " - "; - if (NameConstraintNameDataType.checked) - { - value += "1 - "; - } - else - { - value += "0 - "; - } - if (NameConstraintOtherNameOID.value == "") - { - alert("Other names must include an OID"); - return false; - } - } - value += (i + 1) + " - "; - if (NameConstraintTypeRadio[0].checked == true) - { - value += "p - "; - } - else - { - value += "e - "; - } - value += min + " - " + max; - if ((min == "") | (NameConstraintText.value == "") | (NameConstraintRadio[i].checked != true)) - { - alert("Name Constraints must include values for minimum, name, and name type.") - } - else - { - NameConstraintSelect.options[len] = new Option(value, value); - } - } - return true; -} - -function deleteNameConstraint(form) -{ - with(form) - { - while (NameConstraintSelect.selectedIndex >= 0) - { - NameConstraintSelect[NameConstraintSelect.selectedIndex] = null; - } - } -} - - -function submit_it() -{ - save_cur_page(cur_page); - - var array_string; - var subject = ext_page_array[0][22][0]; - var serial = ext_page_array[0][10][0]; - var ver1 = (ver == 1); - var ver3 = (ver == 3); - var serial_number = ext_page_array[0][12][0]; - var notBefore = ext_page_array[0][20][0]; - var notAfter = ext_page_array[0][21][0]; - var manValidity = ext_page_array[0][19][0]; - - if (subject == "") - { - alert("The DN field must contain some data"); - return false; - } - if (!serial & serial_number == "") - { - alert("No serial number specified"); - return false; - } - if (ext_page_array[0][15][0]) - { - var keygen = "<keygen name=\"key\" challenge=\"foo\">"; - } - else - { - switch (ext_page_array[0][17][0]) { - case 2: - var keygen = "<keygen keytype=\"dsa\" pqg=\"MIGdAkEAjfKklEkidqo9JXWbsGhpy+rA2Dr7jQz3y7gyTw14guXQdi/FtyEOr8Lprawyq3qsSWk9+/g3JMLsBzbuMcgCkQIVAMdzIYxzfsjumTtPLe0w9I7azpFfAkEAYm0CeDnqChNBMWOlW0y1ACmdVSKVbO/LO/8Q85nOLC5xy53l+iS6v1jlt5UhklycxC6fb0ZLCIzFcq9T5teIAg==\" name=\"key\" challenge=\"foo\">"; - break; - case 1: - var keygen = "<keygen keytype=\"dsa\" pqg=\"MIHaAmDCboVgX0+6pEeMlbwsasWDVBcJNHPKMzkq9kbCRK2U3k+tE15n+Dc2g3ZjDYr1um51e2iLC34/BwAAAAAAAAAAAAAAAAAAAAAAAAABbBhnlFN5Djmt0Mk8cdEBY5H8iPMCFMhUnFtbpjn3EyfH2DjVg3ALh7FtAmA2zWzhpeCwvOTjYnQorlXiv0WcnSiWmaC79CRYkFt5i+UEfRxwP1eNGJBVB1T+CPW6JGd4WhgsqtSf53pn5DEtv++O7lNfXyOhWhb3KaWHYIx8fuAXtioIWkWmpfEIVZA=\" name=\"key\" challenge=\"foo\">"; - break; - case 0: - var keygen = "<keygen keytype=\"dsa\" pqg=\"MIIBHAKBgId8SiiWrcdua5zbsBhPkKfFcnHBG7T/bQla7c6OixGjjmSSuq2fJLvMKa579CaxHxLZzZZXIHmAk9poRgWl2GUUkCJ68XSum8OQzDPXPsofcEdeANjw3mIAAAAAAAAAAAAAAAAAAAAAAAAIE+MkW5hguLIQqWvEVi9dMpbNu6OZAhTIA+y3TgyiwA0D8pt686ofaL1IOQKBgAiZQC6UCXztr2iXxJrAC+51gN5oX/R9Thilln9RGegsWnHrdxUOpcm5vAWp1LU8TOXtujE8kqkm3UxIRhUWQORe9IxLANAXmZJqkw9FEVHkxj6Cy9detwT2MyBzSwS6avsf7aLisgHmI/IHSeapJsQ3NQa3rikb6zRiqIV+TVa6\" name=\"key\" challenge=\"foo\">"; - break; - } - } - array_string = build_array_string(); - hiddens = "<input type=\"hidden\" name=\"subject\" value=\'" + subject + "\'> \n" + - "<input type=\"hidden\" name=\"serial-auto\" value=\"" + serial + "\"> \n" + - "<input type=\"hidden\" name=\"serial_value\" value=\"" + serial_number + "\"> \n" + - "<input type=\"hidden\" name=\"ver-1\" value=\"" + ver1 + "\"> \n" + - "<input type=\"hidden\" name=\"ver-3\" value=\"" + ver3 + "\"> \n" + - "<input type=\"hidden\" name=\"notBefore\" value=\"" + notBefore + "\"> \n" + - "<input type=\"hidden\" name=\"notAfter\" value=\"" + notAfter + "\"> \n" + - "<input type=\"hidden\" name=\"manValidity\" value=\"" + manValidity + "\"> \n" + - array_string; - - var good_submit_page = - '<html>' + - '<BODY TEXT="#000000" LINK="#000000" VLINK="#000000" ALINK="#FF0000" BGCOLOR="#FFFFFF">' + - '<form method="post" action="' + script_url + '">' + - 'Select size for your key:' + keygen + '</p>' + - '<input type="submit"></p>' + - hiddens + - '</form>\n' + - '</body>\n' + - '</html>\n'; - - window.frames.extensions.document.write(good_submit_page); - window.frames.extensions.document.close(); - cur_page = max_pages + 1; - make_index(window); - return false; -} - - - -function build_array_string() -{ - var j; - var array_string = ''; - var pages; - - if ((ext_page_array[3][4][0] > 0) && ext_page_array[3][3][0]) - { - pages = 4 + parseInt(ext_page_array[3][4][0]); - } - else - { - pages = 4; - } - for (j = 1; j < pages; j++) - { - if ((j > 1 || (ver == 3)) && - (ext_page_array[j].length > 1)) - { - if (j < 4) - { - for (i = 0; i < ext_page_array[j].length; i++) - { - if (ext_page_array[j][i][3].indexOf("radio") == -1) - { - if (ext_page_array[j][i][3].indexOf("multiple") == -1) - { - array_string += '<input type=\"hidden\" name=\"' + ext_page_array[j][i][1] + '\" value=\'' + ext_page_array[j][i][0] + '\'> \n'; - } - else - { - for (k = 0; k < ext_page_array[j][i][0].length; k++) - { - array_string += '<input type=\"hidden\" name=\"' + ext_page_array[j][i][1] + k + '\" value=\'' + ext_page_array[j][i][0][k] + '\'> \n'; - } - } - } - else - { - array_string += '<input type=\"hidden\" name=\"' + ext_page_array[j][i][1] + '-' + ext_page_array[j][i][2] + '\" value=\'' + ext_page_array[j][i][0] + '\'> \n'; - } - } - } - else - { - for (i = 0; i < ext_page_array[j].length; i++) - { - if (ext_page_array[j][i][3].indexOf("radio") == -1) - { - if (ext_page_array[j][i][3].indexOf("multiple") == -1) - { - array_string += '<input type=\"hidden\" name=\"' + 'CA#' + (j - 3) + '-' + ext_page_array[j][i][1] + '\" value=\'' + ext_page_array[j][i][0] +'\'> \n'; - } - else - { - for (k = 0; k < ext_page_array[j][i][0].length; k++) - { - array_string += '<input type=\"hidden\" name=\"' + 'CA#' + (j - 3) + '-' + ext_page_array[j][i][1] + k + '\" value=\'' + ext_page_array[j][i][0][k] + '\'> \n'; - } - } - } - else - { - array_string += '<input type=\"hidden\" name=\"' + 'CA#' + (j - 3) + '-' + ext_page_array[j][i][1] + '-' + ext_page_array[j][i][2] + '\" value=\'' + ext_page_array[j][i][0] + '\'> \n'; - } - } - } - } - } - return array_string; -} - - - -function init_ext_page_array() -{ - for (i = 0; i < max_pages; i++) - { - ext_page_array[i] = ''; - } -} - -function ca_num_change(n,ca_form) -{ - with(ca_form) - { - n = parseInt(n,10); - if (caChoiceradio[2].checked) - { - if (n) - { - update_index(n); - } - else - { - update_index(0); - } - } - } -} - -function choice_change(ca_form) -{ - with(ca_form) - { - if (caChoiceradio[2].checked) - { - ca_num_change(manCAs.value,ca_form); - } - else - { - update_index(0); - } - } -} - -function update_index(n) -{ - var add_string = ''; - for (var i = 0; i < n; i++) - { - var j = i + 1; - add_string = add_string + ',1, \'CA #' + j + '\''; - } - top.add_index_list = add_string; - num_ca = n; - make_index(window); -} - -function set_ver1() -// redraws the extensions page for version 1 certificates -{ - ver = 1 - if (cur_page == 2 || cur_page == 3) - { - sa_switch_pane(window, cur_page, cur_page); - } -} - - -function set_ver3() -// redraws the extensions page for version 3 certificates -{ - ver = 3 - if (cur_page == 2) - { - sa_switch_pane(window, 0, 2); - } - else if (cur_page == 3) - { - sa_switch_pane(window, 0, 3); - } -} - -function reset_subject(marker, value, form) -// Updates the subject field from a subordinate field -{ - with(form) - { - var field_sep = '", '; - var begin_index = subject.value.indexOf(marker); - if (begin_index != 0 && subject.value[begin_index - 1] != ' ') - { - begin_index = subject.value.indexOf(marker, begin_index +1); - } - var end_index = subject.value.indexOf(field_sep, begin_index); - if (begin_index > -1) // is it a delete/change? - { - if (end_index == -1) // is it the last one (includes only one)? - { - if (value.length > 0) // do I have to change it? - { - if (begin_index == 0) // is is the only one? - { - subject.value = marker + '"' + value + '"'; - } - else // it is the last of many - { - subject.value = subject.value.substring(0,begin_index) + marker + '"' + value + '"'; - } - } - else // must be a delete - { - if (begin_index == 0) // is it the only one? - { - begin_index += 2; - } - subject.value = subject.value.substring(0,(begin_index - 2)); - } - } - else // it is the first of many or a middle one - { - if (value.length >0) // do I have to change it? - { - subject.value = subject.value.substring(0,(begin_index + marker.length + 1)) + value + subject.value.substring(end_index,subject.length); - } - else // it is a delete - { - subject.value = subject.value.substring(0,begin_index) + subject.value.substring((end_index + 3),subject.length); - } - } - } - else // It is either an insert or a do nothing - { - if (value.length > 0) // is it an insert? - { - if (subject.value.length == 0) // is subject currently empty? - { - subject.value = marker + '"' + value + '"'; - } - else - { - subject.value = subject.value + ', ' + marker + '"' + value + '"'; - } - } - } - } -} - - - -function reset_subjectFields(form) -// updates all the subordinate fields from the subject field of a form -// ************ move the strings to global variables, to make maintentance easier **************** -{ - - update_subject_Field(form, 'CN=\"', form.name); - update_subject_Field(form, 'MAIL=\"', form.email); - update_subject_Field(form, 'O=\"', form.org); - update_subject_Field(form, 'C=\"', form.country); - update_subject_Field(form, ' L=\"', form.loc); - update_subject_Field(form, 'ST=\"', form.state); - update_subject_Field(form, 'E=\"', form.email); - update_subject_Field(form, 'OU=\"', form.org_unit); - update_subject_Field(form, 'UID=\"', form.uid); -} - -function update_subject_Field(form, marker, update_field) -//updates a single subordinate field from the subject field of a form -// *************** need to deal with the two types of e-mail addresses ************** -{ - with(form) - { - var field_sep = '", '; - var begin_index = subject.value.indexOf(marker) + marker.length; - var end_index = subject.value.indexOf(field_sep, begin_index); - if (end_index == -1) - { - end_index = subject.value.indexOf('"',begin_index); - } - if (begin_index != (-1 + marker.length) ) - { - update_field.value = subject.value.substring(begin_index, end_index); - } - else - { - update_field.value = ''; - } - } -} - - -function switch_mail(form) - // *************** I need to figure out if I want to delete the other type of e-mail address ************ -{ - if (form.email_type[0].checked) - { - var del = 'E='; - var ins = 'MAIL='; - } - else - { - var del = 'MAIL='; - var ins = 'E='; - } - reset_subject(del, '', form); - reset_subject(ins, form.email.value, form); -} - -function make_page_intro(title, bgcolor) -{ - var style = '<STYLE TYPE="text/css">BODY{' + - 'font-family: Geneva,MS Sans Serif,Arial,Lucida,Helvetica,sans-serif;' + - 'font-size: 10pt;' + - '}' + - 'TD{' + - 'font-family: Geneva,MS Sans Serif,Arial,Lucida,Helvetica,sans-serif;' + - 'font-size: 10pt;}' + - '</STYLE>'; - - if (bgcolor == null) { bgcolor = "#C0C0C0"; } - return '<HTML><HEAD>' + - '<TITLE>' + title + '</TITLE>' + - '</HEAD>' + - '<BODY TEXT="#000000" LINK="#000000" VLINK="#000000" ALINK="#FF0000" ' + - 'BGCOLOR="' + bgcolor + '">'; -} - - -function make_index(window) -{ - with (window.frames.index) - { - eval ('index_string = make_index_page(cur_page, ' + index_list + add_index_list + ' )'); - fool1 = make_page_intro(index_label, "#FFFFFF") + - index_string + '</BODY></HTML>'; - document.write(fool1); - document.close(); - } -} - - -function save_cur_page(page_number) -{ - var len; - var j = page_number - 1; - if (frames.extensions.document.layers.length != 0) - { - with (frames.extensions.document.layers[0].document) - { - if ((page_number != 2 && page_number != 3 && page_number <= max_pages) || - ver == 3) - { - ext_page_array[j] = new Array(forms[0].elements.length); - for (i = 0; i < forms[0].elements.length; i++) - { - ext_page_array[j][i] = new Array(4); - switch (forms[0].elements[i].type) - { - case 'radio': case 'checkbox': - ext_page_array[j][i][0] = forms[0].elements[i].checked; - break; - case 'select-one': - ext_page_array[j][i][0] = forms[0].elements[i].selectedIndex; - break; - case 'select-multiple': - len = forms[0].elements[i].options.length; - ext_page_array[j][i][0] = new Array(len); - for(k = 0; k < len; k++) - { - ext_page_array[j][i][0][k] = forms[0].elements[i].options[k].value; - } - break; - default: - ext_page_array[j][i][0] = forms[0].elements[i].value; - } - ext_page_array[j][i][1] = forms[0].elements[i].name; - ext_page_array[j][i][2] = forms[0].elements[i].value; - ext_page_array[j][i][3] = forms[0].elements[i].type; - } - } - } - } -} - -function reload_form(page_number) -{ - var j = page_number - 1; - with (frames.extensions.document.layers[0].document) - { - if (((page_number < 2 || page_number > 3) || ver == 3) - && page_number != 0 && (ext_page_array[j].length > 1)) - { - for (i = 0; i < ext_page_array[j].length; i++) - { - switch (forms[0].elements[i].type) - { - case 'radio': case 'checkbox': - forms[0].elements[i].checked = ext_page_array[j][i][0]; - break; - case 'select-one': - forms[0].elements[i].selectedIndex = ext_page_array[j][i][0]; - break; - case 'select-multiple': - for (k = 0; k < ext_page_array[j][i][0].length; k++) - { - forms[0].elements[i].options[k] = new Option(ext_page_array[j][i][0][k], - ext_page_array[j][i][0][k]); - } - break; - default: - forms[0].elements[i].value = ext_page_array[j][i][0]; - } - } - } - } -} - -function sa_switch_pane(top_window, old_pane, new_pane) -{ - var ext_page_stnd = - make_page_intro(standard_extensions_index_label, "#FFFFFF") + - '<layer ID="ext" SRC="stnd_ext_form.html">' + - '</layer>' + - '</body></html>'; - - var ext_page_nscp = - make_page_intro(netscape_extensions_index_label, "#FFFFFF") + - '<layer ID="ext" SRC="nscp_ext_form.html">' + - '</layer>' + - '</body></html>'; - - var ext_page_ca = - make_page_intro(certifying_authorities_index_label, "#FFFFFF") + - '<layer ID="ext" SRC="ca.html">' + - '</layer>' + - '</body</html>'; - - var ext_page_ca_exp = - make_page_intro('Certifying Authority Details', "#FFFFFF") + - '<layer ID="ext" SRC="ca_form.html">' + - '</layer>' + - '</body></html>'; - - - if (old_pane > 0 && cur_page <= max_pages) - { - save_cur_page(old_pane); - } - cur_page = new_pane; - make_index(top_window); - if (new_pane == 2 || new_pane == 3) - { - if (ver == 1) - { - frames.extensions.document.write(ext_page_ver1); - frames.extensions.document.close(); - } - else - { - if (new_pane == 2) - { - frames.extensions.document.write(ext_page_nscp); - frames.extensions.document.close(); - reload_form(new_pane); - } - else - { - frames.extensions.document.write(ext_page_stnd); - frames.extensions.document.close(); - reload_form(new_pane); - } - } - } - else - { - if (new_pane == 4) - { - frames.extensions.document.write(ext_page_ca); - frames.extensions.document.close(); - reload_form(new_pane); - } - else - { - if (new_pane == 1) - { - frames.extensions.document.write(main_page); - frames.extensions.document.close(); - reload_form(new_pane); - } - else - { - frames.extensions.document.write(ext_page_ca_exp); - frames.extensions.document.close(); - reload_form(new_pane); - } - } - } -} - -function make_index_page(selected) -{ - var n_strings = ( make_index_page.arguments.length - 1 ) / 2; - var table_background; - var command; - var indent; - var label; - var ret_string = ""; - - ret_string += '<TABLE CELLSPACING=4>'; - for ( var i = 1; i <= n_strings; i++ ) { - if ( i == selected ) { - table_background = 'BGCOLOR=#BBCCBB'; - } else { - table_background = ''; - } - - indent = make_index_page.arguments[(i*2) - 1]; - label = make_index_page.arguments[(i*2)]; - - if ( indent == 0 ) { - ret_string += ('<TR><TD COLSPAN=2 ' + table_background + '>'); - } else { - ret_string += ('<TR><TD> </TD><TD ' + table_background + '>'); - } - - command = "'parent.sa_switch_pane(parent," + selected + "," + i + ")'"; - ret_string += ('<A HREF="javascript:void setTimeout(' + command + ',0)">'); - if ( indent == 0 ) { ret_string += "<B>"; } - ret_string += label; - if ( indent == 0 ) { ret_string += "</B>"; } - ret_string += '</A></TD></TR>'; - } - if (selected == (max_pages + 1)) - { - table_background = 'BGCOLOR=#BBCCBB'; - } else { - table_background = ''; - } - ret_string += - '<TR><TD COLSPAN=2 ' + table_background + - '><b><A HREF="javascript:void setTimeout(\'top.submit_it()\', 0)">Finish</A></b>' + - '</TD></TR>' + - '<input type="submit"></form>' + - '</TABLE>'; - return(ret_string); -} - - -function make_page(window) -// Draws the initial page setup -{ - selected = cur_page - init_ext_page_array() - - with (window.frames.extensions) { - document.write(main_page); - document.close(); - } - - make_index(window); - -} -</script> - -</HEAD> -<title>Cert-O-Matic</title> - <FRAMESET cols="150,*" BORDER=3 ONLOAD="make_page(window)"> - <FRAME SRC="about:blank" NAME="index" - MARGINWIDTH=15 MARGINHEIGHT=10 BORDER=3> - <FRAME SRC="about:blank" NAME="extensions" - MARGINWIDTH=15 MARGINHEIGHT=10 BORDER=3> - </FRAMESET> -</HTML> diff --git a/security/nss/cmd/certcgi/main.html b/security/nss/cmd/certcgi/main.html deleted file mode 100644 index 50e138aee..000000000 --- a/security/nss/cmd/certcgi/main.html +++ /dev/null @@ -1,105 +0,0 @@ -<HTML> -<!-- - - The contents of this file are subject to the Mozilla Public - - License Version 1.1 (the "License"); you may not use this file - - except in compliance with the License. You may obtain a copy of - - the License at http://www.mozilla.org/MPL/ - - - - Software distributed under the License is distributed on an "AS - - IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - - implied. See the License for the specific language governing - - rights and limitations under the License. - - - - The Original Code is the Netscape security libraries. - - - - The Initial Developer of the Original Code is Netscape - - Communications Corporation. Portions created by Netscape are - - Copyright (C) 1994-2000 Netscape Communications Corporation. All - - Rights Reserved. - - - - Contributor(s): - - - - Alternatively, the contents of this file may be used under the - - terms of the GNU General Public License Version 2 or later (the - - "GPL"), in which case the provisions of the GPL are applicable - - instead of those above. If you wish to allow use of your - - version of this file only under the terms of the GPL and not to - - allow others to use your version of this file under the MPL, - - indicate your decision by deleting the provisions above and - - replace them with the notice and other provisions required by - - the GPL. If you do not delete the provisions above, a recipient - - may use your version of this file under either the MPL or the - - GPL. - --> -<HEAD> - <TITLE>Main Layer for CertOMatic</TITLE> -</HEAD> - - <form method="post" name="primary_form" action="http://interzone.mcom.com/burp.cgi"> - <table border=0 cellspacing=10 cellpadding=0> - <tr> - <td> - Common Name:</td><td> <input type="text" name="name" onChange="{window.top.reset_subject('CN=', value, form)}"></p> - </td> - <td></td><td></td> - <td> - Organization: </td><td> <input type="text" name="org" onChange="{window.top.reset_subject('O=', value, form)}"></p></td> - <tr> - <td> - <input type="radio" name="email_type" value="1" onClick="window.top.switch_mail(form)">MAIL= - - <input type="radio" name="email_type" value="2" checked onClick="window.top.switch_mail(form)">E= - </td> - <td> - <input type="text" name="email" onChange="var temp;{if (email_type[0].checked) {temp = 'MAIL='} else {temp = 'E='}} ;{window.top.reset_subject(temp, value, form)}"> - </td> - <td></td><td></td><td> - Organizational Unit: </td><td><input type="text" name="org_unit" onChange="{window.top.reset_subject('OU=', value, form)}"></p></td> - <tr> - <td> - UID= </td><td><input type="text" name="uid" onChange="{window.top.reset_subject('UID=', value, form)}"></p></td> - <td></td><td></td><td> - Locality: </td><td><input type="text" name="loc" onChange="{window.top.reset_subject('L=', value, form)}"></p></td> - <tr> - <td> - State or Province: </td><td><input type="text" name="state" onChange="{window.top.reset_subject('ST=', value, form)}"></p></td> - <td></td><td></td><td> - Country: </td><td><input type="text" size="2" name="country" onChange="{window.top.reset_subject('C=', value, form)}" maxlength="2"></p></td> - <tr> - <td COLSPAN=2> - Serial Number: - <DD><input type="radio" name="serial" value="auto" checked> Auto Generate - <DD><input type="radio" name="serial" value="input"> - Use this hex value: <input type="text" name="serial_value" size="8" maxlength="8"></p> - </td> - <td></td> <td></td> - <td COLSPAN=2> - X.509 version: - <DD><input type="radio" name="ver" value="1" onClick="if (this.checked) {window.top.set_ver1();}"> Version 1 - <DD><input type="radio" name="ver" value="3" checked onClick="if (this.checked) {window.top.set_ver3();}"> Version 3</P></td> - <tr> - <td COLSPAN=2> - Key Type: - <DD><input type="radio" name="keyType" value="rsa" checked> RSA - <DD><input type="radio" name="keyType" value="dsa"> DSA</p> - Intermediate CA Key Sizes: - <DD><select name="keysize"> - <option>2048 (Very High Grade) - <option>1024 (High Grade) - <option>512 (Low Grade) - </select> - </td> - <td></td> <td></td> - <td COLSPAN=2> - Validity: - <DD><input type="radio" name="validity" value="auto" checked> - Generate Automatically - <DD><input type="radio" name="validity" value="man"> Use these values: - <DD>Not Before: <input type="text" size="15" maxlength="17" name="notBefore"> - <DD>Not After: <input type="text" size="15" maxlength="17" name="notAfter"> - <DD> - <FONT SIZE=-1><TT>YYMMDDhhmm[ss]{Z|+hhmm|-hhmm} </TT></FONT> - </table> - DN: <input type="text" name="subject" size="70" onChange="{window.top.reset_subjectFields(form)}"></P> - </form> -</HTML> diff --git a/security/nss/cmd/certcgi/manifest.mn b/security/nss/cmd/certcgi/manifest.mn deleted file mode 100644 index 9d659f821..000000000 --- a/security/nss/cmd/certcgi/manifest.mn +++ /dev/null @@ -1,50 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -CORE_DEPTH = ../../.. - -# MODULE public and private header directories are implicitly REQUIREd. -MODULE = nss - -# This next line is used by .mk files -# and gets translated into $LINCS in manifest.mnw -REQUIRES = seccmd dbm - -DEFINES = -DNSPR20 - -CSRCS = certcgi.c - -PROGRAM = certcgi - -USE_STATIC_LIBS = 1 - diff --git a/security/nss/cmd/certcgi/nscp_ext_form.html b/security/nss/cmd/certcgi/nscp_ext_form.html deleted file mode 100644 index de939eecb..000000000 --- a/security/nss/cmd/certcgi/nscp_ext_form.html +++ /dev/null @@ -1,113 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN"> -<html> -<!-- - - The contents of this file are subject to the Mozilla Public - - License Version 1.1 (the "License"); you may not use this file - - except in compliance with the License. You may obtain a copy of - - the License at http://www.mozilla.org/MPL/ - - - - Software distributed under the License is distributed on an "AS - - IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - - implied. See the License for the specific language governing - - rights and limitations under the License. - - - - The Original Code is the Netscape security libraries. - - - - The Initial Developer of the Original Code is Netscape - - Communications Corporation. Portions created by Netscape are - - Copyright (C) 1994-2000 Netscape Communications Corporation. All - - Rights Reserved. - - - - Contributor(s): - - - - Alternatively, the contents of this file may be used under the - - terms of the GNU General Public License Version 2 or later (the - - "GPL"), in which case the provisions of the GPL are applicable - - instead of those above. If you wish to allow use of your - - version of this file only under the terms of the GPL and not to - - allow others to use your version of this file under the MPL, - - indicate your decision by deleting the provisions above and - - replace them with the notice and other provisions required by - - the GPL. If you do not delete the provisions above, a recipient - - may use your version of this file under either the MPL or the - - GPL. - --> - - <body> - <table border=1 cellspacing=5 cellpadding=5> - <form method="post" name="primary_form" action="http://interzone.mcom.com/burp.cgi"> - <tr> - <td> - <b>Netscape Certificate Type: </b></p> - Activate extension: <input type="checkbox" name="netscape-cert-type"></P> - Critical: <input type="checkbox" name="netscape-cert-type-crit"> - <td> - <input type="checkbox" name="netscape-cert-type-ssl-client"> SSL Client</P> - <input type="checkbox" name="netscape-cert-type-ssl-server"> SSL Server</P> - <input type="checkbox" name="netscape-cert-type-smime"> S/MIME</P> - <input type="checkbox" name="netscape-cert-type-object-signing"> Object Signing</P> - <input type="checkbox" name="netscape-cert-type-reserved"> Reserved for future use (bit 4)</P> - <input type="checkbox" name="netscape-cert-type-ssl-ca"> SSL CA</P> - <input type="checkbox" name="netscape-cert-type-smime-ca"> S/MIME CA</P> - <input type="checkbox" name="netscape-cert-type-object-signing-ca"> Object Signing CA</P> - </tr> - <tr> - <td> - <b>Netscape Base URL:</b></p> - Activate extension: <input type="checkbox" name="netscape-base-url"></P> - Critical: <input type="checkbox" name="netscape-base-url-crit"> - <td> - <input type="text" name="netscape-base-url-text" size="50"> - </tr> - <tr> - <td> - <b>Netscape Revocation URL:</b></p> - Activate extension: <input type="checkbox" name="netscape-revocation-url"></P> - Critical: <input type="checkbox" name="netscape-revocation-url-crit"> - <td> - <input type="text" name="netscape-revocation-url-text" size="50"> - </tr> - <tr> - <td> - <b>Netscape CA Revocation URL:</b></p> - Activate extension: <input type="checkbox" name="netscape-ca-revocation-url"></P> - Critical: <input type="checkbox" name="netscape-ca-revocation-url-crit"> - <td> - <input type="text" name="netscape-ca-revocation-url-text" size="50"> - </tr> - <tr> - <td> - <b>Netscape Certificate Renewal URL:</b></p> - Activate extension: <input type="checkbox" name="netscape-cert-renewal-url"></P> - Critical: <input type="checkbox" name="netscape-cert-renewal-url-crit"> - <td> - <input type="text" name="netscape-cert-renewal-url-text" size="50"> - </tr> - <tr> - <td> - <b>Netscape CA Policy URL:</b></p> - Activate extension: <input type="checkbox" name="netscape-ca-policy-url"></P> - Critical: <input type="checkbox" name="netscape-ca-policy-url-crit"> - <td> - <input type="text" name="netscape-ca-policy-url-text" size="50"> - </tr> - <tr> - <td> - <b>Netscape SSL Server Name:</b></p> - Activate extension: <input type="checkbox" name="netscape-ssl-server-name"></P> - Critical: <input type="checkbox" name="netscape-ssl-server-name-crit"> - <td> - <input type="text" name="netscape-ssl-server-name-text" size="50"> - </tr> - <tr> - <td> - <b>Netscape Comment:</b></p> - Activate extension: <input type="checkbox" name="netscape-comment"></P> - Critical: <input type="checkbox" name="netscape-comment-crit"> - <td> - <textarea name="netscape-comment-text" rows="5" cols="50"></textarea> - </tr> - - </table> - </body> -</html> diff --git a/security/nss/cmd/certcgi/stnd_ext_form.html b/security/nss/cmd/certcgi/stnd_ext_form.html deleted file mode 100644 index ece9b2ff7..000000000 --- a/security/nss/cmd/certcgi/stnd_ext_form.html +++ /dev/null @@ -1,247 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN"> -<html> -<!-- - - The contents of this file are subject to the Mozilla Public - - License Version 1.1 (the "License"); you may not use this file - - except in compliance with the License. You may obtain a copy of - - the License at http://www.mozilla.org/MPL/ - - - - Software distributed under the License is distributed on an "AS - - IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - - implied. See the License for the specific language governing - - rights and limitations under the License. - - - - The Original Code is the Netscape security libraries. - - - - The Initial Developer of the Original Code is Netscape - - Communications Corporation. Portions created by Netscape are - - Copyright (C) 1994-2000 Netscape Communications Corporation. All - - Rights Reserved. - - - - Contributor(s): - - - - Alternatively, the contents of this file may be used under the - - terms of the GNU General Public License Version 2 or later (the - - "GPL"), in which case the provisions of the GPL are applicable - - instead of those above. If you wish to allow use of your - - version of this file only under the terms of the GPL and not to - - allow others to use your version of this file under the MPL, - - indicate your decision by deleting the provisions above and - - replace them with the notice and other provisions required by - - the GPL. If you do not delete the provisions above, a recipient - - may use your version of this file under either the MPL or the - - GPL. - --> - - <body> - <table border=1 cellspacing=5 cellpadding=5> - <form method="post" name="primary_form" action="http://interzone.mcom.com/burp.cgi"> - <tr> - <td> - <b>Key Usage: </b></p> - Activate extension: <input type="checkbox" name="keyUsage"></P> - Critical: <input type="checkbox" name="keyUsage-crit"> - <td> - <input type="checkbox" name="keyUsage-digitalSignature"> Digital Signature</P> - <input type="checkbox" name="keyUsage-nonRepudiation"> Non Repudiation</P> - <input type="checkbox" name="keyUsage-keyEncipherment"> Key Encipherment</P> - <input type="checkbox" name="keyUsage-dataEncipherment"> Data Encipherment</P> - <input type="checkbox" name="keyUsage-keyAgreement"> Key Agreement</P> - <input type="checkbox" name="keyUsage-keyCertSign"> Key Certificate Signing</P> - <input type="checkbox" name="keyUsage-cRLSign"> CRL Signing</P> - </tr> - <tr> - <td> - <b>Extended Key Usage: </b></p> - Activate extension: <input type="checkbox" name="extKeyUsage"></P> - Critical: <input type="checkbox" name="extKeyUsage-crit"> - <td> - <input type="checkbox" name="extKeyUsage-serverAuth"> Server Auth</P> - <input type="checkbox" name="extKeyUsage-clientAuth"> Client Auth</P> - <input type="checkbox" name="extKeyUsage-codeSign"> Code Signing</P> - <input type="checkbox" name="extKeyUsage-emailProtect"> Email Protection</P> - <input type="checkbox" name="extKeyUsage-timeStamp"> Timestamp</P> - <input type="checkbox" name="extKeyUsage-ocspResponder"> OCSP Responder</P> - <input type="checkbox" name="extKeyUsage-NS-govtApproved"> Step-up</P> - </tr> - <tr> - <td> - <b>Basic Constraints:</b></p> - Activate extension: <input type="checkbox" name="basicConstraints"></P> - Critical: <input type="checkbox" name="basicConstraints-crit"> - <td> - CA:</p> - <dd><input type=radio name="basicConstraints-cA-radio" value="CA"> True</p> - <dd><input type=radio name="basicConstraints-cA-radio" value="NotCA"> False</p> - <input type="checkbox" name="basicConstraints-pathLengthConstraint"> - Include Path length: <input type="text" name="basicConstraints-pathLengthConstraint-text" size="2"></p> - </tr> - <tr> - <td> - <b>Authority Key Identifier:</b></p> - Activate extension: <input type="checkbox" name="authorityKeyIdentifier"> - <td> - <input type="radio" name="authorityKeyIdentifier-radio" value="keyIdentifier"> Key Identider</p> - <input type="radio" name="authorityKeyIdentifier-radio" value="authorityCertIssuer"> Issuer Name and Serial number</p> - </tr> - <tr> - <td> - <b>Subject Key Identifier:</b></p> - Activate extension: <input type="checkbox" name="subjectKeyIdentifier"> - <td> - Key Identifier: - <input type="text" name="subjectKeyIdentifier-text"></p> - This is an:<p> - <dd><dd><input type="radio" name="subjectKeyIdentifier-radio" value="ascii"> ascii text value<p> - <dd><dd><input type="radio" name="subjectKeyIdentifier-radio" value="hex"> hex value<p> - </tr> - <tr> - <td> - <b>Private Key Usage Period:</b></p> - Activate extension: <input type="checkbox" name="privKeyUsagePeriod"></p> - Critical: <input type="checkbox" name="privKeyUsagePeriod-crit"> - <td> - Use:</p> - <dd><input type="radio" name="privKeyUsagePeriod-radio" value="notBefore"> Not Before</p> - <dd><input type="radio" name="privKeyUsagePeriod-radio" value="notAfter"> Not After</p> - <dd><input type="radio" name="privKeyUsagePeriod-radio" value="both" > Both</p> - <b>Not to be used to sign before:</b></p> - <dd><input type="radio" name="privKeyUsagePeriod-notBefore-radio" value="auto"> Set to time of certificate issue</p> - <dd><input type="radio" name="privKeyUsagePeriod-notBefore-radio" value="manual"> Use This value</p> - <dd><dd>(YYYY/MM/DD HH:MM:SS): - <input type="text" name="privKeyUsagePeriod-notBefore-year" size="4" maxlength="4">/ - <input type="text" name="privKeyUsagePeriod-notBefore-month" size="2" maxlength="2">/ - <input type="text" name="privKeyUsagePeriod-notBefore-day" size="2" maxlength="2"> - <input type="text" name="privKeyUsagePeriod-notBefore-hour" size="2" maxlength="2">: - <input type="text" name="privKeyUsagePeriod-notBefore-minute" size="2" maxlength="2">: - <input type="text" name="privKeyUsagePeriod-notBefore-second" size="2" maxlength="2"></p> - <b>Not to be used to sign after:</b></p> - <dd>(YYYY/MM/DD HH:MM:SS): - <input type="text" name="privKeyUsagePeriod-notAfter-year" size="4" maxlength="4">/ - <input type="text" name="privKeyUsagePeriod-notAfter-month" size="2" maxlength="2">/ - <input type="text" name="privKeyUsagePeriod-notAfter-day" size="2" maxlength="2"> - <input type="text" name="privKeyUsagePeriod-notAfter-hour" size="2" maxlength="2">: - <input type="text" name="privKeyUsagePeriod-notAfter-minute" size="2" maxlength="2">: - <input type="text" name="privKeyUsagePeriod-notAfter-second" size="2" maxlength="2"></p> - </tr> - <tr> - <td> - <b>Subject Alternative Name:</b></p> - Activate extension: <input type="checkbox" name="SubAltName"></P> - Critical: <input type="checkbox" name="SubAltName-crit"> - <td> - <table> - <tr> - <td> - General Names:</p> - <select name="SubAltNameSelect" multiple size="10"> - </select></p></p> - <input type="button" name="SubAltName-add" value="Add" onClick="{parent.addSubAltName(this.form)}"> - <input type="button" name="SubAltName-delete" value="Delete" onClick="parent.deleteSubAltName(this.form)"> - </td><td> - <table><tr><td> - Name Type: </td></tr><tr><td> - <input type="radio" name="SubAltNameRadio" value="otherName" onClick="parent.setSubAltNameType(form)"> Other Name, - OID: <input type="text" name="SubAltNameOtherNameOID" size="6"> </td><td> - <input type="radio" name="SubAltNameRadio" value="rfc822Name" onClick="parent.setSubAltNameType(form)"> RFC 822 Name</td></tr><td> - <input type="radio" name="SubAltNameRadio" value="dnsName" onClick="parent.setSubAltNameType(form)"> DNS Name </td><td> - <input type="radio" name="SubAltNameRadio" value="x400" onClick="parent.setSubAltNameType(form)"> X400 Address</td></tr><td> - <input type="radio" name="SubAltNameRadio" value="directoryName" onClick="parent.setSubAltNameType(form)"> Directory Name</td><td> - <input type="radio" name="SubAltNameRadio" value="ediPartyName" onClick="parent.setSubAltNameType(form)"> EDI Party Name</td></tr><td> - <input type="radio" name="SubAltNameRadio" value="URL" onClick="parent.setSubAltNameType(form)"> Uniform Resource Locator</td><td> - <input type="radio" name="SubAltNameRadio" value="ipAddress" onClick="parent.setSubAltNameType(form)"> IP Address</td></tr><td> - <input type="radio" name="SubAltNameRadio" value="regID"onClick="parent.setSubAltNameType(form)"> Registered ID</td><td> - <input type="radio" name="SubAltNameRadio" value="nscpNickname" onClick="parent.setSubAltNameType(form)"> Netscape Certificate Nickname</td><td></tr> - </table> - Name: <input type="text" name="SubAltNameText"> - Binary Encoded: <input type="checkbox" name="SubAltNameDataType" value="binary" onClick="parent.setSubAltNameType(form)"></p> - </tr> - </table> - </tr> - - - <tr> - <td> - <b>Issuer Alternative Name:</b></p> - Activate extension: <input type="checkbox" name="IssuerAltName"></P> - Critical: <input type="checkbox" name="IssuerAltName-crit"> - <td> - <input type="radio" name="IssuerAltNameSourceRadio" value="auto"> Use the Subject Alternative Name from the Issuers Certificate</p> - <input type="radio" name="IssuerAltNameSourceRadio" value="man"> Use this Name: - <table> - <tr> - <td> - General Names:</p> - <select name="IssuerAltNameSelect" multiple size="10"> - </select></p></p> - <input type="button" name="IssuerAltName-add" value="Add" onClick="{parent.addIssuerAltName(this.form)}"> - <input type="button" name="IssuerAltName-delete" value="Delete" onClick="parent.deleteIssuerAltName(this.form)"> - </td><td> - <table><tr><td> - Name Type: </td></tr><tr><td> - <input type="radio" name="IssuerAltNameRadio" value="otherName" onClick="parent.setIssuerAltNameType(form)"> Other Name, - OID: <input type="text" name="IssuerAltNameOtherNameOID" size="6"> </td><td> - <input type="radio" name="IssuerAltNameRadio" value="rfc822Name" onClick="parent.setIssuerAltNameType(form)"> RFC 822 Name</td></tr><td> - <input type="radio" name="IssuerAltNameRadio" value="dnsName" onClick="parent.setIssuerAltNameType(form)"> DNS Name </td><td> - <input type="radio" name="IssuerAltNameRadio" value="x400" onClick="parent.setIssuerAltNameType(form)"> X400 Address</td></tr><td> - <input type="radio" name="IssuerAltNameRadio" value="directoryName" onClick="parent.setIssuerAltNameType(form)"> Directory Name</td><td> - <input type="radio" name="IssuerAltNameRadio" value="ediPartyName" onClick="parent.setIssuerAltNameType(form)"> EDI Party Name</td></tr><td> - <input type="radio" name="IssuerAltNameRadio" value="URL" onClick="parent.setIssuerAltNameType(form)"> Uniform Resource Locator</td><td> - <input type="radio" name="IssuerAltNameRadio" value="ipAddress" onClick="parent.setIssuerAltNameType(form)"> IP Address</td></tr><td> - <input type="radio" name="IssuerAltNameRadio" value="regID" onClick="parent.setIssuerAltNameType(form)"> Registered ID</td><td></tr> - </table> - Name: <input type="text" name="IssuerAltNameText"> - Binary Encoded: <input type="checkbox" name="IssuerAltNameDataType" value="binary" onClick="parent.setIssuerAltNameType(form)"></p> - </tr> - </table> - </tr> - - <tr> - <td> - <b>Name Constraints:</b></p> - Activate extension: <input type="checkbox" name="NameConstraints"></P> - <td> - <table> - <tr> - <td> - Name Constraints:</p> - <select name="NameConstraintSelect" multiple size="10"> - </select></p></p> - <input type="button" name="NameConstraint-add" value="Add" onClick="{parent.addNameConstraint(this.form)}"> - <input type="button" name="NameConstraint-delete" value="Delete" onClick="parent.deleteNameConstraint(this.form)"> - </td><td> - <table><tr><td> - Name Type: </td></tr><tr><td> - <input type="radio" name="NameConstraintRadio" value="otherName" onClick="parent.setNameConstraintNameType(form)"> Other Name, - OID: <input type="text" name="NameConstraintOtherNameOID" size="6"> </td><td> - <input type="radio" name="NameConstraintRadio" value="rfc822Name" onClick="parent.setNameConstraintNameType(form)"> RFC 822 Name</td></tr><td> - <input type="radio" name="NameConstraintRadio" value="dnsName" onClick="parent.setNameConstraintNameType(form)"> DNS Name </td><td> - <input type="radio" name="NameConstraintRadio" value="x400" onClick="parent.setNameConstraintNameType(form)"> X400 Address</td></tr><td> - <input type="radio" name="NameConstraintRadio" value="directoryName" onClick="parent.setNameConstraintNameType(form)"> Directory Name</td><td> - <input type="radio" name="NameConstraintRadio" value="ediPartyName" onClick="parent.setNameConstraintNameType(form)"> EDI Party Name</td></tr><td> - <input type="radio" name="NameConstraintRadio" value="URL" onClick="parent.setNameConstraintNameType(form)"> Uniform Resource Locator</td><td> - <input type="radio" name="NameConstraintRadio" value="ipAddress" onClick="parent.setNameConstraintNameType(form)"> IP Address</td></tr><td> - <input type="radio" name="NameConstraintRadio" value="regID" onClick="parent.setNameConstraintNameType(form)"> Registered ID</td><td></tr> - </table> - Name: <input type="text" name="NameConstraintText"> - Binary Encoded: <input type="checkbox" name="NameConstraintNameDataType" value="binary" onClick="parent.setNameConstraintNameType(form)"></p> - Constraint type:<p> - <dd><input type="radio" name="NameConstraintTypeRadio" value="permited"> permited<p> - <dd><input type="radio" name="NameConstraintTypeRadio" value="excluded"> excluded<p> - Minimum: <input type="text" name="NameConstraintMin" size="8" maxlength="8"></p> - Maximum: <input type="text" name="NameConstraintMax" size="8" maxlength="8"></p> - </tr> - </table> - </tr> - - </table> - </body> -</html> - - - - - - - - diff --git a/security/nss/cmd/certutil/Makefile b/security/nss/cmd/certutil/Makefile deleted file mode 100644 index 8650a607d..000000000 --- a/security/nss/cmd/certutil/Makefile +++ /dev/null @@ -1,76 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - -include ../platlibs.mk - - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - - -include ../platrules.mk - diff --git a/security/nss/cmd/certutil/certutil.c b/security/nss/cmd/certutil/certutil.c deleted file mode 100644 index e52f82a38..000000000 --- a/security/nss/cmd/certutil/certutil.c +++ /dev/null @@ -1,3087 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Portions created by Sun Microsystems, Inc. are Copyright (C) 2003 - * Sun Microsystems, Inc. All Rights Reserved. - * - * Contributor(s): - * Dr Vipul Gupta <vipul.gupta@sun.com>, Sun Microsystems Laboratories - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -/* -** certutil.c -** -** utility for managing certificates and the cert database -** -*/ -#include <stdio.h> -#include <string.h> -#include <stdlib.h> - -#if defined(WIN32) -#include "fcntl.h" -#include "io.h" -#endif - -#include "secutil.h" - -#if defined(XP_UNIX) -#include <unistd.h> -#endif - -#include "nspr.h" -#include "prtypes.h" -#include "prtime.h" -#include "prlong.h" - -#include "pk11func.h" -#include "secasn1.h" -#include "cert.h" -#include "cryptohi.h" -#include "secoid.h" -#include "certdb.h" -#include "nss.h" - -#define MIN_KEY_BITS 512 -#define MAX_KEY_BITS 2048 -#define DEFAULT_KEY_BITS 1024 - -#define GEN_BREAK(e) rv=e; break; - - -extern SECKEYPrivateKey *CERTUTIL_GeneratePrivateKey(KeyType keytype, - PK11SlotInfo *slot, - int rsasize, - int publicExponent, - char *noise, - SECKEYPublicKey **pubkeyp, - char *pqgFile, - secuPWData *pwdata); - -static char *progName; - -static CERTGeneralName * -GetGeneralName (PRArenaPool *arena) -{ - CERTGeneralName *namesList = NULL; - CERTGeneralName *current; - CERTGeneralName *tail = NULL; - SECStatus rv = SECSuccess; - int intValue; - char buffer[512]; - void *mark; - - PORT_Assert (arena); - mark = PORT_ArenaMark (arena); - do { - puts ("\nSelect one of the following general name type: \n"); - puts ("\t1 - instance of other name\n\t2 - rfc822Name\n\t3 - dnsName\n"); - puts ("\t4 - x400Address\n\t5 - directoryName\n\t6 - ediPartyName\n"); - puts ("\t7 - uniformResourceidentifier\n\t8 - ipAddress\n\t9 - registerID\n"); - puts ("\tOther - omit\n\t\tChoice:"); - scanf ("%d", &intValue); - if (intValue >= certOtherName || intValue <= certRegisterID) { - if (namesList == NULL) { - namesList = current = tail = (CERTGeneralName *) PORT_ArenaAlloc - (arena, sizeof (CERTGeneralName)); - } else { - current = (CERTGeneralName *) PORT_ArenaAlloc(arena, - sizeof (CERTGeneralName)); - } - if (current == NULL) { - GEN_BREAK (SECFailure); - } - } else { - break; - } - current->type = intValue; - puts ("\nEnter data:"); - fflush (stdout); - gets (buffer); - switch (current->type) { - case certURI: - case certDNSName: - case certRFC822Name: - current->name.other.data = PORT_ArenaAlloc (arena, strlen (buffer)); - if (current->name.other.data == NULL) { - GEN_BREAK (SECFailure); - } - PORT_Memcpy - (current->name.other.data, buffer, current->name.other.len = strlen(buffer)); - break; - - case certEDIPartyName: - case certIPAddress: - case certOtherName: - case certRegisterID: - case certX400Address: { - - current->name.other.data = PORT_ArenaAlloc (arena, strlen (buffer) + 2); - if (current->name.other.data == NULL) { - GEN_BREAK (SECFailure); - } - - PORT_Memcpy (current->name.other.data + 2, buffer, strlen (buffer)); - /* This may not be accurate for all cases. For now, use this tag type */ - current->name.other.data[0] = (char)(((current->type - 1) & 0x1f)| 0x80); - current->name.other.data[1] = (char)strlen (buffer); - current->name.other.len = strlen (buffer) + 2; - break; - } - - case certDirectoryName: { - CERTName *directoryName = NULL; - - directoryName = CERT_AsciiToName (buffer); - if (!directoryName) { - fprintf(stderr, "certutil: improperly formatted name: \"%s\"\n", buffer); - break; - } - - rv = CERT_CopyName (arena, ¤t->name.directoryName, directoryName); - CERT_DestroyName (directoryName); - - break; - } - } - if (rv != SECSuccess) - break; - current->l.next = &(namesList->l); - current->l.prev = &(tail->l); - tail->l.next = &(current->l); - tail = current; - - }while (1); - - if (rv != SECSuccess) { - PORT_SetError (rv); - PORT_ArenaRelease (arena, mark); - namesList = NULL; - } - return (namesList); -} - -static SECStatus -GetString(PRArenaPool *arena, char *prompt, SECItem *value) -{ - char buffer[251]; - - value->data = NULL; - value->len = 0; - - puts (prompt); - gets (buffer); - if (strlen (buffer) > 0) { - value->data = PORT_ArenaAlloc (arena, strlen (buffer)); - if (value->data == NULL) { - PORT_SetError (SEC_ERROR_NO_MEMORY); - return (SECFailure); - } - PORT_Memcpy (value->data, buffer, value->len = strlen(buffer)); - } - return (SECSuccess); -} - -static CERTCertificateRequest * -GetCertRequest(PRFileDesc *inFile, PRBool ascii) -{ - CERTCertificateRequest *certReq = NULL; - CERTSignedData signedData; - PRArenaPool *arena = NULL; - SECItem reqDER; - SECStatus rv; - - reqDER.data = NULL; - do { - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if (arena == NULL) { - GEN_BREAK (SECFailure); - } - - rv = SECU_ReadDERFromFile(&reqDER, inFile, ascii); - if (rv) - break; - certReq = (CERTCertificateRequest*) PORT_ArenaZAlloc - (arena, sizeof(CERTCertificateRequest)); - if (!certReq) - break; - certReq->arena = arena; - - /* Since cert request is a signed data, must decode to get the inner - data - */ - PORT_Memset(&signedData, 0, sizeof(signedData)); - rv = SEC_ASN1DecodeItem(arena, &signedData, - SEC_ASN1_GET(CERT_SignedDataTemplate), &reqDER); - if (rv) - break; - - rv = SEC_ASN1DecodeItem(arena, certReq, - SEC_ASN1_GET(CERT_CertificateRequestTemplate), &signedData.data); - } while (0); - - if (!rv) { - rv = CERT_VerifySignedDataWithPublicKeyInfo(&signedData, - &certReq->subjectPublicKeyInfo, NULL /* wincx */); - } - - if (rv) { - PRErrorCode perr = PR_GetError(); - fprintf(stderr, "%s: unable to decode DER cert request (%s)\n", progName, - SECU_Strerror(perr)); - } - return (certReq); -} - -static PRBool -GetYesNo(char *prompt) -{ - char buf[3]; - - PR_Sync(PR_STDIN); - PR_Write(PR_STDOUT, prompt, strlen(prompt)+1); - PR_Read(PR_STDIN, buf, sizeof(buf)); - return (buf[0] == 'y' || buf[0] == 'Y') ? PR_TRUE : PR_FALSE; -#if 0 - char charValue; - - puts (prompt); - scanf ("%c", &charValue); - if (charValue != 'y' && charValue != 'Y') - return (0); - return (1); -#endif -} - -static SECStatus -AddCert(PK11SlotInfo *slot, CERTCertDBHandle *handle, char *name, char *trusts, - PRFileDesc *inFile, PRBool ascii, PRBool emailcert, void *pwdata) -{ - CERTCertTrust *trust = NULL; - CERTCertificate *cert = NULL; - SECItem certDER; - SECStatus rv; - - certDER.data = NULL; - do { - /* Read in the entire file specified with the -i argument */ - rv = SECU_ReadDERFromFile(&certDER, inFile, ascii); - if (rv != SECSuccess) { - SECU_PrintError(progName, "unable to read input file"); - break; - } - - /* Read in an ASCII cert and return a CERTCertificate */ - cert = CERT_DecodeCertFromPackage((char *)certDER.data, certDER.len); - if (!cert) { - SECU_PrintError(progName, "could not obtain certificate from file"); - GEN_BREAK(SECFailure); - } - - /* Create a cert trust to pass to SEC_AddPermCertificate */ - trust = (CERTCertTrust *)PORT_ZAlloc(sizeof(CERTCertTrust)); - if (!trust) { - SECU_PrintError(progName, "unable to allocate cert trust"); - GEN_BREAK(SECFailure); - } - - rv = CERT_DecodeTrustString(trust, trusts); - if (rv) { - SECU_PrintError(progName, "unable to decode trust string"); - GEN_BREAK(SECFailure); - } - - if (!PK11_IsFriendly(slot)) { - rv = PK11_Authenticate(slot, PR_TRUE, pwdata); - if (rv != SECSuccess) { - SECU_PrintError(progName, "could not authenticate to token or database"); - GEN_BREAK(SECFailure); - } - } - - rv = PK11_ImportCert(slot, cert, CK_INVALID_HANDLE, name, PR_FALSE); - if (rv != SECSuccess) { - SECU_PrintError(progName, "could not add certificate to token or database"); - GEN_BREAK(SECFailure); - } - - rv = CERT_ChangeCertTrust(handle, cert, trust); - if (rv != SECSuccess) { - SECU_PrintError(progName, "could not change trust on certificate"); - GEN_BREAK(SECFailure); - } - - if ( emailcert ) { - CERT_SaveSMimeProfile(cert, NULL, pwdata); - } - - } while (0); - - CERT_DestroyCertificate (cert); - PORT_Free(trust); - PORT_Free(certDER.data); - - return rv; -} - -/* This function belongs in libNSS somewhere. */ -static SECOidTag -getSignatureOidTag(KeyType keyType, SECOidTag hashAlgTag) -{ - SECOidTag sigTag = SEC_OID_UNKNOWN; - - switch (keyType) { - case rsaKey: - switch (hashAlgTag) { - case SEC_OID_MD2: - sigTag = SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION; break; - case SEC_OID_UNKNOWN: /* default for RSA if not specified */ - case SEC_OID_MD5: - sigTag = SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION; break; - case SEC_OID_SHA1: - sigTag = SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION; break; - case SEC_OID_SHA256: - sigTag = SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION; break; - case SEC_OID_SHA384: - sigTag = SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION; break; - case SEC_OID_SHA512: - sigTag = SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION; break; - default: - break; - } - break; - case dsaKey: - switch (hashAlgTag) { - case SEC_OID_UNKNOWN: /* default for DSA if not specified */ - case SEC_OID_SHA1: - sigTag = SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST; break; - default: - break; - } - break; -#ifdef NSS_ENABLE_ECC - case ecKey: - /* XXX For now only ECDSA with SHA1 is supported */ - sigTag = SEC_OID_ANSIX962_ECDSA_SIGNATURE_WITH_SHA1_DIGEST; - break; -#endif /* NSS_ENABLE_ECC */ - default: - break; - } - return sigTag; -} - -static SECStatus -CertReq(SECKEYPrivateKey *privk, SECKEYPublicKey *pubk, KeyType keyType, - SECOidTag hashAlgTag, CERTName *subject, char *phone, int ascii, - const char *emailAddrs, const char *dnsNames, PRFileDesc *outFile) -{ - CERTSubjectPublicKeyInfo *spki; - CERTCertificateRequest *cr; - SECItem *encoding; - SECOidTag signAlgTag; - SECItem result; - SECStatus rv; - PRArenaPool *arena; - PRInt32 numBytes; - - /* Create info about public key */ - spki = SECKEY_CreateSubjectPublicKeyInfo(pubk); - if (!spki) { - SECU_PrintError(progName, "unable to create subject public key"); - return SECFailure; - } - - /* Generate certificate request */ - cr = CERT_CreateCertificateRequest(subject, spki, 0); - if (!cr) { - SECU_PrintError(progName, "unable to make certificate request"); - return SECFailure; - } - - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if ( !arena ) { - SECU_PrintError(progName, "out of memory"); - return SECFailure; - } - - /* Der encode the request */ - encoding = SEC_ASN1EncodeItem(arena, NULL, cr, - SEC_ASN1_GET(CERT_CertificateRequestTemplate)); - if (encoding == NULL) { - SECU_PrintError(progName, "der encoding of request failed"); - return SECFailure; - } - - /* Sign the request */ - signAlgTag = getSignatureOidTag(keyType, hashAlgTag); - if (signAlgTag == SEC_OID_UNKNOWN) { - SECU_PrintError(progName, "unknown Key or Hash type"); - return SECFailure; - } - rv = SEC_DerSignData(arena, &result, encoding->data, encoding->len, - privk, signAlgTag); - if (rv) { - SECU_PrintError(progName, "signing of data failed"); - return SECFailure; - } - - /* Encode request in specified format */ - if (ascii) { - char *obuf; - char *name, *email, *org, *state, *country; - SECItem *it; - int total; - - it = &result; - - obuf = BTOA_ConvertItemToAscii(it); - total = PL_strlen(obuf); - - name = CERT_GetCommonName(subject); - if (!name) { - fprintf(stderr, "You must specify a common name\n"); - return SECFailure; - } - - if (!phone) - phone = strdup("(not specified)"); - - email = CERT_GetCertEmailAddress(subject); - if (!email) - email = strdup("(not specified)"); - - org = CERT_GetOrgName(subject); - if (!org) - org = strdup("(not specified)"); - - state = CERT_GetStateName(subject); - if (!state) - state = strdup("(not specified)"); - - country = CERT_GetCountryName(subject); - if (!country) - country = strdup("(not specified)"); - - PR_fprintf(outFile, - "\nCertificate request generated by Netscape certutil\n"); - PR_fprintf(outFile, "Phone: %s\n\n", phone); - PR_fprintf(outFile, "Common Name: %s\n", name); - PR_fprintf(outFile, "Email: %s\n", email); - PR_fprintf(outFile, "Organization: %s\n", org); - PR_fprintf(outFile, "State: %s\n", state); - PR_fprintf(outFile, "Country: %s\n\n", country); - - PR_fprintf(outFile, "%s\n", NS_CERTREQ_HEADER); - numBytes = PR_Write(outFile, obuf, total); - if (numBytes != total) { - SECU_PrintSystemError(progName, "write error"); - return SECFailure; - } - PR_fprintf(outFile, "\n%s\n", NS_CERTREQ_TRAILER); - } else { - numBytes = PR_Write(outFile, result.data, result.len); - if (numBytes != (int)result.len) { - SECU_PrintSystemError(progName, "write error"); - return SECFailure; - } - } - return SECSuccess; -} - -static SECStatus -ChangeTrustAttributes(CERTCertDBHandle *handle, char *name, char *trusts) -{ - SECStatus rv; - CERTCertificate *cert; - CERTCertTrust *trust; - - cert = CERT_FindCertByNicknameOrEmailAddr(handle, name); - if (!cert) { - SECU_PrintError(progName, "could not find certificate named \"%s\"", - name); - return SECFailure; - } - - trust = (CERTCertTrust *)PORT_ZAlloc(sizeof(CERTCertTrust)); - if (!trust) { - SECU_PrintError(progName, "unable to allocate cert trust"); - return SECFailure; - } - - /* This function only decodes these characters: pPwcTCu, */ - rv = CERT_DecodeTrustString(trust, trusts); - if (rv) { - SECU_PrintError(progName, "unable to decode trust string"); - return SECFailure; - } - - rv = CERT_ChangeCertTrust(handle, cert, trust); - if (rv) { - SECU_PrintError(progName, "unable to modify trust attributes"); - return SECFailure; - } - CERT_DestroyCertificate(cert); - - return SECSuccess; -} - -static SECStatus -printCertCB(CERTCertificate *cert, void *arg) -{ - SECStatus rv; - SECItem data; - CERTCertTrust *trust = (CERTCertTrust *)arg; - - data.data = cert->derCert.data; - data.len = cert->derCert.len; - - rv = SECU_PrintSignedData(stdout, &data, "Certificate", 0, - SECU_PrintCertificate); - if (rv) { - SECU_PrintError(progName, "problem printing certificate"); - return(SECFailure); - } - if (trust) { - SECU_PrintTrustFlags(stdout, trust, - "Certificate Trust Flags", 1); - } else if (cert->trust) { - SECU_PrintTrustFlags(stdout, cert->trust, - "Certificate Trust Flags", 1); - } - - printf("\n"); - - return(SECSuccess); -} - -static SECStatus -DumpChain(CERTCertDBHandle *handle, char *name) -{ - CERTCertificate *the_cert; - CERTCertificateList *chain; - int i, j; - the_cert = PK11_FindCertFromNickname(name, NULL); - if (!the_cert) { - SECU_PrintError(progName, "Could not find: %s\n", name); - return SECFailure; - } - chain = CERT_CertChainFromCert(the_cert, 0, PR_TRUE); - CERT_DestroyCertificate(the_cert); - if (!chain) { - SECU_PrintError(progName, "Could not obtain chain for: %s\n", name); - return SECFailure; - } - for (i=chain->len-1; i>=0; i--) { - CERTCertificate *c; - c = CERT_FindCertByDERCert(handle, &chain->certs[i]); - for (j=i; j<chain->len-1; j++) printf(" "); - printf("\"%s\" [%s]\n\n", c->nickname, c->subjectName); - CERT_DestroyCertificate(c); - } - CERT_DestroyCertificateList(chain); - return SECSuccess; -} - -static SECStatus -listCerts(CERTCertDBHandle *handle, char *name, PK11SlotInfo *slot, - PRBool raw, PRBool ascii, PRFileDesc *outfile, void *pwarg) -{ - SECItem data; - PRInt32 numBytes; - SECStatus rv = SECFailure; - CERTCertList *certs; - CERTCertListNode *node; - - /* List certs on a non-internal slot. */ - if (!PK11_IsFriendly(slot) && PK11_NeedLogin(slot)) - PK11_Authenticate(slot, PR_TRUE, pwarg); - if (name) { - CERTCertificate *the_cert; - the_cert = CERT_FindCertByNicknameOrEmailAddr(handle, name); - if (!the_cert) { - the_cert = PK11_FindCertFromNickname(name, NULL); - if (!the_cert) { - SECU_PrintError(progName, "Could not find: %s\n", name); - return SECFailure; - } - } - certs = CERT_CreateSubjectCertList(NULL, handle, &the_cert->derSubject, - PR_Now(), PR_FALSE); - CERT_DestroyCertificate(the_cert); - - for (node = CERT_LIST_HEAD(certs); !CERT_LIST_END(node,certs); - node = CERT_LIST_NEXT(node)) { - the_cert = node->cert; - /* now get the subjectList that matches this cert */ - data.data = the_cert->derCert.data; - data.len = the_cert->derCert.len; - if (ascii) { - PR_fprintf(outfile, "%s\n%s\n%s\n", NS_CERT_HEADER, - BTOA_DataToAscii(data.data, data.len), NS_CERT_TRAILER); - rv = SECSuccess; - } else if (raw) { - numBytes = PR_Write(outfile, data.data, data.len); - if (numBytes != (PRInt32) data.len) { - SECU_PrintSystemError(progName, "error writing raw cert"); - rv = SECFailure; - } - rv = SECSuccess; - } else { - rv = printCertCB(the_cert, the_cert->trust); - } - if (rv != SECSuccess) { - break; - } - } - } else { - - certs = PK11_ListCertsInSlot(slot); - if (certs) { - for (node = CERT_LIST_HEAD(certs); !CERT_LIST_END(node,certs); - node = CERT_LIST_NEXT(node)) { - SECU_PrintCertNickname(node,stdout); - } - rv = SECSuccess; - } - } - if (certs) { - CERT_DestroyCertList(certs); - } - if (rv) { - SECU_PrintError(progName, "problem printing certificate nicknames"); - return SECFailure; - } - - return SECSuccess; /* not rv ?? */ -} - -static SECStatus -ListCerts(CERTCertDBHandle *handle, char *name, PK11SlotInfo *slot, - PRBool raw, PRBool ascii, PRFileDesc *outfile, secuPWData *pwdata) -{ - SECStatus rv; - - if (slot == NULL) { - CERTCertList *list; - CERTCertListNode *node; - - list = PK11_ListCerts(PK11CertListAll, pwdata); - for (node = CERT_LIST_HEAD(list); !CERT_LIST_END(node, list); - node = CERT_LIST_NEXT(node)) - { - SECU_PrintCertNickname(node, stdout); - } - CERT_DestroyCertList(list); - return SECSuccess; - } else { - rv = listCerts(handle,name,slot,raw,ascii,outfile,pwdata); - } - return rv; -} - -static SECStatus -DeleteCert(CERTCertDBHandle *handle, char *name) -{ - SECStatus rv; - CERTCertificate *cert; - - cert = CERT_FindCertByNicknameOrEmailAddr(handle, name); - if (!cert) { - SECU_PrintError(progName, "could not find certificate named \"%s\"", - name); - return SECFailure; - } - - rv = SEC_DeletePermCertificate(cert); - CERT_DestroyCertificate(cert); - if (rv) { - SECU_PrintError(progName, "unable to delete certificate"); - return SECFailure; - } - - return SECSuccess; -} - -static SECStatus -ValidateCert(CERTCertDBHandle *handle, char *name, char *date, - char *certUsage, PRBool checkSig, PRBool logit, secuPWData *pwdata) -{ - SECStatus rv; - CERTCertificate *cert = NULL; - int64 timeBoundary; - SECCertificateUsage usage; - CERTVerifyLog reallog; - CERTVerifyLog *log = NULL; - - if (!certUsage) { - PORT_SetError (SEC_ERROR_INVALID_ARGS); - return (SECFailure); - } - - switch (*certUsage) { - case 'C': - usage = certificateUsageSSLClient; - break; - case 'V': - usage = certificateUsageSSLServer; - break; - case 'S': - usage = certificateUsageEmailSigner; - break; - case 'R': - usage = certificateUsageEmailRecipient; - break; - default: - PORT_SetError (SEC_ERROR_INVALID_ARGS); - return (SECFailure); - } - do { - cert = CERT_FindCertByNicknameOrEmailAddr(handle, name); - if (!cert) { - SECU_PrintError(progName, "could not find certificate named \"%s\"", - name); - GEN_BREAK (SECFailure) - } - - if (date != NULL) { - rv = DER_AsciiToTime(&timeBoundary, date); - if (rv) { - SECU_PrintError(progName, "invalid input date"); - GEN_BREAK (SECFailure) - } - } else { - timeBoundary = PR_Now(); - } - - if ( logit ) { - log = &reallog; - - log->count = 0; - log->head = NULL; - log->tail = NULL; - log->arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if ( log->arena == NULL ) { - SECU_PrintError(progName, "out of memory"); - GEN_BREAK (SECFailure) - } - } - - rv = CERT_VerifyCertificate(handle, cert, checkSig, usage, - timeBoundary, pwdata, log, &usage); - if ( log ) { - if ( log->head == NULL ) { - fprintf(stdout, "%s: certificate is valid\n", progName); - GEN_BREAK (SECSuccess) - } else { - char *name; - CERTVerifyLogNode *node; - - node = log->head; - while ( node ) { - if ( node->cert->nickname != NULL ) { - name = node->cert->nickname; - } else { - name = node->cert->subjectName; - } - fprintf(stderr, "%s : %s\n", name, - SECU_Strerror(node->error)); - CERT_DestroyCertificate(node->cert); - node = node->next; - } - } - } else { - if (rv != SECSuccess) { - PRErrorCode perr = PORT_GetError(); - fprintf(stdout, "%s: certificate is invalid: %s\n", - progName, SECU_Strerror(perr)); - GEN_BREAK (SECFailure) - } - fprintf(stdout, "%s: certificate is valid\n", progName); - GEN_BREAK (SECSuccess) - } - } while (0); - - if (cert) { - CERT_DestroyCertificate(cert); - } - - return (rv); -} - - -static SECStatus -printKeyCB(SECKEYPublicKey *key, SECItem *data, void *arg) -{ - if (key->keyType == rsaKey) { - fprintf(stdout, "RSA Public-Key:\n"); - SECU_PrintInteger(stdout, &key->u.rsa.modulus, "modulus", 1); - } else { - fprintf(stdout, "DSA Public-Key:\n"); - SECU_PrintInteger(stdout, &key->u.dsa.publicValue, "publicValue", 1); - } - return SECSuccess; -} - -/* callback for listing certs through pkcs11 */ -static SECStatus -secu_PrintKey(FILE *out, int count, SECKEYPrivateKey *key) -{ - char *name; - - name = PK11_GetPrivateKeyNickname(key); - if (name == NULL) { - /* should look up associated cert */ - name = PORT_Strdup("< orphaned >"); - } - fprintf(out, "<%d> %s\n", count, name); - PORT_Free(name); - - return SECSuccess; -} - -static SECStatus -listKeys(PK11SlotInfo *slot, KeyType keyType, void *pwarg) -{ - SECKEYPrivateKeyList *list; - SECKEYPrivateKeyListNode *node; - int count; - - if (PK11_NeedLogin(slot)) - PK11_Authenticate(slot, PR_TRUE, pwarg); - - list = PK11_ListPrivateKeysInSlot(slot); - if (list == NULL) { - SECU_PrintError(progName, "problem listing keys"); - return SECFailure; - } - for (count=0, node=PRIVKEY_LIST_HEAD(list) ; !PRIVKEY_LIST_END(node,list); - node= PRIVKEY_LIST_NEXT(node),count++) { - secu_PrintKey(stdout, count, node->key); - } - SECKEY_DestroyPrivateKeyList(list); - - if (count == 0) { - fprintf(stderr, "%s: no keys found\n", progName); - return SECFailure; - } - return SECSuccess; -} - -static SECStatus -ListKeys(PK11SlotInfo *slot, char *keyname, int index, - KeyType keyType, PRBool dopriv, secuPWData *pwdata) -{ - SECStatus rv = SECSuccess; - - if (slot == NULL) { - PK11SlotList *list; - PK11SlotListElement *le; - - list= PK11_GetAllTokens(CKM_INVALID_MECHANISM,PR_FALSE,PR_FALSE,pwdata); - if (list) for (le = list->head; le; le = le->next) { - rv = listKeys(le->slot,keyType,pwdata); - } - } else { - rv = listKeys(slot,keyType,pwdata); - } - return rv; -} - -static SECStatus -DeleteKey(char *nickname, secuPWData *pwdata) -{ - SECStatus rv; - CERTCertificate *cert; - PK11SlotInfo *slot; - - slot = PK11_GetInternalKeySlot(); - if (PK11_NeedLogin(slot)) - PK11_Authenticate(slot, PR_TRUE, pwdata); - cert = PK11_FindCertFromNickname(nickname, pwdata); - if (!cert) { - PK11_FreeSlot(slot); - return SECFailure; - } - rv = PK11_DeleteTokenCertAndKey(cert, pwdata); - if (rv != SECSuccess) { - SECU_PrintError("problem deleting private key \"%s\"\n", nickname); - } - CERT_DestroyCertificate(cert); - PK11_FreeSlot(slot); - return rv; -} - - -/* - * L i s t M o d u l e s - * - * Print a list of the PKCS11 modules that are - * available. This is useful for smartcard people to - * make sure they have the drivers loaded. - * - */ -static SECStatus -ListModules(void) -{ - PK11SlotList *list; - PK11SlotListElement *le; - - /* get them all! */ - list = PK11_GetAllTokens(CKM_INVALID_MECHANISM,PR_FALSE,PR_FALSE,NULL); - if (list == NULL) return SECFailure; - - /* look at each slot*/ - for (le = list->head ; le; le = le->next) { - printf ("\n"); - printf (" slot: %s\n", PK11_GetSlotName(le->slot)); - printf (" token: %s\n", PK11_GetTokenName(le->slot)); - } - PK11_FreeSlotList(list); - - return SECSuccess; -} - -static void -Usage(char *progName) -{ -#define FPS fprintf(stderr, - FPS "Type %s -H for more detailed descriptions\n", progName); - FPS "Usage: %s -N [-d certdir] [-P dbprefix] [-f pwfile]\n", progName); - FPS "Usage: %s -T [-d certdir] [-P dbprefix] [-h token-name] [-f pwfile]\n", progName); - FPS "\t%s -A -n cert-name -t trustargs [-d certdir] [-P dbprefix] [-a] [-i input]\n", - progName); - FPS "\t%s -C [-c issuer-name | -x] -i cert-request-file -o cert-file\n" - "\t\t [-m serial-number] [-w warp-months] [-v months-valid]\n" - "\t\t [-f pwfile] [-d certdir] [-P dbprefix] [-1] [-2] [-3] [-4] [-5]\n" - "\t\t [-6] [-7 emailAddrs] [-8 dns-names]\n", - progName); - FPS "\t%s -D -n cert-name [-d certdir] [-P dbprefix]\n", progName); - FPS "\t%s -E -n cert-name -t trustargs [-d certdir] [-P dbprefix] [-a] [-i input]\n", - progName); - FPS "\t%s -G -n key-name [-h token-name] [-k rsa] [-g key-size] [-y exp]\n" - "\t\t [-f pwfile] [-z noisefile] [-d certdir] [-P dbprefix]\n", progName); - FPS "\t%s -G [-h token-name] -k dsa [-q pqgfile -g key-size] [-f pwfile]\n" - "\t\t [-z noisefile] [-d certdir] [-P dbprefix]\n", progName); -#ifdef NSS_ENABLE_ECC - FPS "\t%s -G [-h token-name] -k ec -q curve [-f pwfile]\n" - "\t\t [-z noisefile] [-d certdir] [-P dbprefix]\n", progName); - FPS "\t%s -K [-n key-name] [-h token-name] [-k dsa|ec|rsa|all]\n", - progName); -#else - FPS "\t%s -K [-n key-name] [-h token-name] [-k dsa|rsa|all]\n", - progName); -#endif /* NSS_ENABLE_ECC */ - FPS "\t\t [-f pwfile] [-X] [-d certdir] [-P dbprefix]\n"); - FPS "\t%s -L [-n cert-name] [-X] [-d certdir] [-P dbprefix] [-r] [-a]\n", progName); - FPS "\t%s -M -n cert-name -t trustargs [-d certdir] [-P dbprefix]\n", - progName); - FPS "\t%s -O -n cert-name [-X] [-d certdir] [-P dbprefix]\n", progName); - FPS "\t%s -R -s subj -o cert-request-file [-d certdir] [-P dbprefix] [-p phone] [-a]\n" - "\t\t [-y emailAddrs] [-k key-type] [-h token-name] [-f pwfile] [-g key-size]\n", - progName); - FPS "\t%s -V -n cert-name -u usage [-b time] [-e] \n" - "\t\t[-X] [-d certdir] [-P dbprefix]\n", - progName); - FPS "\t%s -S -n cert-name -s subj [-c issuer-name | -x] -t trustargs\n" - "\t\t [-k key-type] [-q key-params] [-h token-name] [-g key-size]\n" - "\t\t [-m serial-number] [-w warp-months] [-v months-valid]\n" - "\t\t [-f pwfile] [-d certdir] [-P dbprefix]\n" - "\t\t [-p phone] [-1] [-2] [-3] [-4] [-5] [-6] [-7 emailAddrs]\n" - "\t\t [-8 dns-names]\n", - progName); - FPS "\t%s -U [-X] [-d certdir] [-P dbprefix]\n", progName); - exit(1); -} - -static void LongUsage(char *progName) -{ - - FPS "%-15s Add a certificate to the database (create if needed)\n", - "-A"); - FPS "%-15s Add an Email certificate to the database (create if needed)\n", - "-E"); - FPS "%-20s Specify the nickname of the certificate to add\n", - " -n cert-name"); - FPS "%-20s Set the certificate trust attributes:\n", - " -t trustargs"); - FPS "%-25s p \t valid peer\n", ""); - FPS "%-25s P \t trusted peer (implies p)\n", ""); - FPS "%-25s c \t valid CA\n", ""); - FPS "%-25s T \t trusted CA to issue client certs (implies c)\n", ""); - FPS "%-25s C \t trusted CA to issue server certs (implies c)\n", ""); - FPS "%-25s u \t user cert\n", ""); - FPS "%-25s w \t send warning\n", ""); -#ifdef DEBUG_NSSTEAM_ONLY - FPS "%-25s g \t make step-up cert\n", ""); -#endif /* DEBUG_NSSTEAM_ONLY */ - FPS "%-20s Specify the password file\n", - " -f pwfile"); - FPS "%-20s Cert database directory (default is ~/.netscape)\n", - " -d certdir"); - FPS "%-20s Cert & Key database prefix\n", - " -P dbprefix"); - FPS "%-20s The input certificate is encoded in ASCII (RFC1113)\n", - " -a"); - FPS "%-20s Specify the certificate file (default is stdin)\n", - " -i input"); - FPS "\n"); - - FPS "%-15s Create a new binary certificate from a BINARY cert request\n", - "-C"); - FPS "%-20s The nickname of the issuer cert\n", - " -c issuer-name"); - FPS "%-20s The BINARY certificate request file\n", - " -i cert-request "); - FPS "%-20s Output binary cert to this file (default is stdout)\n", - " -o output-cert"); - FPS "%-20s Self sign\n", - " -x"); - FPS "%-20s Cert serial number\n", - " -m serial-number"); - FPS "%-20s Time Warp\n", - " -w warp-months"); - FPS "%-20s Months valid (default is 3)\n", - " -v months-valid"); - FPS "%-20s Specify the password file\n", - " -f pwfile"); - FPS "%-20s Cert database directory (default is ~/.netscape)\n", - " -d certdir"); - FPS "%-20s Cert & Key database prefix\n", - " -P dbprefix"); - FPS "%-20s Create key usage extension\n", - " -1 "); - FPS "%-20s Create basic constraint extension\n", - " -2 "); - FPS "%-20s Create authority key ID extension\n", - " -3 "); - FPS "%-20s Create crl distribution point extension\n", - " -4 "); - FPS "%-20s Create netscape cert type extension\n", - " -5 "); - FPS "%-20s Create extended key usage extension\n", - " -6 "); - FPS "%-20s Create an email subject alt name extension\n", - " -7 "); - FPS "%-20s Create an dns subject alt name extension\n", - " -8 "); - FPS "\n"); - - FPS "%-15s Generate a new key pair\n", - "-G"); - FPS "%-20s Name of token in which to generate key (default is internal)\n", - " -h token-name"); -#ifdef NSS_ENABLE_ECC - FPS "%-20s Type of key pair to generate (\"dsa\", \"ec\", \"rsa\" (default))\n", - " -k key-type"); - FPS "%-20s Key size in bits, (min %d, max %d, default %d) (not for ec)\n", - " -g key-size", MIN_KEY_BITS, MAX_KEY_BITS, DEFAULT_KEY_BITS); -#else - FPS "%-20s Type of key pair to generate (\"dsa\", \"rsa\" (default))\n", - " -k key-type"); - FPS "%-20s Key size in bits, (min %d, max %d, default %d)\n", - " -g key-size", MIN_KEY_BITS, MAX_KEY_BITS, DEFAULT_KEY_BITS); -#endif /* NSS_ENABLE_ECC */ - FPS "%-20s Set the public exponent value (3, 17, 65537) (rsa only)\n", - " -y exp"); - FPS "%-20s Specify the password file\n", - " -f password-file"); - FPS "%-20s Specify the noise file to be used\n", - " -z noisefile"); - FPS "%-20s read PQG value from pqgfile (dsa only)\n", - " -q pqgfile"); -#ifdef NSS_ENABLE_ECC - FPS "%-20s Elliptic curve name (ec only)\n", - " -q curve-name"); - FPS "%-20s One of sect163k1, nistk163, sect163r1, sect163r2,\n", ""); - FPS "%-20s nistb163, sect193r1, sect193r2, sect233k1, nistk233,\n", ""); - FPS "%-20s sect233r1, nistb233, sect239k1, sect283k1, nistk283,\n", ""); - FPS "%-20s sect283r1, nistb283, sect409k1, nistk409, sect409r1,\n", ""); - FPS "%-20s nistb409, sect571k1, nistk571, sect571r1, nistb571,\n", ""); - FPS "%-20s secp169k1, secp160r1, secp160r2, secp192k1, secp192r1,\n", ""); - FPS "%-20s nistp192, secp224k1, secp224r1, nistp224, secp256k1,\n", ""); - FPS "%-20s secp256r1, nistp256, secp384r1, nistp384, secp521r1,\n", ""); - FPS "%-20s nistp521, prime192v1, prime192v2, prime192v3, \n", ""); - FPS "%-20s prime239v1, prime239v2, prime239v3, c2pnb163v1, \n", ""); - FPS "%-20s c2pnb163v2, c2pnb163v3, c2pnb176v1, c2tnb191v1, \n", ""); - FPS "%-20s c2tnb191v2, c2tnb191v3, c2onb191v4, c2onb191v5, \n", ""); - FPS "%-20s c2pnb208w1, c2tnb239v1, c2tnb239v2, c2tnb239v3, \n", ""); - FPS "%-20s c2onb239v4, c2onb239v5, c2pnb272w1, c2pnb304w1, \n", ""); - FPS "%-20s c2tnb359w1, c2pnb368w1, c2tnb431r1, secp112r1, \n", ""); - FPS "%-20s secp112r2, secp128r1, secp128r2, sect113r1, sect113r2\n", ""); - FPS "%-20s sect131r1, sect131r2\n", ""); -#endif - FPS "%-20s Key database directory (default is ~/.netscape)\n", - " -d keydir"); - FPS "%-20s Cert & Key database prefix\n", - " -P dbprefix"); - FPS "\n"); - - FPS "%-15s Delete a certificate from the database\n", - "-D"); - FPS "%-20s The nickname of the cert to delete\n", - " -n cert-name"); - FPS "%-20s Cert database directory (default is ~/.netscape)\n", - " -d certdir"); - FPS "%-20s Cert & Key database prefix\n", - " -P dbprefix"); - FPS "\n"); - - FPS "%-15s List all modules\n", /*, or print out a single named module\n",*/ - "-U"); - FPS "%-20s Module database directory (default is '~/.netscape')\n", - " -d moddir"); - FPS "%-20s Cert & Key database prefix\n", - " -P dbprefix"); - FPS "%-20s force the database to open R/W\n", - " -X"); - FPS "\n"); - - FPS "%-15s List all keys\n", /*, or print out a single named key\n",*/ - "-K"); - FPS "%-20s Name of token in which to look for keys (default is internal," - " use \"all\" to list keys on all tokens)\n", - " -h token-name "); -#ifdef NSS_ENABLE_ECC - FPS "%-20s Type of key pair to list (\"all\", \"dsa\", \"ec\", \"rsa\" (default))\n", - " -k key-type"); -#else - FPS "%-20s Type of key pair to list (\"all\", \"dsa\", \"rsa\" (default))\n", - " -k key-type"); -#endif - FPS "%-20s Specify the password file\n", - " -f password-file"); - FPS "%-20s Key database directory (default is ~/.netscape)\n", - " -d keydir"); - FPS "%-20s Cert & Key database prefix\n", - " -P dbprefix"); - FPS "%-20s force the database to open R/W\n", - " -X"); - FPS "\n"); - - FPS "%-15s List all certs, or print out a single named cert\n", - "-L"); - FPS "%-20s Pretty print named cert (list all if unspecified)\n", - " -n cert-name"); - FPS "%-20s Cert database directory (default is ~/.netscape)\n", - " -d certdir"); - FPS "%-20s Cert & Key database prefix\n", - " -P dbprefix"); - FPS "%-20s force the database to open R/W\n", - " -X"); - FPS "%-20s For single cert, print binary DER encoding\n", - " -r"); - FPS "%-20s For single cert, print ASCII encoding (RFC1113)\n", - " -a"); - FPS "\n"); - - FPS "%-15s Modify trust attributes of certificate\n", - "-M"); - FPS "%-20s The nickname of the cert to modify\n", - " -n cert-name"); - FPS "%-20s Set the certificate trust attributes (see -A above)\n", - " -t trustargs"); - FPS "%-20s Cert database directory (default is ~/.netscape)\n", - " -d certdir"); - FPS "%-20s Cert & Key database prefix\n", - " -P dbprefix"); - FPS "\n"); - - FPS "%-15s Create a new certificate database\n", - "-N"); - FPS "%-20s Cert database directory (default is ~/.netscape)\n", - " -d certdir"); - FPS "%-20s Cert & Key database prefix\n", - " -P dbprefix"); - FPS "\n"); - FPS "%-15s Reset the Key database or token\n", - "-T"); - FPS "%-20s Cert database directory (default is ~/.netscape)\n", - " -d certdir"); - FPS "%-20s Cert & Key database prefix\n", - " -P dbprefix"); - FPS "%-20s Token to reset (default is internal)\n", - " -h token-name"); - FPS "\n"); - - FPS "\n"); - FPS "%-15s Print the chain of a certificate\n", - "-O"); - FPS "%-20s The nickname of the cert to modify\n", - " -n cert-name"); - FPS "%-20s Cert database directory (default is ~/.netscape)\n", - " -d certdir"); - FPS "%-20s Cert & Key database prefix\n", - " -P dbprefix"); - FPS "%-20s force the database to open R/W\n", - " -X"); - FPS "\n"); - - FPS "%-15s Generate a certificate request (stdout)\n", - "-R"); - FPS "%-20s Specify the subject name (using RFC1485)\n", - " -s subject"); - FPS "%-20s Output the cert request to this file\n", - " -o output-req"); -#ifdef NSS_ENABLE_ECC - FPS "%-20s Type of key pair to generate (\"dsa\", \"ec\", \"rsa\" (default))\n", - " -k key-type"); -#else - FPS "%-20s Type of key pair to generate (\"dsa\", \"rsa\" (default))\n", - " -k key-type"); -#endif /* NSS_ENABLE_ECC */ - FPS "%-20s Name of token in which to generate key (default is internal)\n", - " -h token-name"); - FPS "%-20s Key size in bits, RSA keys only (min %d, max %d, default %d)\n", - " -g key-size", MIN_KEY_BITS, MAX_KEY_BITS, DEFAULT_KEY_BITS); - FPS "%-20s Name of file containing PQG parameters (dsa only)\n", - " -q pqgfile"); -#ifdef NSS_ENABLE_ECC - FPS "%-20s Elliptic curve name (ec only)\n", - " -q curve-name"); - FPS "%-20s See the \"-G\" option for a full list of supported names.\n", - ""); -#endif /* NSS_ENABLE_ECC */ - FPS "%-20s Specify the password file\n", - " -f pwfile"); - FPS "%-20s Key database directory (default is ~/.netscape)\n", - " -d keydir"); - FPS "%-20s Cert & Key database prefix\n", - " -P dbprefix"); - FPS "%-20s Specify the contact phone number (\"123-456-7890\")\n", - " -p phone"); - FPS "%-20s Output the cert request in ASCII (RFC1113); default is binary\n", - " -a"); - FPS "\n"); - - FPS "%-15s Validate a certificate\n", - "-V"); - FPS "%-20s The nickname of the cert to Validate\n", - " -n cert-name"); - FPS "%-20s validity time (\"YYMMDDHHMMSS[+HHMM|-HHMM|Z]\")\n", - " -b time"); - FPS "%-20s Check certificate signature \n", - " -e "); - FPS "%-20s Specify certificate usage:\n", " -u certusage"); - FPS "%-25s C \t SSL Client\n", ""); - FPS "%-25s V \t SSL Server\n", ""); - FPS "%-25s S \t Email signer\n", ""); - FPS "%-25s R \t Email Recipient\n", ""); - FPS "%-20s Cert database directory (default is ~/.netscape)\n", - " -d certdir"); - FPS "%-20s Cert & Key database prefix\n", - " -P dbprefix"); - FPS "%-20s force the database to open R/W\n", - " -X"); - FPS "\n"); - - FPS "%-15s Make a certificate and add to database\n", - "-S"); - FPS "%-20s Specify the nickname of the cert\n", - " -n key-name"); - FPS "%-20s Specify the subject name (using RFC1485)\n", - " -s subject"); - FPS "%-20s The nickname of the issuer cert\n", - " -c issuer-name"); - FPS "%-20s Set the certificate trust attributes (see -A above)\n", - " -t trustargs"); -#ifdef NSS_ENABLE_ECC - FPS "%-20s Type of key pair to generate (\"dsa\", \"ec\", \"rsa\" (default))\n", - " -k key-type"); -#else - FPS "%-20s Type of key pair to generate (\"dsa\", \"rsa\" (default))\n", - " -k key-type"); -#endif /* NSS_ENABLE_ECC */ - FPS "%-20s Name of token in which to generate key (default is internal)\n", - " -h token-name"); - FPS "%-20s Key size in bits, RSA keys only (min %d, max %d, default %d)\n", - " -g key-size", MIN_KEY_BITS, MAX_KEY_BITS, DEFAULT_KEY_BITS); - FPS "%-20s Name of file containing PQG parameters (dsa only)\n", - " -q pqgfile"); -#ifdef NSS_ENABLE_ECC - FPS "%-20s Elliptic curve name (ec only)\n", - " -q curve-name"); - FPS "%-20s See the \"-G\" option for a full list of supported names.\n", - ""); -#endif /* NSS_ENABLE_ECC */ - FPS "%-20s Self sign\n", - " -x"); - FPS "%-20s Cert serial number\n", - " -m serial-number"); - FPS "%-20s Time Warp\n", - " -w warp-months"); - FPS "%-20s Months valid (default is 3)\n", - " -v months-valid"); - FPS "%-20s Specify the password file\n", - " -f pwfile"); - FPS "%-20s Cert database directory (default is ~/.netscape)\n", - " -d certdir"); - FPS "%-20s Cert & Key database prefix\n", - " -P dbprefix"); - FPS "%-20s Specify the contact phone number (\"123-456-7890\")\n", - " -p phone"); - FPS "%-20s Create key usage extension\n", - " -1 "); - FPS "%-20s Create basic constraint extension\n", - " -2 "); - FPS "%-20s Create authority key ID extension\n", - " -3 "); - FPS "%-20s Create crl distribution point extension\n", - " -4 "); - FPS "%-20s Create netscape cert type extension\n", - " -5 "); - FPS "%-20s Create extended key usage extension\n", - " -6 "); - FPS "%-20s Create an email subject alt name extension\n", - " -7 "); - FPS "%-20s Create an dns subject alt name extension\n", - " -8 "); - FPS "\n"); - - exit(1); -#undef FPS -} - - -static CERTCertificate * -MakeV1Cert( CERTCertDBHandle * handle, - CERTCertificateRequest *req, - char * issuerNickName, - PRBool selfsign, - unsigned int serialNumber, - int warpmonths, - int validitylength) -{ - CERTCertificate *issuerCert = NULL; - CERTValidity *validity; - CERTCertificate *cert = NULL; - PRExplodedTime printableTime; - PRTime now, after; - - if ( !selfsign ) { - issuerCert = CERT_FindCertByNicknameOrEmailAddr(handle, issuerNickName); - if (!issuerCert) { - SECU_PrintError(progName, "could not find certificate named \"%s\"", - issuerNickName); - return NULL; - } - } - - now = PR_Now(); - PR_ExplodeTime (now, PR_GMTParameters, &printableTime); - if ( warpmonths ) { - printableTime.tm_month += warpmonths; - now = PR_ImplodeTime (&printableTime); - PR_ExplodeTime (now, PR_GMTParameters, &printableTime); - } - printableTime.tm_month += validitylength; - printableTime.tm_month += 3; - after = PR_ImplodeTime (&printableTime); - - /* note that the time is now in micro-second unit */ - validity = CERT_CreateValidity (now, after); - - cert = CERT_CreateCertificate(serialNumber, - (selfsign ? &req->subject - : &issuerCert->subject), - validity, req); - - CERT_DestroyValidity(validity); - if ( issuerCert ) { - CERT_DestroyCertificate (issuerCert); - } - - return(cert); -} - -static SECStatus -AddKeyUsage (void *extHandle) -{ - SECItem bitStringValue; - unsigned char keyUsage = 0x0; - char buffer[5]; - int value; - - while (1) { - fprintf(stdout, "%-25s 0 - Digital Signature\n", ""); - fprintf(stdout, "%-25s 1 - Non-repudiation\n", ""); - fprintf(stdout, "%-25s 2 - Key encipherment\n", ""); - fprintf(stdout, "%-25s 3 - Data encipherment\n", ""); - fprintf(stdout, "%-25s 4 - Key agreement\n", ""); - fprintf(stdout, "%-25s 5 - Cert signing key\n", ""); - fprintf(stdout, "%-25s 6 - CRL signing key\n", ""); - fprintf(stdout, "%-25s Other to finish\n", ""); - if (gets (buffer)) { - value = atoi (buffer); - if (value < 0 || value > 6) - break; - keyUsage |= (0x80 >> value); - } - else { /* gets() returns NULL on EOF or error */ - break; - } - } - - bitStringValue.data = &keyUsage; - bitStringValue.len = 1; - buffer[0] = 'n'; - puts ("Is this a critical extension [y/n]? "); - gets (buffer); - - return (CERT_EncodeAndAddBitStrExtension - (extHandle, SEC_OID_X509_KEY_USAGE, &bitStringValue, - (buffer[0] == 'y' || buffer[0] == 'Y') ? PR_TRUE : PR_FALSE)); - -} - - -static CERTOidSequence * -CreateOidSequence(void) -{ - CERTOidSequence *rv = (CERTOidSequence *)NULL; - PRArenaPool *arena = (PRArenaPool *)NULL; - - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if( (PRArenaPool *)NULL == arena ) { - goto loser; - } - - rv = (CERTOidSequence *)PORT_ArenaZAlloc(arena, sizeof(CERTOidSequence)); - if( (CERTOidSequence *)NULL == rv ) { - goto loser; - } - - rv->oids = (SECItem **)PORT_ArenaZAlloc(arena, sizeof(SECItem *)); - if( (SECItem **)NULL == rv->oids ) { - goto loser; - } - - rv->arena = arena; - return rv; - - loser: - if( (PRArenaPool *)NULL != arena ) { - PORT_FreeArena(arena, PR_FALSE); - } - - return (CERTOidSequence *)NULL; -} - -static void -DestroyOidSequence(CERTOidSequence *os) -{ - if (os->arena) { - PORT_FreeArena(os->arena, PR_FALSE); - } -} - -static SECStatus -AddOidToSequence(CERTOidSequence *os, SECOidTag oidTag) -{ - SECItem **oids; - PRUint32 count = 0; - SECOidData *od; - - od = SECOID_FindOIDByTag(oidTag); - if( (SECOidData *)NULL == od ) { - return SECFailure; - } - - for( oids = os->oids; (SECItem *)NULL != *oids; oids++ ) { - count++; - } - - /* ArenaZRealloc */ - - { - PRUint32 i; - - oids = (SECItem **)PORT_ArenaZAlloc(os->arena, sizeof(SECItem *) * (count+2)); - if( (SECItem **)NULL == oids ) { - return SECFailure; - } - - for( i = 0; i < count; i++ ) { - oids[i] = os->oids[i]; - } - - /* ArenaZFree(os->oids); */ - } - - os->oids = oids; - os->oids[count] = &od->oid; - - return SECSuccess; -} - -SEC_ASN1_MKSUB(SEC_ObjectIDTemplate); - -const SEC_ASN1Template CERT_OidSeqTemplate[] = { - { SEC_ASN1_SEQUENCE_OF | SEC_ASN1_XTRN, - offsetof(CERTOidSequence, oids), - SEC_ASN1_SUB(SEC_ObjectIDTemplate) } -}; - - -static SECItem * -EncodeOidSequence(CERTOidSequence *os) -{ - SECItem *rv; - - rv = (SECItem *)PORT_ArenaZAlloc(os->arena, sizeof(SECItem)); - if( (SECItem *)NULL == rv ) { - goto loser; - } - - if( !SEC_ASN1EncodeItem(os->arena, rv, os, CERT_OidSeqTemplate) ) { - goto loser; - } - - return rv; - - loser: - return (SECItem *)NULL; -} - -static SECStatus -AddExtKeyUsage (void *extHandle) -{ - char buffer[5]; - int value; - CERTOidSequence *os; - SECStatus rv; - SECItem *item; - - os = CreateOidSequence(); - if( (CERTOidSequence *)NULL == os ) { - return SECFailure; - } - - while (1) { - fprintf(stdout, "%-25s 0 - Server Auth\n", ""); - fprintf(stdout, "%-25s 1 - Client Auth\n", ""); - fprintf(stdout, "%-25s 2 - Code Signing\n", ""); - fprintf(stdout, "%-25s 3 - Email Protection\n", ""); - fprintf(stdout, "%-25s 4 - Timestamp\n", ""); - fprintf(stdout, "%-25s 5 - OCSP Responder\n", ""); -#ifdef DEBUG_NSSTEAM_ONLY - fprintf(stdout, "%-25s 6 - Step-up\n", ""); -#endif /* DEBUG_NSSTEAM_ONLY */ - fprintf(stdout, "%-25s Other to finish\n", ""); - - gets(buffer); - value = atoi(buffer); - - switch( value ) { - case 0: - rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_SERVER_AUTH); - break; - case 1: - rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_CLIENT_AUTH); - break; - case 2: - rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_CODE_SIGN); - break; - case 3: - rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_EMAIL_PROTECT); - break; - case 4: - rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_TIME_STAMP); - break; - case 5: - rv = AddOidToSequence(os, SEC_OID_OCSP_RESPONDER); - break; -#ifdef DEBUG_NSSTEAM_ONLY - case 6: - rv = AddOidToSequence(os, SEC_OID_NS_KEY_USAGE_GOVT_APPROVED); - break; -#endif /* DEBUG_NSSTEAM_ONLY */ - default: - goto endloop; - } - - if( SECSuccess != rv ) goto loser; - } - - endloop:; - item = EncodeOidSequence(os); - - buffer[0] = 'n'; - puts ("Is this a critical extension [y/n]? "); - gets (buffer); - - rv = CERT_AddExtension(extHandle, SEC_OID_X509_EXT_KEY_USAGE, item, - ((buffer[0] == 'y' || buffer[0] == 'Y') - ? PR_TRUE : PR_FALSE), PR_TRUE); - /*FALLTHROUGH*/ - loser: - DestroyOidSequence(os); - return rv; -} - -static SECStatus -AddNscpCertType (void *extHandle) -{ - SECItem bitStringValue; - unsigned char keyUsage = 0x0; - char buffer[5]; - int value; - - while (1) { - fprintf(stdout, "%-25s 0 - SSL Client\n", ""); - fprintf(stdout, "%-25s 1 - SSL Server\n", ""); - fprintf(stdout, "%-25s 2 - S/MIME\n", ""); - fprintf(stdout, "%-25s 3 - Object Signing\n", ""); - fprintf(stdout, "%-25s 4 - Reserved for futuer use\n", ""); - fprintf(stdout, "%-25s 5 - SSL CA\n", ""); - fprintf(stdout, "%-25s 6 - S/MIME CA\n", ""); - fprintf(stdout, "%-25s 7 - Object Signing CA\n", ""); - fprintf(stdout, "%-25s Other to finish\n", ""); - gets (buffer); - value = atoi (buffer); - if (value < 0 || value > 7) - break; - keyUsage |= (0x80 >> value); - } - - bitStringValue.data = &keyUsage; - bitStringValue.len = 1; - buffer[0] = 'n'; - puts ("Is this a critical extension [y/n]? "); - gets (buffer); - - return (CERT_EncodeAndAddBitStrExtension - (extHandle, SEC_OID_NS_CERT_EXT_CERT_TYPE, &bitStringValue, - (buffer[0] == 'y' || buffer[0] == 'Y') ? PR_TRUE : PR_FALSE)); - -} - -static SECStatus -AddSubjectAltNames(void *extHandle, const char *names, CERTGeneralNameType type) -{ - SECItem item = { 0, NULL, 0 }; - CERTGeneralName *nameList = NULL; - CERTGeneralName *current = NULL; - PRCList *prev = NULL; - PRArenaPool *arena; - const char *cp; - char *tbuf; - SECStatus rv = SECSuccess; - - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if (arena == NULL) { - return SECFailure; - } - - /* - * walk down the comma separated list of names. NOTE: there is - * no sanity checks to see if the email address look like email addresses. - */ - for (cp=names; cp; cp = PORT_Strchr(cp,',')) { - int len; - char *end; - - if (*cp == ',') { - cp++; - } - end = PORT_Strchr(cp,','); - len = end ? end-cp : PORT_Strlen(cp); - if (len <= 0) { - continue; - } - tbuf = PORT_ArenaAlloc(arena,len+1); - PORT_Memcpy(tbuf,cp,len); - tbuf[len] = 0; - current = (CERTGeneralName *) PORT_ZAlloc(sizeof(CERTGeneralName)); - if (!current) { - rv = SECFailure; - break; - } - if (prev) { - current->l.prev = prev; - prev->next = &(current->l); - } else { - nameList = current; - } - current->type = type; - current->type = certRFC822Name; - current->name.other.data = (unsigned char *)tbuf; - current->name.other.len = PORT_Strlen(tbuf); - prev = &(current->l); - } - if (rv != SECSuccess) { - goto loser; - } - /* no email address */ - if (!nameList) { - /*rv=SECSuccess; We know rv is SECSuccess because of the previous if*/ - goto done; - } - nameList->l.prev = prev; - current->l.next = &(nameList->l); - - CERT_EncodeAltNameExtension(arena, nameList, &item); - rv = CERT_AddExtension (extHandle, SEC_OID_X509_SUBJECT_ALT_NAME, &item, - PR_FALSE, PR_TRUE); -done: -loser: - PORT_FreeArena(arena, PR_FALSE); - return rv; - -} - -static SECStatus -AddEmailSubjectAlt(void *extHandle, const char *emailAddrs) -{ - return AddSubjectAltNames(extHandle, emailAddrs, certRFC822Name); -} - -static SECStatus -AddDNSSubjectAlt(void *extHandle, const char *dnsNames) -{ - return AddSubjectAltNames(extHandle, dnsNames, certDNSName); -} - - -typedef SECStatus (* EXTEN_VALUE_ENCODER) - (PRArenaPool *extHandle, void *value, SECItem *encodedValue); - -static SECStatus -EncodeAndAddExtensionValue( - PRArenaPool * arena, - void * extHandle, - void * value, - PRBool criticality, - int extenType, - EXTEN_VALUE_ENCODER EncodeValueFn) -{ - SECItem encodedValue; - SECStatus rv; - - - encodedValue.data = NULL; - encodedValue.len = 0; - do { - rv = (*EncodeValueFn)(arena, value, &encodedValue); - if (rv != SECSuccess) - break; - - rv = CERT_AddExtension - (extHandle, extenType, &encodedValue, criticality,PR_TRUE); - } while (0); - - return (rv); -} - -static SECStatus -AddBasicConstraint(void *extHandle) -{ - CERTBasicConstraints basicConstraint; - SECItem encodedValue; - SECStatus rv; - char buffer[10]; - - encodedValue.data = NULL; - encodedValue.len = 0; - do { - basicConstraint.pathLenConstraint = CERT_UNLIMITED_PATH_CONSTRAINT; - puts ("Is this a CA certificate [y/n]?"); - gets (buffer); - basicConstraint.isCA = (buffer[0] == 'Y' || buffer[0] == 'y') ? - PR_TRUE : PR_FALSE; - - puts ("Enter the path length constraint, enter to skip [<0 for unlimited path]:"); - gets (buffer); - if (PORT_Strlen (buffer) > 0) - basicConstraint.pathLenConstraint = atoi (buffer); - - rv = CERT_EncodeBasicConstraintValue (NULL, &basicConstraint, &encodedValue); - if (rv) - return (rv); - - buffer[0] = 'n'; - puts ("Is this a critical extension [y/n]? "); - gets (buffer); - rv = CERT_AddExtension - (extHandle, SEC_OID_X509_BASIC_CONSTRAINTS, - &encodedValue, (buffer[0] == 'y' || buffer[0] == 'Y') ? - PR_TRUE : PR_FALSE ,PR_TRUE); - } while (0); - PORT_Free (encodedValue.data); - return (rv); -} - -static SECItem * -SignCert(CERTCertDBHandle *handle, CERTCertificate *cert, PRBool selfsign, - SECOidTag hashAlgTag, - SECKEYPrivateKey *privKey, char *issuerNickName, void *pwarg) -{ - SECItem der; - SECItem *result = NULL; - SECKEYPrivateKey *caPrivateKey = NULL; - SECStatus rv; - PRArenaPool *arena; - SECOidTag algID; - void *dummy; - - if( !selfsign ) { - CERTCertificate *issuer = PK11_FindCertFromNickname(issuerNickName, pwarg); - if( (CERTCertificate *)NULL == issuer ) { - SECU_PrintError(progName, "unable to find issuer with nickname %s", - issuerNickName); - return (SECItem *)NULL; - } - - privKey = caPrivateKey = PK11_FindKeyByAnyCert(issuer, pwarg); - CERT_DestroyCertificate(issuer); - if (caPrivateKey == NULL) { - SECU_PrintError(progName, "unable to retrieve key %s", issuerNickName); - return NULL; - } - } - - arena = cert->arena; - - algID = getSignatureOidTag(privKey->keyType, hashAlgTag); - if (algID == SEC_OID_UNKNOWN) { - fprintf(stderr, "Unknown key or hash type for issuer."); - goto done; - } - - rv = SECOID_SetAlgorithmID(arena, &cert->signature, algID, 0); - if (rv != SECSuccess) { - fprintf(stderr, "Could not set signature algorithm id."); - goto done; - } - - /* we only deal with cert v3 here */ - *(cert->version.data) = 2; - cert->version.len = 1; - - der.len = 0; - der.data = NULL; - dummy = SEC_ASN1EncodeItem (arena, &der, cert, - SEC_ASN1_GET(CERT_CertificateTemplate)); - if (!dummy) { - fprintf (stderr, "Could not encode certificate.\n"); - goto done; - } - - result = (SECItem *) PORT_ArenaZAlloc (arena, sizeof (SECItem)); - if (result == NULL) { - fprintf (stderr, "Could not allocate item for certificate data.\n"); - goto done; - } - - rv = SEC_DerSignData(arena, result, der.data, der.len, privKey, algID); - if (rv != SECSuccess) { - fprintf (stderr, "Could not sign encoded certificate data.\n"); - PORT_Free(result); - result = NULL; - goto done; - } - cert->derCert = *result; -done: - if (caPrivateKey) { - SECKEY_DestroyPrivateKey(caPrivateKey); - } - return result; -} - -static SECStatus -AddAuthKeyID (void *extHandle) -{ - CERTAuthKeyID *authKeyID = NULL; - PRArenaPool *arena = NULL; - SECStatus rv = SECSuccess; - char buffer[512]; - - do { - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if ( !arena ) { - SECU_PrintError(progName, "out of memory"); - GEN_BREAK (SECFailure); - } - - if (GetYesNo ("Enter value for the authKeyID extension [y/n]?\n") == 0) - break; - - authKeyID = PORT_ArenaZAlloc (arena, sizeof (CERTAuthKeyID)); - if (authKeyID == NULL) { - GEN_BREAK (SECFailure); - } - - rv = GetString (arena, "Enter value for the key identifier fields, enter to omit:", - &authKeyID->keyID); - if (rv != SECSuccess) - break; - authKeyID->authCertIssuer = GetGeneralName (arena); - if (authKeyID->authCertIssuer == NULL && SECFailure == PORT_GetError ()) - break; - - - rv = GetString (arena, "Enter value for the authCertSerial field, enter to omit:", - &authKeyID->authCertSerialNumber); - - buffer[0] = 'n'; - puts ("Is this a critical extension [y/n]? "); - gets (buffer); - - rv = EncodeAndAddExtensionValue - (arena, extHandle, authKeyID, - (buffer[0] == 'y' || buffer[0] == 'Y') ? PR_TRUE : PR_FALSE, - SEC_OID_X509_AUTH_KEY_ID, - (EXTEN_VALUE_ENCODER) CERT_EncodeAuthKeyID); - if (rv) - break; - - } while (0); - if (arena) - PORT_FreeArena (arena, PR_FALSE); - return (rv); -} - -static SECStatus -AddCrlDistPoint(void *extHandle) -{ - PRArenaPool *arena = NULL; - CERTCrlDistributionPoints *crlDistPoints = NULL; - CRLDistributionPoint *current; - SECStatus rv = SECSuccess; - int count = 0, intValue; - char buffer[5]; - - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if ( !arena ) - return (SECFailure); - - do { - current = NULL; - current = PORT_ArenaZAlloc (arena, sizeof (*current)); - if (current == NULL) { - GEN_BREAK (SECFailure); - } - - /* Get the distributionPointName fields - this field is optional */ - puts ("Enter the type of the distribution point name:\n"); - puts ("\t1 - Full Name\n\t2 - Relative Name\n\tOther - omit\n\t\tChoice: "); - scanf ("%d", &intValue); - switch (intValue) { - case generalName: - current->distPointType = intValue; - current->distPoint.fullName = GetGeneralName (arena); - rv = PORT_GetError(); - break; - - case relativeDistinguishedName: { - CERTName *name; - char buffer[512]; - - current->distPointType = intValue; - puts ("Enter the relative name: "); - fflush (stdout); - gets (buffer); - /* For simplicity, use CERT_AsciiToName to converse from a string - to NAME, but we only interest in the first RDN */ - name = CERT_AsciiToName (buffer); - if (!name) { - GEN_BREAK (SECFailure); - } - rv = CERT_CopyRDN (arena, ¤t->distPoint.relativeName, name->rdns[0]); - CERT_DestroyName (name); - break; - } - } - if (rv != SECSuccess) - break; - - /* Get the reason flags */ - puts ("\nSelect one of the following for the reason flags\n"); - puts ("\t0 - unused\n\t1 - keyCompromise\n\t2 - caCompromise\n\t3 - affiliationChanged\n"); - puts ("\t4 - superseded\n\t5 - cessationOfOperation\n\t6 - certificateHold\n"); - puts ("\tother - omit\t\tChoice: "); - - scanf ("%d", &intValue); - if (intValue >= 0 && intValue <8) { - current->reasons.data = PORT_ArenaAlloc (arena, sizeof(char)); - if (current->reasons.data == NULL) { - GEN_BREAK (SECFailure); - } - *current->reasons.data = (char)(0x80 >> intValue); - current->reasons.len = 1; - } - puts ("Enter value for the CRL Issuer name:\n"); - current->crlIssuer = GetGeneralName (arena); - if (current->crlIssuer == NULL && (rv = PORT_GetError()) == SECFailure) - break; - - if (crlDistPoints == NULL) { - crlDistPoints = PORT_ArenaZAlloc (arena, sizeof (*crlDistPoints)); - if (crlDistPoints == NULL) { - GEN_BREAK (SECFailure); - } - } - - crlDistPoints->distPoints = PORT_ArenaGrow (arena, - crlDistPoints->distPoints, - sizeof (*crlDistPoints->distPoints) * count, - sizeof (*crlDistPoints->distPoints) *(count + 1)); - if (crlDistPoints->distPoints == NULL) { - GEN_BREAK (SECFailure); - } - - crlDistPoints->distPoints[count] = current; - ++count; - if (GetYesNo ("Enter more value for the CRL distribution point extension [y/n]\n") == 0) { - /* Add null to the end of the crlDistPoints to mark end of data */ - crlDistPoints->distPoints = PORT_ArenaGrow(arena, - crlDistPoints->distPoints, - sizeof (*crlDistPoints->distPoints) * count, - sizeof (*crlDistPoints->distPoints) *(count + 1)); - crlDistPoints->distPoints[count] = NULL; - break; - } - - - } while (1); - - if (rv == SECSuccess) { - buffer[0] = 'n'; - puts ("Is this a critical extension [y/n]? "); - gets (buffer); - - rv = EncodeAndAddExtensionValue(arena, extHandle, crlDistPoints, - (buffer[0] == 'Y' || buffer[0] == 'y') ? PR_TRUE : PR_FALSE, - SEC_OID_X509_CRL_DIST_POINTS, - (EXTEN_VALUE_ENCODER) CERT_EncodeCRLDistributionPoints); - } - if (arena) - PORT_FreeArena (arena, PR_FALSE); - return (rv); -} - -static SECStatus -CreateCert( - CERTCertDBHandle *handle, - char * issuerNickName, - PRFileDesc *inFile, - PRFileDesc *outFile, - SECKEYPrivateKey *selfsignprivkey, - void *pwarg, - SECOidTag hashAlgTag, - unsigned int serialNumber, - int warpmonths, - int validitylength, - const char *emailAddrs, - const char *dnsNames, - PRBool ascii, - PRBool selfsign, - PRBool keyUsage, - PRBool extKeyUsage, - PRBool basicConstraint, - PRBool authKeyID, - PRBool crlDistPoints, - PRBool nscpCertType) -{ - void * extHandle; - SECItem * certDER; - PRArenaPool *arena = NULL; - CERTCertificate *subjectCert = NULL; - CERTCertificateRequest *certReq = NULL; - SECStatus rv = SECSuccess; - SECItem reqDER; - - reqDER.data = NULL; - do { - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if (!arena) { - GEN_BREAK (SECFailure); - } - - /* Create a certrequest object from the input cert request der */ - certReq = GetCertRequest(inFile, ascii); - if (certReq == NULL) { - GEN_BREAK (SECFailure) - } - - subjectCert = MakeV1Cert (handle, certReq, issuerNickName, selfsign, - serialNumber, warpmonths, validitylength); - if (subjectCert == NULL) { - GEN_BREAK (SECFailure) - } - - extHandle = CERT_StartCertExtensions (subjectCert); - if (extHandle == NULL) { - GEN_BREAK (SECFailure) - } - - /* Add key usage extension */ - if (keyUsage) { - rv = AddKeyUsage(extHandle); - if (rv) - break; - } - - /* Add extended key usage extension */ - if (extKeyUsage) { - rv = AddExtKeyUsage(extHandle); - if (rv) - break; - } - - /* Add basic constraint extension */ - if (basicConstraint) { - rv = AddBasicConstraint(extHandle); - if (rv) - break; - } - - if (authKeyID) { - rv = AddAuthKeyID (extHandle); - if (rv) - break; - } - - - if (crlDistPoints) { - rv = AddCrlDistPoint (extHandle); - if (rv) - break; - } - - if (nscpCertType) { - rv = AddNscpCertType(extHandle); - if (rv) - break; - } - - if (emailAddrs != NULL) { - rv = AddEmailSubjectAlt(extHandle,emailAddrs); - if (rv) - break; - } - - if (dnsNames != NULL) { - rv = AddDNSSubjectAlt(extHandle,dnsNames); - if (rv) - break; - } - - CERT_FinishExtensions(extHandle); - - certDER = SignCert(handle, subjectCert, selfsign, hashAlgTag, - selfsignprivkey, issuerNickName,pwarg); - - if (certDER) { - if (ascii) { - PR_fprintf(outFile, "%s\n%s\n%s\n", NS_CERT_HEADER, - BTOA_DataToAscii(certDER->data, certDER->len), - NS_CERT_TRAILER); - } else { - PR_Write(outFile, certDER->data, certDER->len); - } - } - - } while (0); - CERT_DestroyCertificateRequest (certReq); - CERT_DestroyCertificate (subjectCert); - PORT_FreeArena (arena, PR_FALSE); - if (rv != SECSuccess) { - PRErrorCode perr = PR_GetError(); - fprintf(stderr, "%s: unable to create cert (%s)\n", progName, - SECU_Strerror(perr)); - } - return (rv); -} - -/* Certutil commands */ -enum { - cmd_AddCert = 0, - cmd_CreateNewCert, - cmd_DeleteCert, - cmd_AddEmailCert, - cmd_DeleteKey, - cmd_GenKeyPair, - cmd_PrintHelp, - cmd_ListKeys, - cmd_ListCerts, - cmd_ModifyCertTrust, - cmd_NewDBs, - cmd_DumpChain, - cmd_CertReq, - cmd_CreateAndAddCert, - cmd_TokenReset, - cmd_ListModules, - cmd_CheckCertValidity, - cmd_ChangePassword, - cmd_Version -}; - -/* Certutil options */ -enum { - opt_SSOPass = 0, - opt_AddKeyUsageExt, - opt_AddBasicConstraintExt, - opt_AddAuthorityKeyIDExt, - opt_AddCRLDistPtsExt, - opt_AddNSCertTypeExt, - opt_AddExtKeyUsageExt, - opt_ExtendedEmailAddrs, - opt_ExtendedDNSNames, - opt_ASCIIForIO, - opt_ValidityTime, - opt_IssuerName, - opt_CertDir, - opt_VerifySig, - opt_PasswordFile, - opt_KeySize, - opt_TokenName, - opt_InputFile, - opt_KeyIndex, - opt_KeyType, - opt_DetailedInfo, - opt_SerialNumber, - opt_Nickname, - opt_OutputFile, - opt_PhoneNumber, - opt_DBPrefix, - opt_PQGFile, - opt_BinaryDER, - opt_Subject, - opt_Trust, - opt_Usage, - opt_Validity, - opt_OffsetMonths, - opt_SelfSign, - opt_RW, - opt_Exponent, - opt_NoiseFile, - opt_Hash, - opt_Batch -}; - -static int -certutil_main(int argc, char **argv, PRBool initialize) -{ - CERTCertDBHandle *certHandle; - PK11SlotInfo *slot = NULL; - CERTName * subject = 0; - PRFileDesc *inFile = PR_STDIN; - PRFileDesc *outFile = NULL; - char * certfile = "tempcert"; - char * certreqfile = "tempcertreq"; - char * slotname = "internal"; - char * certPrefix = ""; - KeyType keytype = rsaKey; - char * name = NULL; - SECOidTag hashAlgTag = SEC_OID_UNKNOWN; - int keysize = DEFAULT_KEY_BITS; - int publicExponent = 0x010001; - unsigned int serialNumber = 0; - int warpmonths = 0; - int validitylength = 0; - int commandsEntered = 0; - char commandToRun = '\0'; - secuPWData pwdata = { PW_NONE, 0 }; - PRBool readOnly = PR_FALSE; - - SECKEYPrivateKey *privkey = NULL; - SECKEYPublicKey *pubkey = NULL; - - int i; - SECStatus rv; - - secuCommand certutil; - -secuCommandFlag certutil_commands[] = -{ - { /* cmd_AddCert */ 'A', PR_FALSE, 0, PR_FALSE }, - { /* cmd_CreateNewCert */ 'C', PR_FALSE, 0, PR_FALSE }, - { /* cmd_DeleteCert */ 'D', PR_FALSE, 0, PR_FALSE }, - { /* cmd_AddEmailCert */ 'E', PR_FALSE, 0, PR_FALSE }, - { /* cmd_DeleteKey */ 'F', PR_FALSE, 0, PR_FALSE }, - { /* cmd_GenKeyPair */ 'G', PR_FALSE, 0, PR_FALSE }, - { /* cmd_PrintHelp */ 'H', PR_FALSE, 0, PR_FALSE }, - { /* cmd_ListKeys */ 'K', PR_FALSE, 0, PR_FALSE }, - { /* cmd_ListCerts */ 'L', PR_FALSE, 0, PR_FALSE }, - { /* cmd_ModifyCertTrust */ 'M', PR_FALSE, 0, PR_FALSE }, - { /* cmd_NewDBs */ 'N', PR_FALSE, 0, PR_FALSE }, - { /* cmd_DumpChain */ 'O', PR_FALSE, 0, PR_FALSE }, - { /* cmd_CertReq */ 'R', PR_FALSE, 0, PR_FALSE }, - { /* cmd_CreateAndAddCert */ 'S', PR_FALSE, 0, PR_FALSE }, - { /* cmd_TokenReset */ 'T', PR_FALSE, 0, PR_FALSE }, - { /* cmd_ListModules */ 'U', PR_FALSE, 0, PR_FALSE }, - { /* cmd_CheckCertValidity */ 'V', PR_FALSE, 0, PR_FALSE }, - { /* cmd_ChangePassword */ 'W', PR_FALSE, 0, PR_FALSE }, - { /* cmd_Version */ 'Y', PR_FALSE, 0, PR_FALSE } -}; - -secuCommandFlag certutil_options[] = -{ - { /* opt_SSOPass */ '0', PR_TRUE, 0, PR_FALSE }, - { /* opt_AddKeyUsageExt */ '1', PR_FALSE, 0, PR_FALSE }, - { /* opt_AddBasicConstraintExt*/ '2', PR_FALSE, 0, PR_FALSE }, - { /* opt_AddAuthorityKeyIDExt*/ '3', PR_FALSE, 0, PR_FALSE }, - { /* opt_AddCRLDistPtsExt */ '4', PR_FALSE, 0, PR_FALSE }, - { /* opt_AddNSCertTypeExt */ '5', PR_FALSE, 0, PR_FALSE }, - { /* opt_AddExtKeyUsageExt */ '6', PR_FALSE, 0, PR_FALSE }, - { /* opt_ExtendedEmailAddrs */ '7', PR_TRUE, 0, PR_FALSE }, - { /* opt_ExtendedDNSNames */ '8', PR_TRUE, 0, PR_FALSE }, - { /* opt_ASCIIForIO */ 'a', PR_FALSE, 0, PR_FALSE }, - { /* opt_ValidityTime */ 'b', PR_TRUE, 0, PR_FALSE }, - { /* opt_IssuerName */ 'c', PR_TRUE, 0, PR_FALSE }, - { /* opt_CertDir */ 'd', PR_TRUE, 0, PR_FALSE }, - { /* opt_VerifySig */ 'e', PR_FALSE, 0, PR_FALSE }, - { /* opt_PasswordFile */ 'f', PR_TRUE, 0, PR_FALSE }, - { /* opt_KeySize */ 'g', PR_TRUE, 0, PR_FALSE }, - { /* opt_TokenName */ 'h', PR_TRUE, 0, PR_FALSE }, - { /* opt_InputFile */ 'i', PR_TRUE, 0, PR_FALSE }, - { /* opt_KeyIndex */ 'j', PR_TRUE, 0, PR_FALSE }, - { /* opt_KeyType */ 'k', PR_TRUE, 0, PR_FALSE }, - { /* opt_DetailedInfo */ 'l', PR_FALSE, 0, PR_FALSE }, - { /* opt_SerialNumber */ 'm', PR_TRUE, 0, PR_FALSE }, - { /* opt_Nickname */ 'n', PR_TRUE, 0, PR_FALSE }, - { /* opt_OutputFile */ 'o', PR_TRUE, 0, PR_FALSE }, - { /* opt_PhoneNumber */ 'p', PR_TRUE, 0, PR_FALSE }, - { /* opt_DBPrefix */ 'P', PR_TRUE, 0, PR_FALSE }, - { /* opt_PQGFile */ 'q', PR_TRUE, 0, PR_FALSE }, - { /* opt_BinaryDER */ 'r', PR_FALSE, 0, PR_FALSE }, - { /* opt_Subject */ 's', PR_TRUE, 0, PR_FALSE }, - { /* opt_Trust */ 't', PR_TRUE, 0, PR_FALSE }, - { /* opt_Usage */ 'u', PR_TRUE, 0, PR_FALSE }, - { /* opt_Validity */ 'v', PR_TRUE, 0, PR_FALSE }, - { /* opt_OffsetMonths */ 'w', PR_TRUE, 0, PR_FALSE }, - { /* opt_SelfSign */ 'x', PR_FALSE, 0, PR_FALSE }, - { /* opt_RW */ 'X', PR_FALSE, 0, PR_FALSE }, - { /* opt_Exponent */ 'y', PR_TRUE, 0, PR_FALSE }, - { /* opt_NoiseFile */ 'z', PR_TRUE, 0, PR_FALSE }, - { /* opt_Hash */ 'Z', PR_TRUE, 0, PR_FALSE }, - { /* opt_Batch */ 'B', PR_TRUE, 0, PR_FALSE } -}; - - - certutil.numCommands = sizeof(certutil_commands) / sizeof(secuCommandFlag); - certutil.numOptions = sizeof(certutil_options) / sizeof(secuCommandFlag); - certutil.commands = certutil_commands; - certutil.options = certutil_options; - - progName = PORT_Strrchr(argv[0], '/'); - progName = progName ? progName+1 : argv[0]; - - rv = SECU_ParseCommandLine(argc, argv, progName, &certutil); - - if (rv != SECSuccess) - Usage(progName); - - if (certutil.commands[cmd_PrintHelp].activated) - LongUsage(progName); - - if (certutil.options[opt_PasswordFile].arg) { - pwdata.source = PW_FROMFILE; - pwdata.data = certutil.options[opt_PasswordFile].arg; - } - - if (certutil.options[opt_CertDir].activated) - SECU_ConfigDirectory(certutil.options[opt_CertDir].arg); - - if (certutil.options[opt_KeySize].activated) { - keysize = PORT_Atoi(certutil.options[opt_KeySize].arg); - if ((keysize < MIN_KEY_BITS) || (keysize > MAX_KEY_BITS)) { - PR_fprintf(PR_STDERR, - "%s -g: Keysize must be between %d and %d.\n", - progName, MIN_KEY_BITS, MAX_KEY_BITS); - return 255; - } -#ifdef NSS_ENABLE_ECC - if (keytype == ecKey) { - PR_fprintf(PR_STDERR, "%s -g: Not for ec keys.\n", progName); - return 255; - } -#endif /* NSS_ENABLE_ECC */ - - } - - /* -h specify token name */ - if (certutil.options[opt_TokenName].activated) { - if (PL_strcmp(certutil.options[opt_TokenName].arg, "all") == 0) - slotname = NULL; - else - slotname = PL_strdup(certutil.options[opt_TokenName].arg); - } - - /* -Z hash type */ - if (certutil.options[opt_Hash].activated) { - char * arg = certutil.options[opt_Hash].arg; - if (!PL_strcmp(arg, "MD2")) { - hashAlgTag = SEC_OID_MD2; - } else if (!PL_strcmp(arg, "MD4")) { - hashAlgTag = SEC_OID_MD4; - } else if (!PL_strcmp(arg, "MD5")) { - hashAlgTag = SEC_OID_MD5; - } else if (!PL_strcmp(arg, "SHA1")) { - hashAlgTag = SEC_OID_SHA1; - } else if (!PL_strcmp(arg, "SHA256")) { - hashAlgTag = SEC_OID_SHA256; - } else if (!PL_strcmp(arg, "SHA384")) { - hashAlgTag = SEC_OID_SHA384; - } else if (!PL_strcmp(arg, "SHA512")) { - hashAlgTag = SEC_OID_SHA512; - } else { - PR_fprintf(PR_STDERR, "%s -Z: %s is not a recognized type.\n", - progName, arg); - return 255; - } - } - - /* -k key type */ - if (certutil.options[opt_KeyType].activated) { - char * arg = certutil.options[opt_KeyType].arg; - if (PL_strcmp(arg, "rsa") == 0) { - keytype = rsaKey; - } else if (PL_strcmp(arg, "dsa") == 0) { - keytype = dsaKey; -#ifdef NSS_ENABLE_ECC - } else if (PL_strcmp(arg, "ec") == 0) { - keytype = ecKey; -#endif /* NSS_ENABLE_ECC */ - } else if (PL_strcmp(arg, "all") == 0) { - keytype = nullKey; - } else { - PR_fprintf(PR_STDERR, "%s -k: %s is not a recognized type.\n", - progName, arg); - return 255; - } - } - - /* -m serial number */ - if (certutil.options[opt_SerialNumber].activated) { - int sn = PORT_Atoi(certutil.options[opt_SerialNumber].arg); - if (sn < 0) { - PR_fprintf(PR_STDERR, "%s -m: %s is not a valid serial number.\n", - progName, certutil.options[opt_SerialNumber].arg); - return 255; - } - serialNumber = sn; - } - - /* -P certdb name prefix */ - if (certutil.options[opt_DBPrefix].activated) - certPrefix = strdup(certutil.options[opt_DBPrefix].arg); - - /* -q PQG file or curve name */ - if (certutil.options[opt_PQGFile].activated) { -#ifdef NSS_ENABLE_ECC - if ((keytype != dsaKey) && (keytype != ecKey)) { - PR_fprintf(PR_STDERR, "%s -q: specifies a PQG file for DSA keys" \ - " (-k dsa) or a named curve for EC keys (-k ec)\n)", - progName); -#else - if (keytype != dsaKey) { - PR_fprintf(PR_STDERR, "%s -q: PQG file is for DSA key (-k dsa).\n)", - progName); -#endif /* NSS_ENABLE_ECC */ - return 255; - } - } - - /* -s subject name */ - if (certutil.options[opt_Subject].activated) { - subject = CERT_AsciiToName(certutil.options[opt_Subject].arg); - if (!subject) { - PR_fprintf(PR_STDERR, "%s -s: improperly formatted name: \"%s\"\n", - progName, certutil.options[opt_Subject].arg); - return 255; - } - } - - /* -v validity period */ - if (certutil.options[opt_Validity].activated) { - validitylength = PORT_Atoi(certutil.options[opt_Validity].arg); - if (validitylength < 0) { - PR_fprintf(PR_STDERR, "%s -v: incorrect validity period: \"%s\"\n", - progName, certutil.options[opt_Validity].arg); - return 255; - } - } - - /* -w warp months */ - if (certutil.options[opt_OffsetMonths].activated) - warpmonths = PORT_Atoi(certutil.options[opt_OffsetMonths].arg); - - /* -y public exponent (for RSA) */ - if (certutil.options[opt_Exponent].activated) { - publicExponent = PORT_Atoi(certutil.options[opt_Exponent].arg); - if ((publicExponent != 3) && - (publicExponent != 17) && - (publicExponent != 65537)) { - PR_fprintf(PR_STDERR, "%s -y: incorrect public exponent %d.", - progName, publicExponent); - PR_fprintf(PR_STDERR, "Must be 3, 17, or 65537.\n"); - return 255; - } - } - - /* Check number of commands entered. */ - commandsEntered = 0; - for (i=0; i< certutil.numCommands; i++) { - if (certutil.commands[i].activated) { - commandToRun = certutil.commands[i].flag; - commandsEntered++; - } - if (commandsEntered > 1) - break; - } - if (commandsEntered > 1) { - PR_fprintf(PR_STDERR, "%s: only one command at a time!\n", progName); - PR_fprintf(PR_STDERR, "You entered: "); - for (i=0; i< certutil.numCommands; i++) { - if (certutil.commands[i].activated) - PR_fprintf(PR_STDERR, " -%c", certutil.commands[i].flag); - } - PR_fprintf(PR_STDERR, "\n"); - return 255; - } - if (commandsEntered == 0) { - PR_fprintf(PR_STDERR, "%s: you must enter a command!\n", progName); - Usage(progName); - } - - if (certutil.commands[cmd_ListCerts].activated || - certutil.commands[cmd_PrintHelp].activated || - certutil.commands[cmd_ListKeys].activated || - certutil.commands[cmd_ListModules].activated || - certutil.commands[cmd_CheckCertValidity].activated || - certutil.commands[cmd_Version].activated ) { - readOnly = !certutil.options[opt_RW].activated; - } - - /* -A, -D, -F, -M, -S, -V, and all require -n */ - if ((certutil.commands[cmd_AddCert].activated || - certutil.commands[cmd_DeleteCert].activated || - certutil.commands[cmd_DeleteKey].activated || - certutil.commands[cmd_DumpChain].activated || - certutil.commands[cmd_ModifyCertTrust].activated || - certutil.commands[cmd_CreateAndAddCert].activated || - certutil.commands[cmd_CheckCertValidity].activated) && - !certutil.options[opt_Nickname].activated) { - PR_fprintf(PR_STDERR, - "%s -%c: nickname is required for this command (-n).\n", - progName, commandToRun); - return 255; - } - - /* -A, -E, -M, -S require trust */ - if ((certutil.commands[cmd_AddCert].activated || - certutil.commands[cmd_AddEmailCert].activated || - certutil.commands[cmd_ModifyCertTrust].activated || - certutil.commands[cmd_CreateAndAddCert].activated) && - !certutil.options[opt_Trust].activated) { - PR_fprintf(PR_STDERR, - "%s -%c: trust is required for this command (-t).\n", - progName, commandToRun); - return 255; - } - - /* if -L is given raw or ascii mode, it must be for only one cert. */ - if (certutil.commands[cmd_ListCerts].activated && - (certutil.options[opt_ASCIIForIO].activated || - certutil.options[opt_BinaryDER].activated) && - !certutil.options[opt_Nickname].activated) { - PR_fprintf(PR_STDERR, - "%s: nickname is required to dump cert in raw or ascii mode.\n", - progName); - return 255; - } - - /* -L can only be in (raw || ascii). */ - if (certutil.commands[cmd_ListCerts].activated && - certutil.options[opt_ASCIIForIO].activated && - certutil.options[opt_BinaryDER].activated) { - PR_fprintf(PR_STDERR, - "%s: cannot specify both -r and -a when dumping cert.\n", - progName); - return 255; - } - - /* For now, deny -C -x combination */ - if (certutil.commands[cmd_CreateNewCert].activated && - certutil.options[opt_SelfSign].activated) { - PR_fprintf(PR_STDERR, - "%s: self-signing a cert request is not supported.\n", - progName); - return 255; - } - - /* If making a cert request, need a subject. */ - if ((certutil.commands[cmd_CertReq].activated || - certutil.commands[cmd_CreateAndAddCert].activated) && - !certutil.options[opt_Subject].activated) { - PR_fprintf(PR_STDERR, - "%s -%c: subject is required to create a cert request.\n", - progName, commandToRun); - return 255; - } - - /* If making a cert, need a serial number. */ - if ((certutil.commands[cmd_CreateNewCert].activated || - certutil.commands[cmd_CreateAndAddCert].activated) && - !certutil.options[opt_SerialNumber].activated) { - /* Make a default serial number from the current time. */ - PRTime now = PR_Now(); - LL_USHR(now, now, 19); - LL_L2UI(serialNumber, now); - } - - /* Validation needs the usage to validate for. */ - if (certutil.commands[cmd_CheckCertValidity].activated && - !certutil.options[opt_Usage].activated) { - PR_fprintf(PR_STDERR, - "%s -V: specify a usage to validate the cert for (-u).\n", - progName); - return 255; - } - - /* To make a cert, need either a issuer or to self-sign it. */ - if (certutil.commands[cmd_CreateAndAddCert].activated && - !(certutil.options[opt_IssuerName].activated || - certutil.options[opt_SelfSign].activated)) { - PR_fprintf(PR_STDERR, - "%s -S: must specify issuer (-c) or self-sign (-x).\n", - progName); - return 255; - } - - /* Using slotname == NULL for listing keys and certs on all slots, - * but only that. */ - if (!(certutil.commands[cmd_ListKeys].activated || - certutil.commands[cmd_DumpChain].activated || - certutil.commands[cmd_ListCerts].activated) && slotname == NULL) { - PR_fprintf(PR_STDERR, - "%s -%c: cannot use \"-h all\" for this command.\n", - progName, commandToRun); - return 255; - } - - /* Using keytype == nullKey for list all key types, but only that. */ - if (!certutil.commands[cmd_ListKeys].activated && keytype == nullKey) { - PR_fprintf(PR_STDERR, - "%s -%c: cannot use \"-k all\" for this command.\n", - progName, commandToRun); - return 255; - } - - /* -S open outFile, temporary file for cert request. */ - if (certutil.commands[cmd_CreateAndAddCert].activated) { - outFile = PR_Open(certreqfile, PR_RDWR | PR_CREATE_FILE, 00660); - if (!outFile) { - PR_fprintf(PR_STDERR, - "%s -o: unable to open \"%s\" for writing (%ld, %ld)\n", - progName, certreqfile, - PR_GetError(), PR_GetOSError()); - return 255; - } - } - - /* Open the input file. */ - if (certutil.options[opt_InputFile].activated) { - inFile = PR_Open(certutil.options[opt_InputFile].arg, PR_RDONLY, 0); - if (!inFile) { - PR_fprintf(PR_STDERR, - "%s: unable to open \"%s\" for reading (%ld, %ld).\n", - progName, certutil.options[opt_InputFile].arg, - PR_GetError(), PR_GetOSError()); - return 255; - } - } - - /* Open the output file. */ - if (certutil.options[opt_OutputFile].activated && !outFile) { - outFile = PR_Open(certutil.options[opt_OutputFile].arg, - PR_CREATE_FILE | PR_RDWR, 00660); - if (!outFile) { - PR_fprintf(PR_STDERR, - "%s: unable to open \"%s\" for writing (%ld, %ld).\n", - progName, certutil.options[opt_OutputFile].arg, - PR_GetError(), PR_GetOSError()); - return 255; - } - } - - name = SECU_GetOptionArg(&certutil, opt_Nickname); - - PK11_SetPasswordFunc(SECU_GetModulePassword); - - if (PR_TRUE == initialize) { - /* Initialize NSPR and NSS. */ - PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1); - rv = NSS_Initialize(SECU_ConfigDirectory(NULL), certPrefix, certPrefix, - "secmod.db", readOnly ? NSS_INIT_READONLY: 0); - if (rv != SECSuccess) { - SECU_PrintPRandOSError(progName); - rv = SECFailure; - goto shutdown; - } - } - certHandle = CERT_GetDefaultCertDB(); - - if (certutil.commands[cmd_Version].activated) { - int version = CERT_GetDBContentVersion(certHandle); - printf("Certificate database content version: %d\n", version); - } - - if (PL_strcmp(slotname, "internal") == 0) - slot = PK11_GetInternalKeySlot(); - else if (slotname != NULL) - slot = PK11_FindSlotByName(slotname); - - /* If creating new database, initialize the password. */ - if (certutil.commands[cmd_NewDBs].activated) { - SECU_ChangePW(slot, 0, certutil.options[opt_PasswordFile].arg); - } - - /* The following 8 options are mutually exclusive with all others. */ - - /* List certs (-L) */ - if (certutil.commands[cmd_ListCerts].activated) { - rv = ListCerts(certHandle, name, slot, - certutil.options[opt_BinaryDER].activated, - certutil.options[opt_ASCIIForIO].activated, - (outFile) ? outFile : PR_STDOUT, &pwdata); - goto shutdown; - } - if (certutil.commands[cmd_DumpChain].activated) { - rv = DumpChain(certHandle, name); - goto shutdown; - } - /* XXX needs work */ - /* List keys (-K) */ - if (certutil.commands[cmd_ListKeys].activated) { - rv = ListKeys(slot, name, 0 /*keyindex*/, keytype, PR_FALSE /*dopriv*/, - &pwdata); - goto shutdown; - } - /* List modules (-U) */ - if (certutil.commands[cmd_ListModules].activated) { - rv = ListModules(); - goto shutdown; - } - /* Delete cert (-D) */ - if (certutil.commands[cmd_DeleteCert].activated) { - rv = DeleteCert(certHandle, name); - goto shutdown; - } - /* Delete key (-F) */ - if (certutil.commands[cmd_DeleteKey].activated) { - rv = DeleteKey(name, &pwdata); - goto shutdown; - } - /* Modify trust attribute for cert (-M) */ - if (certutil.commands[cmd_ModifyCertTrust].activated) { - rv = ChangeTrustAttributes(certHandle, name, - certutil.options[opt_Trust].arg); - goto shutdown; - } - /* Change key db password (-W) (future - change pw to slot?) */ - if (certutil.commands[cmd_ChangePassword].activated) { - rv = SECU_ChangePW(slot, 0, certutil.options[opt_PasswordFile].arg); - goto shutdown; - } - /* Reset the a token */ - if (certutil.commands[cmd_TokenReset].activated) { - char *sso_pass = ""; - - if (certutil.options[opt_SSOPass].activated) { - sso_pass = certutil.options[opt_SSOPass].arg; - } - rv = PK11_ResetToken(slot,sso_pass); - - goto shutdown; - } - /* Check cert validity against current time (-V) */ - if (certutil.commands[cmd_CheckCertValidity].activated) { - /* XXX temporary hack for fips - must log in to get priv key */ - if (certutil.options[opt_VerifySig].activated) { - if (slot && PK11_NeedLogin(slot)) - PK11_Authenticate(slot, PR_TRUE, &pwdata); - } - rv = ValidateCert(certHandle, name, - certutil.options[opt_ValidityTime].arg, - certutil.options[opt_Usage].arg, - certutil.options[opt_VerifySig].activated, - certutil.options[opt_DetailedInfo].activated, - &pwdata); - goto shutdown; - } - - /* - * Key generation - */ - - /* These commands require keygen. */ - if (certutil.commands[cmd_CertReq].activated || - certutil.commands[cmd_CreateAndAddCert].activated || - certutil.commands[cmd_GenKeyPair].activated) { - /* XXX Give it a nickname. */ - privkey = - CERTUTIL_GeneratePrivateKey(keytype, slot, keysize, - publicExponent, - certutil.options[opt_NoiseFile].arg, - &pubkey, - certutil.options[opt_PQGFile].arg, - &pwdata); - if (privkey == NULL) { - SECU_PrintError(progName, "unable to generate key(s)\n"); - rv = SECFailure; - goto shutdown; - } - privkey->wincx = &pwdata; - PORT_Assert(pubkey != NULL); - - /* If all that was needed was keygen, exit. */ - if (certutil.commands[cmd_GenKeyPair].activated) { - rv = SECSuccess; - goto shutdown; - } - } - - /* - * Certificate request - */ - - /* Make a cert request (-R or -S). */ - if (certutil.commands[cmd_CreateAndAddCert].activated || - certutil.commands[cmd_CertReq].activated) { - rv = CertReq(privkey, pubkey, keytype, hashAlgTag, subject, - certutil.options[opt_PhoneNumber].arg, - certutil.options[opt_ASCIIForIO].activated, - certutil.options[opt_ExtendedEmailAddrs].arg, - certutil.options[opt_ExtendedDNSNames].arg, - outFile ? outFile : PR_STDOUT); - if (rv) - goto shutdown; - privkey->wincx = &pwdata; - } - - /* - * Certificate creation - */ - - /* If making and adding a cert, load the cert request file - * and output the cert to another file. - */ - if (certutil.commands[cmd_CreateAndAddCert].activated) { - PR_Close(outFile); - inFile = PR_Open(certreqfile, PR_RDONLY, 0); - if (!inFile) { - PR_fprintf(PR_STDERR, "Failed to open file \"%s\" (%ld, %ld).\n", - certreqfile, PR_GetError(), PR_GetOSError()); - rv = SECFailure; - goto shutdown; - } - outFile = PR_Open(certfile, PR_RDWR | PR_CREATE_FILE, 00660); - if (!outFile) { - PR_fprintf(PR_STDERR, "Failed to open file \"%s\" (%ld, %ld).\n", - certfile, PR_GetError(), PR_GetOSError()); - rv = SECFailure; - goto shutdown; - } - } - - /* Create a certificate (-C or -S). */ - if (certutil.commands[cmd_CreateAndAddCert].activated || - certutil.commands[cmd_CreateNewCert].activated) { - rv = CreateCert(certHandle, - certutil.options[opt_IssuerName].arg, - inFile, outFile, privkey, &pwdata, hashAlgTag, - serialNumber, warpmonths, validitylength, - certutil.options[opt_ExtendedEmailAddrs].arg, - certutil.options[opt_ExtendedDNSNames].arg, - certutil.options[opt_ASCIIForIO].activated, - certutil.options[opt_SelfSign].activated, - certutil.options[opt_AddKeyUsageExt].activated, - certutil.options[opt_AddExtKeyUsageExt].activated, - certutil.options[opt_AddBasicConstraintExt].activated, - certutil.options[opt_AddAuthorityKeyIDExt].activated, - certutil.options[opt_AddCRLDistPtsExt].activated, - certutil.options[opt_AddNSCertTypeExt].activated); - if (rv) - goto shutdown; - } - - /* - * Adding a cert to the database (or slot) - */ - - if (certutil.commands[cmd_CreateAndAddCert].activated) { - PORT_Assert(inFile != PR_STDIN); - PR_Close(inFile); - PR_Close(outFile); - inFile = PR_Open(certfile, PR_RDONLY, 0); - if (!inFile) { - PR_fprintf(PR_STDERR, "Failed to open file \"%s\" (%ld, %ld).\n", - certfile, PR_GetError(), PR_GetOSError()); - rv = SECFailure; - goto shutdown; - } - } - - if (certutil.commands[cmd_CreateAndAddCert].activated || - certutil.commands[cmd_AddCert].activated || - certutil.commands[cmd_AddEmailCert].activated) { - rv = AddCert(slot, certHandle, name, - certutil.options[opt_Trust].arg, - inFile, - certutil.options[opt_ASCIIForIO].activated, - certutil.commands[cmd_AddEmailCert].activated,&pwdata); - if (rv) - goto shutdown; - } - - if (certutil.commands[cmd_CreateAndAddCert].activated) { - PORT_Assert(inFile != PR_STDIN); - PR_Close(inFile); - PR_Delete(certfile); - PR_Delete(certreqfile); - } - -shutdown: - if (slot) { - PK11_FreeSlot(slot); - } - if (privkey) { - SECKEY_DestroyPrivateKey(privkey); - } - if (pubkey) { - SECKEY_DestroyPublicKey(pubkey); - } - - /* Open the batch command file. - * - * - If -B <command line> option is specified, the contents in the - * command file will be interpreted as subsequent certutil - * commands to be executed in the current certutil process - * context after the current certutil command has been executed. - * - Each line in the command file consists of the command - * line arguments for certutil. - * - The -d <configdir> option will be ignored if specified in the - * command file. - * - Quoting with double quote characters ("...") is supported - * to allow white space in a command line argument. The - * double quote character cannot be escaped and quoting cannot - * be nested in this version. - * - each line in the batch file is limited to 512 characters - */ - - if ((SECSuccess == rv) && certutil.options[opt_Batch].activated) { - FILE* batchFile = fopen(certutil.options[opt_Batch].arg, "r"); - char nextcommand[512]; - if (!batchFile) { - PR_fprintf(PR_STDERR, - "%s: unable to open \"%s\" for reading (%ld, %ld).\n", - progName, certutil.options[opt_Batch].arg, - PR_GetError(), PR_GetOSError()); - return 255; - } - /* read and execute command-lines in a loop */ - while ( (SECSuccess == rv ) && - fgets(nextcommand, sizeof(nextcommand), batchFile)) { - /* we now need to split the command into argc / argv format */ - char* commandline = PORT_Strdup(nextcommand); - PRBool invalid = PR_FALSE; - int newargc = 2; - char* space = NULL; - char* nextarg = NULL; - char** newargv = NULL; - char* crlf = PORT_Strrchr(commandline, '\n'); - if (crlf) { - *crlf = '\0'; - } - - newargv = PORT_Alloc(sizeof(char*)*(newargc+1)); - newargv[0] = progName; - newargv[1] = commandline; - nextarg = commandline; - while ((space = PORT_Strpbrk(nextarg, " \f\n\r\t\v")) ) { - while (isspace(*space) ) { - *space = '\0'; - space ++; - } - if (*space == '\0') { - break; - } else if (*space != '\"') { - nextarg = space; - } else { - char* closingquote = strchr(space+1, '\"'); - if (closingquote) { - *closingquote = '\0'; - space++; - nextarg = closingquote+1; - } else { - invalid = PR_TRUE; - nextarg = space; - } - } - newargc++; - newargv = PORT_Realloc(newargv, sizeof(char*)*(newargc+1)); - newargv[newargc-1] = space; - } - newargv[newargc] = NULL; - - /* invoke next command */ - if (PR_TRUE == invalid) { - PR_fprintf(PR_STDERR, "Missing closing quote in batch command :\n%s\nNot executed.\n", - nextcommand); - rv = SECFailure; - } else { - if (0 != certutil_main(newargc, newargv, PR_FALSE) ) - rv = SECFailure; - } - PORT_Free(newargv); - PORT_Free(commandline); - } - fclose(batchFile); - } - - if ((initialize == PR_TRUE) && NSS_Shutdown() != SECSuccess) { - exit(1); - } - - if (rv == SECSuccess) { - return 0; - } else { - return 255; - } -} - -int -main(int argc, char **argv) -{ - return certutil_main(argc, argv, PR_TRUE); -} diff --git a/security/nss/cmd/certutil/keystuff.c b/security/nss/cmd/certutil/keystuff.c deleted file mode 100644 index 66661c7bc..000000000 --- a/security/nss/cmd/certutil/keystuff.c +++ /dev/null @@ -1,550 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Portions created by Sun Microsystems, Inc. are Copyright (C) 2003 - * Sun Microsystems, Inc. All Rights Reserved. - * - * Contributor(s): - * Dr Vipul Gupta <vipul.gupta@sun.com>, Sun Microsystems Laboratories - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -#include <stdio.h> -#include <string.h> -#include "secutil.h" - -#if defined(XP_UNIX) -#include <unistd.h> -#include <sys/time.h> -#include <termios.h> -#endif - -#if defined(XP_WIN) || defined (XP_PC) -#include <time.h> -#include <conio.h> -#endif - -#if defined(__sun) && !defined(SVR4) -extern int fclose(FILE*); -extern int fprintf(FILE *, char *, ...); -extern int isatty(int); -extern char *sys_errlist[]; -#define strerror(errno) sys_errlist[errno] -#endif - -#include "nspr.h" -#include "prtypes.h" -#include "prtime.h" -#include "prlong.h" - -#include "pk11func.h" - -#define NUM_KEYSTROKES 120 -#define RAND_BUF_SIZE 60 - -#define ERROR_BREAK rv = SECFailure;break; - -const SEC_ASN1Template SECKEY_PQGParamsTemplate[] = { - { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SECKEYPQGParams) }, - { SEC_ASN1_INTEGER, offsetof(SECKEYPQGParams,prime) }, - { SEC_ASN1_INTEGER, offsetof(SECKEYPQGParams,subPrime) }, - { SEC_ASN1_INTEGER, offsetof(SECKEYPQGParams,base) }, - { 0, } -}; - -/* returns 0 for success, -1 for failure (EOF encountered) */ -static int -UpdateRNG(void) -{ - char * randbuf; - int fd, i, count; - int c; - int rv = 0; -#ifdef XP_UNIX - cc_t orig_cc_min; - cc_t orig_cc_time; - tcflag_t orig_lflag; - struct termios tio; -#endif - -#define FPS fprintf(stderr, - FPS "\n"); - FPS "A random seed must be generated that will be used in the\n"); - FPS "creation of your key. One of the easiest ways to create a\n"); - FPS "random seed is to use the timing of keystrokes on a keyboard.\n"); - FPS "\n"); - FPS "To begin, type keys on the keyboard until this progress meter\n"); - FPS "is full. DO NOT USE THE AUTOREPEAT FUNCTION ON YOUR KEYBOARD!\n"); - FPS "\n"); - FPS "\n"); - FPS "Continue typing until the progress meter is full:\n\n"); - FPS "| |\r"); - - /* turn off echo on stdin & return on 1 char instead of NL */ - fd = fileno(stdin); - -#if defined(XP_UNIX) && !defined(VMS) - tcgetattr(fd, &tio); - orig_lflag = tio.c_lflag; - orig_cc_min = tio.c_cc[VMIN]; - orig_cc_time = tio.c_cc[VTIME]; - tio.c_lflag &= ~ECHO; - tio.c_lflag &= ~ICANON; - tio.c_cc[VMIN] = 1; - tio.c_cc[VTIME] = 0; - tcsetattr(fd, TCSAFLUSH, &tio); -#endif - - /* Get random noise from keyboard strokes */ - randbuf = (char *) PORT_Alloc(RAND_BUF_SIZE); - count = 0; - while (count < NUM_KEYSTROKES+1) { -#ifdef VMS - c = GENERIC_GETCHAR_NOECHO(); -#elif XP_UNIX - c = getc(stdin); -#else - c = getch(); -#endif - if (c == EOF) { - rv = -1; - break; - } - PK11_RandomUpdate(randbuf, sizeof(randbuf)); - if (c != randbuf[0]) { - randbuf[0] = c; - FPS "\r|"); - for (i=0; i<count/(NUM_KEYSTROKES/RAND_BUF_SIZE); i++) { - FPS "*"); - } - if (count%(NUM_KEYSTROKES/RAND_BUF_SIZE) == 1) - FPS "/"); - count++; - } - } - free(randbuf); - - FPS "\n\n"); - FPS "Finished. Press enter to continue: "); -#if defined(VMS) - while((c = GENERIC_GETCHAR_NO_ECHO()) != '\r' && c != EOF) - ; -#else - while ((c = getc(stdin)) != '\n' && c != EOF) - ; -#endif - if (c == EOF) - rv = -1; - FPS "\n"); - -#undef FPS - -#if defined(XP_UNIX) && !defined(VMS) - /* set back termio the way it was */ - tio.c_lflag = orig_lflag; - tio.c_cc[VMIN] = orig_cc_min; - tio.c_cc[VTIME] = orig_cc_time; - tcsetattr(fd, TCSAFLUSH, &tio); -#endif - return rv; -} - - -static unsigned char P[] = { 0x00, 0x8d, 0xf2, 0xa4, 0x94, 0x49, 0x22, 0x76, - 0xaa, 0x3d, 0x25, 0x75, 0x9b, 0xb0, 0x68, 0x69, - 0xcb, 0xea, 0xc0, 0xd8, 0x3a, 0xfb, 0x8d, 0x0c, - 0xf7, 0xcb, 0xb8, 0x32, 0x4f, 0x0d, 0x78, 0x82, - 0xe5, 0xd0, 0x76, 0x2f, 0xc5, 0xb7, 0x21, 0x0e, - 0xaf, 0xc2, 0xe9, 0xad, 0xac, 0x32, 0xab, 0x7a, - 0xac, 0x49, 0x69, 0x3d, 0xfb, 0xf8, 0x37, 0x24, - 0xc2, 0xec, 0x07, 0x36, 0xee, 0x31, 0xc8, 0x02, - 0x91 }; -static unsigned char Q[] = { 0x00, 0xc7, 0x73, 0x21, 0x8c, 0x73, 0x7e, 0xc8, - 0xee, 0x99, 0x3b, 0x4f, 0x2d, 0xed, 0x30, 0xf4, - 0x8e, 0xda, 0xce, 0x91, 0x5f }; -static unsigned char G[] = { 0x00, 0x62, 0x6d, 0x02, 0x78, 0x39, 0xea, 0x0a, - 0x13, 0x41, 0x31, 0x63, 0xa5, 0x5b, 0x4c, 0xb5, - 0x00, 0x29, 0x9d, 0x55, 0x22, 0x95, 0x6c, 0xef, - 0xcb, 0x3b, 0xff, 0x10, 0xf3, 0x99, 0xce, 0x2c, - 0x2e, 0x71, 0xcb, 0x9d, 0xe5, 0xfa, 0x24, 0xba, - 0xbf, 0x58, 0xe5, 0xb7, 0x95, 0x21, 0x92, 0x5c, - 0x9c, 0xc4, 0x2e, 0x9f, 0x6f, 0x46, 0x4b, 0x08, - 0x8c, 0xc5, 0x72, 0xaf, 0x53, 0xe6, 0xd7, 0x88, - 0x02 }; - -static SECKEYPQGParams default_pqg_params = { - NULL, - { 0, P, sizeof(P) }, - { 0, Q, sizeof(Q) }, - { 0, G, sizeof(G) } -}; - -static SECKEYPQGParams * -decode_pqg_params(char *str) -{ - char *buf; - unsigned int len; - PRArenaPool *arena; - SECKEYPQGParams *params; - SECStatus status; - - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if (arena == NULL) - return NULL; - - params = PORT_ArenaZAlloc(arena, sizeof(SECKEYPQGParams)); - if (params == NULL) - goto loser; - params->arena = arena; - - buf = (char *)ATOB_AsciiToData(str, &len); - if ((buf == NULL) || (len == 0)) - goto loser; - - status = SEC_ASN1Decode(arena, params, SECKEY_PQGParamsTemplate, buf, len); - if (status != SECSuccess) - goto loser; - - return params; - -loser: - if (arena != NULL) - PORT_FreeArena(arena, PR_FALSE); - return NULL; -} - -void -CERTUTIL_DestroyParamsPQG(SECKEYPQGParams *params) -{ - if (params->arena) { - PORT_FreeArena(params->arena, PR_FALSE); - } -} - -static int -pqg_prime_bits(char *str) -{ - SECKEYPQGParams *params = NULL; - int primeBits = 0, i; - - params = decode_pqg_params(str); - if (params == NULL) - goto done; /* lose */ - - for (i = 0; params->prime.data[i] == 0; i++) - /* empty */; - primeBits = (params->prime.len - i) * 8; - -done: - if (params != NULL) - CERTUTIL_DestroyParamsPQG(params); - return primeBits; -} - -static char * -SECU_GetpqgString(char *filename) -{ - char phrase[400]; - FILE *fh; - char *rv; - - fh = fopen(filename,"r"); - rv = fgets (phrase, sizeof(phrase), fh); - - fclose(fh); - if (phrase[strlen(phrase)-1] == '\n') - phrase[strlen(phrase)-1] = '\0'; - if (rv) { - return (char*) PORT_Strdup(phrase); - } - fprintf(stderr,"pqg file contain no data\n"); - return NULL; -} - -SECKEYPQGParams* -getpqgfromfile(int keyBits, char *pqgFile) -{ - char *end, *str, *pqgString; - int primeBits; - - pqgString = SECU_GetpqgString(pqgFile); - if (pqgString) - str = PORT_Strdup(pqgString); - else - return NULL; - - do { - end = PORT_Strchr(str, ','); - if (end) - *end = '\0'; - primeBits = pqg_prime_bits(str); - if (keyBits == primeBits) - goto found_match; - str = end + 1; - } while (end); - - PORT_Free(pqgString); - PORT_Free(str); - return NULL; - -found_match: - PORT_Free(pqgString); - PORT_Free(str); - return decode_pqg_params(str); -} - -void CERTUTIL_FileForRNG(char *noise) -{ - char buf[2048]; - PRFileDesc *fd; - PRInt32 count; - - fd = PR_OpenFile(noise,PR_RDONLY,0666); - if (!fd) return; - - do { - count = PR_Read(fd,buf,sizeof(buf)); - if (count > 0) { - PK11_RandomUpdate(buf,count); - } - } while (count > 0); - - PR_Close(fd); - -} - -#ifdef NSS_ENABLE_ECC -typedef struct curveNameTagPairStr { - char *curveName; - SECOidTag curveOidTag; -} CurveNameTagPair; - -#define DEFAULT_CURVE_OID_TAG SEC_OID_SECG_EC_SECP192R1 -/* #define DEFAULT_CURVE_OID_TAG SEC_OID_SECG_EC_SECP160R1 */ - -static CurveNameTagPair nameTagPair[] = -{ - { "sect163k1", SEC_OID_SECG_EC_SECT163K1}, - { "nistk163", SEC_OID_SECG_EC_SECT163K1}, - { "sect163r1", SEC_OID_SECG_EC_SECT163R1}, - { "sect163r2", SEC_OID_SECG_EC_SECT163R2}, - { "nistb163", SEC_OID_SECG_EC_SECT163R2}, - { "sect193r1", SEC_OID_SECG_EC_SECT193R1}, - { "sect193r2", SEC_OID_SECG_EC_SECT193R2}, - { "sect233k1", SEC_OID_SECG_EC_SECT233K1}, - { "nistk233", SEC_OID_SECG_EC_SECT233K1}, - { "sect233r1", SEC_OID_SECG_EC_SECT233R1}, - { "nistb233", SEC_OID_SECG_EC_SECT233R1}, - { "sect239k1", SEC_OID_SECG_EC_SECT239K1}, - { "sect283k1", SEC_OID_SECG_EC_SECT283K1}, - { "nistk283", SEC_OID_SECG_EC_SECT283K1}, - { "sect283r1", SEC_OID_SECG_EC_SECT283R1}, - { "nistb283", SEC_OID_SECG_EC_SECT283R1}, - { "sect409k1", SEC_OID_SECG_EC_SECT409K1}, - { "nistk409", SEC_OID_SECG_EC_SECT409K1}, - { "sect409r1", SEC_OID_SECG_EC_SECT409R1}, - { "nistb409", SEC_OID_SECG_EC_SECT409R1}, - { "sect571k1", SEC_OID_SECG_EC_SECT571K1}, - { "nistk571", SEC_OID_SECG_EC_SECT571K1}, - { "sect571r1", SEC_OID_SECG_EC_SECT571R1}, - { "nistb571", SEC_OID_SECG_EC_SECT571R1}, - { "secp160k1", SEC_OID_SECG_EC_SECP160K1}, - { "secp160r1", SEC_OID_SECG_EC_SECP160R1}, - { "secp160r2", SEC_OID_SECG_EC_SECP160R2}, - { "secp192k1", SEC_OID_SECG_EC_SECP192K1}, - { "secp192r1", SEC_OID_SECG_EC_SECP192R1}, - { "nistp192", SEC_OID_SECG_EC_SECP192R1}, - { "secp224k1", SEC_OID_SECG_EC_SECP224K1}, - { "secp224r1", SEC_OID_SECG_EC_SECP224R1}, - { "nistp224", SEC_OID_SECG_EC_SECP224R1}, - { "secp256k1", SEC_OID_SECG_EC_SECP256K1}, - { "secp256r1", SEC_OID_SECG_EC_SECP256R1}, - { "nistp256", SEC_OID_SECG_EC_SECP256R1}, - { "secp384r1", SEC_OID_SECG_EC_SECP384R1}, - { "nistp384", SEC_OID_SECG_EC_SECP384R1}, - { "secp521r1", SEC_OID_SECG_EC_SECP521R1}, - { "nistp521", SEC_OID_SECG_EC_SECP521R1}, - - { "prime192v1", SEC_OID_ANSIX962_EC_PRIME192V1 }, - { "prime192v2", SEC_OID_ANSIX962_EC_PRIME192V2 }, - { "prime192v3", SEC_OID_ANSIX962_EC_PRIME192V3 }, - { "prime239v1", SEC_OID_ANSIX962_EC_PRIME239V1 }, - { "prime239v2", SEC_OID_ANSIX962_EC_PRIME239V2 }, - { "prime239v3", SEC_OID_ANSIX962_EC_PRIME239V3 }, - - { "c2pnb163v1", SEC_OID_ANSIX962_EC_C2PNB163V1 }, - { "c2pnb163v2", SEC_OID_ANSIX962_EC_C2PNB163V2 }, - { "c2pnb163v3", SEC_OID_ANSIX962_EC_C2PNB163V3 }, - { "c2pnb176v1", SEC_OID_ANSIX962_EC_C2PNB176V1 }, - { "c2tnb191v1", SEC_OID_ANSIX962_EC_C2TNB191V1 }, - { "c2tnb191v2", SEC_OID_ANSIX962_EC_C2TNB191V2 }, - { "c2tnb191v3", SEC_OID_ANSIX962_EC_C2TNB191V3 }, - { "c2onb191v4", SEC_OID_ANSIX962_EC_C2ONB191V4 }, - { "c2onb191v5", SEC_OID_ANSIX962_EC_C2ONB191V5 }, - { "c2pnb208w1", SEC_OID_ANSIX962_EC_C2PNB208W1 }, - { "c2tnb239v1", SEC_OID_ANSIX962_EC_C2TNB239V1 }, - { "c2tnb239v2", SEC_OID_ANSIX962_EC_C2TNB239V2 }, - { "c2tnb239v3", SEC_OID_ANSIX962_EC_C2TNB239V3 }, - { "c2onb239v4", SEC_OID_ANSIX962_EC_C2ONB239V4 }, - { "c2onb239v5", SEC_OID_ANSIX962_EC_C2ONB239V5 }, - { "c2pnb272w1", SEC_OID_ANSIX962_EC_C2PNB272W1 }, - { "c2pnb304w1", SEC_OID_ANSIX962_EC_C2PNB304W1 }, - { "c2tnb359v1", SEC_OID_ANSIX962_EC_C2TNB359V1 }, - { "c2pnb368w1", SEC_OID_ANSIX962_EC_C2PNB368W1 }, - { "c2tnb431r1", SEC_OID_ANSIX962_EC_C2TNB431R1 }, - - { "secp112r1", SEC_OID_SECG_EC_SECP112R1}, - { "secp112r2", SEC_OID_SECG_EC_SECP112R2}, - { "secp128r1", SEC_OID_SECG_EC_SECP128R1}, - { "secp128r2", SEC_OID_SECG_EC_SECP128R2}, - - { "sect113r1", SEC_OID_SECG_EC_SECT113R1}, - { "sect113r2", SEC_OID_SECG_EC_SECT113R2}, - { "sect131r1", SEC_OID_SECG_EC_SECT131R1}, - { "sect131r2", SEC_OID_SECG_EC_SECT131R2}, -}; - -static SECKEYECParams * -getECParams(char *curve) -{ - SECKEYECParams *ecparams; - SECOidData *oidData = NULL; - SECOidTag curveOidTag = SEC_OID_UNKNOWN; /* default */ - int i, numCurves; - - if (curve != NULL) { - numCurves = sizeof(nameTagPair)/sizeof(CurveNameTagPair); - for (i = 0; ((i < numCurves) && (curveOidTag == SEC_OID_UNKNOWN)); - i++) { - if (PL_strcmp(curve, nameTagPair[i].curveName) == 0) - curveOidTag = nameTagPair[i].curveOidTag; - } - } - - /* Return NULL if curve name is not recognized */ - if ((curveOidTag == SEC_OID_UNKNOWN) || - (oidData = SECOID_FindOIDByTag(curveOidTag)) == NULL) { - fprintf(stderr, "Unrecognized elliptic curve %s\n", curve); - return NULL; - } - - ecparams = SECITEM_AllocItem(NULL, NULL, (2 + oidData->oid.len)); - - /* - * ecparams->data needs to contain the ASN encoding of an object ID (OID) - * representing the named curve. The actual OID is in - * oidData->oid.data so we simply prepend 0x06 and OID length - */ - ecparams->data[0] = SEC_ASN1_OBJECT_ID; - ecparams->data[1] = oidData->oid.len; - memcpy(ecparams->data + 2, oidData->oid.data, oidData->oid.len); - - return ecparams; -} -#endif /* NSS_ENABLE_ECC */ - -SECKEYPrivateKey * -CERTUTIL_GeneratePrivateKey(KeyType keytype, PK11SlotInfo *slot, int size, - int publicExponent, char *noise, - SECKEYPublicKey **pubkeyp, char *pqgFile, - secuPWData *pwdata) -{ - CK_MECHANISM_TYPE mechanism; - SECOidTag algtag; - PK11RSAGenParams rsaparams; - SECKEYPQGParams *dsaparams = NULL; - void *params; - PRArenaPool *dsaparena; - - /* - * Do some random-number initialization. - */ - - if (noise) { - CERTUTIL_FileForRNG(noise); - } else { - int rv = UpdateRNG(); - if (rv) { - PORT_SetError(PR_END_OF_FILE_ERROR); - return NULL; - } - } - - switch (keytype) { - case rsaKey: - rsaparams.keySizeInBits = size; - rsaparams.pe = publicExponent; - mechanism = CKM_RSA_PKCS_KEY_PAIR_GEN; - algtag = SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION; - params = &rsaparams; - break; - case dsaKey: - mechanism = CKM_DSA_KEY_PAIR_GEN; - algtag = SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST; - if (pqgFile) { - dsaparams = getpqgfromfile(size, pqgFile); - } else { - dsaparena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if (dsaparena == NULL) return NULL; - dsaparams = PORT_ArenaZAlloc(dsaparena, sizeof(SECKEYPQGParams)); - if (dsaparams == NULL) return NULL; - dsaparams->arena = dsaparena; - SECITEM_AllocItem(dsaparena, &dsaparams->prime, sizeof P); - SECITEM_AllocItem(dsaparena, &dsaparams->subPrime, sizeof Q); - SECITEM_AllocItem(dsaparena, &dsaparams->base, sizeof G); - PORT_Memcpy(dsaparams->prime.data, P, dsaparams->prime.len); - PORT_Memcpy(dsaparams->subPrime.data, Q, dsaparams->subPrime.len); - PORT_Memcpy(dsaparams->base.data, G, dsaparams->base.len); - } - params = dsaparams; - break; -#ifdef NSS_ENABLE_ECC - case ecKey: - mechanism = CKM_EC_KEY_PAIR_GEN; - /* For EC keys, PQGFile determines EC parameters */ - if ((params = (void *) getECParams(pqgFile)) == NULL) - return NULL; - break; -#endif /* NSS_ENABLE_ECC */ - default: - return NULL; - } - - if (slot == NULL) - return NULL; - if (PK11_Authenticate(slot, PR_TRUE, pwdata) != SECSuccess) - return NULL; - - fprintf(stderr, "\n\n"); - fprintf(stderr, "Generating key. This may take a few moments...\n\n"); - - return PK11_GenerateKeyPair(slot, mechanism, params, pubkeyp, - PR_TRUE /*isPerm*/, PR_TRUE /*isSensitive*/, - pwdata /*wincx*/); -} diff --git a/security/nss/cmd/certutil/makefile.win b/security/nss/cmd/certutil/makefile.win deleted file mode 100644 index 26cdc0651..000000000 --- a/security/nss/cmd/certutil/makefile.win +++ /dev/null @@ -1,155 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -VERBOSE = 1 -include <manifest.mn> - -PROGRAM = certutil -PROGRAM = $(OBJDIR)\$(PROGRAM).exe - -include <$(DEPTH)\config\config.mak> - - -# let manifest generate C_OBJS, it will prepend ./$(OBJDIR)/ -# rules.mak will append C_OBJS onto OBJS. -# OBJS = $(CSRCS:.c=.obj) - -# include files are looked for in $LINCS and $INCS. -# $LINCS is in manifest.mnw, computed from REQUIRES= -INCS = $(INCS) \ - -I$(DEPTH)/security/lib/cert \ - -I../include \ - $(NULL) - -IGNORE_ME = \ - -I$(DEPTH)/security/lib/key \ - -I$(DEPTH)/security/lib/util \ - - -WINFE = $(DEPTH)/cmd/winfe/mkfiles$(MOZ_BITS)/x86Dbg - -# these files are the content of libdbm -DBM_LIB = \ - $(WINFE)/DB.obj \ - $(WINFE)/HASH.obj \ - $(WINFE)/H_BIGKEY.obj \ - $(WINFE)/H_PAGE.obj \ - $(WINFE)/H_LOG2.obj \ - $(WINFE)/H_FUNC.obj \ - $(WINFE)/HASH_BUF.obj \ - $(NULL) - -MOZ_LIBS = \ - $(WINFE)/ALLXPSTR.obj \ - $(WINFE)/XP_ERROR.obj \ - $(WINFE)/XPASSERT.obj \ - $(WINFE)/XP_REG.obj \ - $(WINFE)/XP_TRACE.obj \ - $(DBM_LIB) \ - $(WINFE)/XP_STR.obj \ - $(WINFE)/MKTEMP.obj \ - $(NULL) - -SEC_LIBS = \ - $(DIST)/lib/cert$(MOZ_BITS).lib \ - $(DIST)/lib/crypto$(MOZ_BITS).lib \ - $(DIST)/lib/hash$(MOZ_BITS).lib \ - $(DIST)/lib/key$(MOZ_BITS).lib \ - $(DIST)/lib/pkcs7$(MOZ_BITS).lib \ - $(DIST)/lib/secmod$(MOZ_BITS).lib \ - $(DIST)/lib/secutl$(MOZ_BITS).lib \ - $(DIST)/lib/ssl$(MOZ_BITS).lib \ - $(NULL) - -LLFLAGS = $(LLFLAGS) \ - ../lib/$(OBJDIR)/sectool$(MOZ_BITS).lib \ - $(SEC_LIBS) \ - $(MOZ_LIBS) \ - $(DEPTH)/nspr/src/$(OBJDIR)/getopt.obj \ - $(LIBNSPR) \ - $(NULL) - - -# awt3240.lib # brpref32.lib # cert32.lib -# crypto32.lib # dllcom.lib # editor32.lib -# edpref32.lib # edtplug.lib # font.lib -# hash32.lib # htmldg32.lib # img32.lib -# javart32.lib # jbn3240.lib # jdb3240.lib -# jmc.lib # jpeg3240.lib # jpw3240.lib -# jrt3240.lib # js3240.lib # jsd3240.lib -# key32.lib # libapplet32.lib # libnjs32.lib -# libnsc32.lib # libreg32.lib # mm3240.lib -# mnpref32.lib # netcst32.lib # nsdlg32.lib -# nsldap32.lib # nsldaps32.lib # nsn32.lib -# pkcs1232.lib # pkcs732.lib # pr3240.lib -# prefui32.lib # prefuuid.lib # secmod32.lib -# secnav32.lib # secutl32.lib # softup32.lib -# sp3240.lib # ssl32.lib # uni3200.lib -# unicvt32.lib # win32md.lib # winfont.lib -# xppref32.lib # zlib32.lib - -include <$(DEPTH)\config\rules.mak> - - -INSTALL = $(MAKE_INSTALL) - -objs: $(OBJS) - -$(PROGRAM):: - $(INSTALL) $(DIST)/bin/pr3240.dll ./$(OBJDIR) - -programs: $(PROGRAM) - -install:: $(TARGETS) - $(INSTALL) $(TARGETS) $(DIST)/bin - -# ALLXPSTR.obj XP_ALLOC.obj XP_HASH.obj XP_RGB.obj XP_WRAP.obj -# CXPRINT.obj XP_C.cl XP_LIST.obj XP_SEC.obj netscape.exp -# CXPRNDLG.obj XP_CNTXT.obj XP_MD5.obj XP_STR.obj xp.pch -# EXPORT.obj XP_CORE.obj XP_MESG.obj XP_THRMO.obj xppref32.dll -# XPASSERT.obj XP_ERROR.obj XP_RECT.obj XP_TIME.obj -# XPLOCALE.obj XP_FILE.obj XP_REG.obj XP_TRACE.obj - -symbols: - @echo "CSRCS = $(CSRCS)" - @echo "INCS = $(INCS)" - @echo "OBJS = $(OBJS)" - @echo "LIBRARY = $(LIBRARY)" - @echo "PROGRAM = $(PROGRAM)" - @echo "TARGETS = $(TARGETS)" - @echo "DIST = $(DIST)" - @echo "VERSION_NUMBER = $(VERSION_NUMBER)" - @echo "WINFE = $(WINFE)" - @echo "DBM_LIB = $(DBM_LIB)" - @echo "INSTALL = $(INSTALL)" - diff --git a/security/nss/cmd/certutil/manifest.mn b/security/nss/cmd/certutil/manifest.mn deleted file mode 100644 index 7b7860709..000000000 --- a/security/nss/cmd/certutil/manifest.mn +++ /dev/null @@ -1,56 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -CORE_DEPTH = ../../.. - -DEFINES += -DNSPR20 - -# MODULE public and private header directories are implicitly REQUIRED. -MODULE = nss - -CSRCS = \ - certutil.c \ - keystuff.c \ - $(NULL) - -# The MODULE is always implicitly required. -# Listing it here in REQUIRES makes it appear twice in the cc command line. -REQUIRES = dbm seccmd - -PROGRAM = certutil - -ifdef NSS_ENABLE_ECC -DEFINES += -DNSS_ENABLE_ECC -endif - -#USE_STATIC_LIBS = 1 diff --git a/security/nss/cmd/checkcert/Makefile b/security/nss/cmd/checkcert/Makefile deleted file mode 100644 index 573c12cac..000000000 --- a/security/nss/cmd/checkcert/Makefile +++ /dev/null @@ -1,76 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - -include ../platlibs.mk - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - - - -include ../platrules.mk - diff --git a/security/nss/cmd/checkcert/checkcert.c b/security/nss/cmd/checkcert/checkcert.c deleted file mode 100644 index 0cd5e61aa..000000000 --- a/security/nss/cmd/checkcert/checkcert.c +++ /dev/null @@ -1,640 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -#include "secutil.h" -#include "plgetopt.h" -#include "cert.h" -#include "secoid.h" -#include "cryptohi.h" - -/* maximum supported modulus length in bits (indicate problem if over this) */ -#define MAX_MODULUS (1024) - - -static void Usage(char *progName) -{ - fprintf(stderr, "Usage: %s [aAvf] [certtocheck] [issuingcert]\n", - progName); - fprintf(stderr, "%-20s Cert to check is base64 encoded\n", - "-a"); - fprintf(stderr, "%-20s Issuer's cert is base64 encoded\n", - "-A"); - fprintf(stderr, "%-20s Verbose (indicate decoding progress etc.)\n", - "-v"); - fprintf(stderr, "%-20s Force sanity checks even if pretty print fails.\n", - "-f"); - fprintf(stderr, "%-20s Define an output file to use (default is stdout)\n", - "-o output"); - fprintf(stderr, "%-20s Specify the input type (no default)\n", - "-t type"); - exit(-1); -} - - -/* - * Check integer field named fieldName, printing out results and - * returning the length of the integer in bits - */ - -static -int checkInteger(SECItem *intItem, char *fieldName, int verbose) -{ - int len, bitlen; - if (verbose) { - printf("Checking %s\n", fieldName); - } - - len = intItem->len; - - if (len && (intItem->data[0] & 0x80)) { - printf("PROBLEM: %s is NEGATIVE 2's-complement integer.\n", - fieldName); - } - - - /* calculate bit length and check for unnecessary leading zeros */ - bitlen = len << 3; - if (len > 1 && intItem->data[0] == 0) { - /* leading zero byte(s) */ - if (!(intItem->data[1] & 0x80)) { - printf("PROBLEM: %s has unneeded leading zeros. Violates DER.\n", - fieldName); - } - /* strip leading zeros in length calculation */ - { - int i=0; - while (bitlen > 8 && intItem->data[i] == 0) { - bitlen -= 8; - i++; - } - } - } - return bitlen; -} - - - - -static -void checkName(CERTName *n, char *fieldName, int verbose) -{ - char *v=0; - if (verbose) { - printf("Checking %s\n", fieldName); - } - - v = CERT_GetCountryName(n); - if (!v) { - printf("PROBLEM: %s lacks Country Name (C)\n", - fieldName); - } - PORT_Free(v); - - v = CERT_GetOrgName(n); - if (!v) { - printf("PROBLEM: %s lacks Organization Name (O)\n", - fieldName); - } - PORT_Free(v); - - v = CERT_GetOrgUnitName(n); - if (!v) { - printf("WARNING: %s lacks Organization Unit Name (OU)\n", - fieldName); - } - PORT_Free(v); - - v = CERT_GetCommonName(n); - if (!v) { - printf("PROBLEM: %s lacks Common Name (CN)\n", - fieldName); - } - PORT_Free(v); -} - - - - -/* - * Private version of verification that checks for agreement between - * signature algorithm oid (at the SignedData level) and oid in DigestInfo. - * - */ - - -/* Returns the tag for the hash algorithm in the given signature algorithm */ - static - int hashAlg(int sigAlgTag) { - int rv; - switch(sigAlgTag) { - case SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION: - rv = SEC_OID_MD2; - break; - case SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION: - rv = SEC_OID_MD5; - break; - case SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION: - rv = SEC_OID_SHA1; - break; - default: - rv = -1; - } - return rv; - } - - - -struct VFYContextStr { - int alg; - unsigned char digest[32]; - void *hasher; - void (*begin)(void *); - void (*update)(void *, unsigned char*, unsigned); - SECStatus (*end)(void *, unsigned char*, unsigned int*, unsigned); - void (*destroy)(void *, PRBool); -}; - - -static -SECStatus -OurVerifyData(unsigned char *buf, int len, SECKEYPublicKey *key, - SECItem *sig, SECAlgorithmID *sigAlgorithm) -{ - SECStatus rv; - VFYContext *cx; - SECOidData *sigAlgOid, *oiddata; - int sigAlgTag; - int hashAlgTag; - int showDigestOid=0; - - cx = VFY_CreateContext(key, sig, SECOID_GetAlgorithmTag(sigAlgorithm), - NULL); - if (cx == NULL) - return SECFailure; - - sigAlgOid = SECOID_FindOID(&sigAlgorithm->algorithm); - if (sigAlgOid == 0) - return SECFailure; - sigAlgTag = sigAlgOid->offset; - - hashAlgTag = hashAlg(sigAlgTag); - if (hashAlgTag == -1) { - printf("PROBLEM: Unsupported Digest Algorithm in DigestInfo"); - showDigestOid = 1; - } else if (hashAlgTag != cx->alg) { - printf("PROBLEM: Digest OID in DigestInfo is incompatible " - "with Signature Algorithm\n"); - showDigestOid = 1; - } - - if (showDigestOid) { - oiddata = SECOID_FindOIDByTag(cx->alg); - if ( oiddata ) { - printf("PROBLEM: (cont) Digest OID is %s\n", oiddata->desc); - } else { - SECU_PrintAsHex(stdout, - &oiddata->oid, "PROBLEM: UNKNOWN OID", 0); - } - } - - rv = VFY_Begin(cx); - if (rv == SECSuccess) { - rv = VFY_Update(cx, buf, len); - if (rv == SECSuccess) - rv = VFY_End(cx); - } - - VFY_DestroyContext(cx, PR_TRUE); - return rv; -} - - - -static -SECStatus -OurVerifySignedData(CERTSignedData *sd, CERTCertificate *cert) -{ - SECItem sig; - SECKEYPublicKey *pubKey = 0; - SECStatus rv; - - /* check the certificate's validity */ - rv = CERT_CertTimesValid(cert); - if ( rv ) { - return(SECFailure); - } - - /* get cert's public key */ - pubKey = CERT_ExtractPublicKey(cert); - if ( !pubKey ) { - return(SECFailure); - } - - /* check the signature */ - sig = sd->signature; - DER_ConvertBitString(&sig); - rv = OurVerifyData(sd->data.data, sd->data.len, pubKey, &sig, - &sd->signatureAlgorithm); - - SECKEY_DestroyPublicKey(pubKey); - - if ( rv ) { - return(SECFailure); - } - - return(SECSuccess); -} - - - - -static -CERTCertificate *createEmptyCertificate(void) -{ - PRArenaPool *arena = 0; - CERTCertificate *c = 0; - - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if ( !arena ) { - return 0; - } - - - c = (CERTCertificate *) PORT_ArenaZAlloc(arena, sizeof(CERTCertificate)); - - if (c) { - c->referenceCount = 1; - c->arena = arena; - } else { - PORT_FreeArena(arena,PR_TRUE); - } - - return c; -} - - - - -int main(int argc, char **argv) -{ - int rv, verbose=0, force=0; - int ascii=0, issuerAscii=0; - char *progName=0; - PRFileDesc *inFile=0, *issuerCertFile=0; - SECItem derCert, derIssuerCert; - PRArenaPool *arena=0; - CERTSignedData *signedData=0; - CERTCertificate *cert=0, *issuerCert=0; - SECKEYPublicKey *rsapubkey=0; - SECAlgorithmID md5WithRSAEncryption, md2WithRSAEncryption; - SECAlgorithmID sha1WithRSAEncryption, rsaEncryption; - SECItem spk; - int selfSigned=0; - int invalid=0; - char *inFileName = NULL, *issuerCertFileName = NULL; - PLOptState *optstate; - PLOptStatus status; - - PORT_Memset(&md5WithRSAEncryption, 0, sizeof(md5WithRSAEncryption)); - PORT_Memset(&md2WithRSAEncryption, 0, sizeof(md2WithRSAEncryption)); - PORT_Memset(&sha1WithRSAEncryption, 0, sizeof(sha1WithRSAEncryption)); - PORT_Memset(&rsaEncryption, 0, sizeof(rsaEncryption)); - - progName = strrchr(argv[0], '/'); - progName = progName ? progName+1 : argv[0]; - - optstate = PL_CreateOptState(argc, argv, "aAvf"); - while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) { - switch (optstate->option) { - case 'v': - verbose = 1; - break; - - case 'f': - force = 1; - break; - - case 'a': - ascii = 1; - break; - - case 'A': - issuerAscii = 1; - break; - - case '\0': - if (!inFileName) - inFileName = PL_strdup(optstate->value); - else if (!issuerCertFileName) - issuerCertFileName = PL_strdup(optstate->value); - else - Usage(progName); - break; - } - } - - if (!inFileName || !issuerCertFileName || status == PL_OPT_BAD) { - /* insufficient or excess args */ - Usage(progName); - } - - inFile = PR_Open(inFileName, PR_RDONLY, 0); - if (!inFile) { - fprintf(stderr, "%s: unable to open \"%s\" for reading\n", - progName, inFileName); - exit(1); - } - - issuerCertFile = PR_Open(issuerCertFileName, PR_RDONLY, 0); - if (!issuerCertFile) { - fprintf(stderr, "%s: unable to open \"%s\" for reading\n", - progName, issuerCertFileName); - exit(1); - } - - if (SECU_ReadDERFromFile(&derCert, inFile, ascii) != SECSuccess) { - printf("Couldn't read input certificate as DER binary or base64\n"); - exit(1); - } - - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if (arena == 0) { - fprintf(stderr,"%s: can't allocate scratch arena!", progName); - exit(1); - } - - if (issuerCertFile) { - CERTSignedData *issuerCertSD=0; - if (SECU_ReadDERFromFile(&derIssuerCert, issuerCertFile, issuerAscii) - != SECSuccess) { - printf("Couldn't read issuer certificate as DER binary or base64.\n"); - exit(1); - } - issuerCertSD = (CERTSignedData *) PORT_ArenaZAlloc(arena, - sizeof(CERTSignedData)); - if (!issuerCertSD) { - fprintf(stderr,"%s: can't allocate issuer signed data!", progName); - exit(1); - } - rv = SEC_ASN1DecodeItem(arena, issuerCertSD, - SEC_ASN1_GET(CERT_SignedDataTemplate), - &derIssuerCert); - if (rv) { - fprintf(stderr, "%s: Issuer cert isn't X509 SIGNED Data?\n", - progName); - exit(1); - } - issuerCert = createEmptyCertificate(); - if (!issuerCert) { - printf("%s: can't allocate space for issuer cert.", progName); - exit(1); - } - rv = SEC_ASN1DecodeItem(arena, issuerCert, - SEC_ASN1_GET(CERT_CertificateTemplate), - &issuerCertSD->data); - if (rv) { - printf("%s: Does not appear to be an X509 Certificate.\n", - progName); - exit(1); - } - } - - signedData = (CERTSignedData *) PORT_ArenaZAlloc(arena,sizeof(CERTSignedData)); - if (!signedData) { - fprintf(stderr,"%s: can't allocate signedData!", progName); - exit(1); - } - - rv = SEC_ASN1DecodeItem(arena, signedData, - SEC_ASN1_GET(CERT_SignedDataTemplate), - &derCert); - if (rv) { - fprintf(stderr, "%s: Does not appear to be X509 SIGNED Data.\n", - progName); - exit(1); - } - - if (verbose) { - printf("Decoded ok as X509 SIGNED data.\n"); - } - - cert = createEmptyCertificate(); - if (!cert) { - fprintf(stderr, "%s: can't allocate cert", progName); - exit(1); - } - - rv = SEC_ASN1DecodeItem(arena, cert, - SEC_ASN1_GET(CERT_CertificateTemplate), - &signedData->data); - if (rv) { - fprintf(stderr, "%s: Does not appear to be an X509 Certificate.\n", - progName); - exit(1); - } - - - if (verbose) { - printf("Decoded ok as an X509 certificate.\n"); - } - - - rv = SECU_PrintSignedData(stdout, &derCert, "Certificate", 0, - SECU_PrintCertificate); - - if (rv) { - fprintf(stderr, "%s: Unable to pretty print cert. Error: %d\n", - progName, PORT_GetError()); - if (!force) { - exit(1); - } - } - - - /* Do various checks on the cert */ - - printf("\n"); - - /* Check algorithms */ - SECOID_SetAlgorithmID(arena, &md5WithRSAEncryption, - SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION, NULL); - - SECOID_SetAlgorithmID(arena, &md2WithRSAEncryption, - SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION, NULL); - - SECOID_SetAlgorithmID(arena, &sha1WithRSAEncryption, - SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION, NULL); - - SECOID_SetAlgorithmID(arena, &rsaEncryption, - SEC_OID_PKCS1_RSA_ENCRYPTION, NULL); - - { - int isMD5RSA = (SECOID_CompareAlgorithmID(&cert->signature, - &md5WithRSAEncryption) == 0); - int isMD2RSA = (SECOID_CompareAlgorithmID(&cert->signature, - &md2WithRSAEncryption) == 0); - int isSHA1RSA = (SECOID_CompareAlgorithmID(&cert->signature, - &sha1WithRSAEncryption) == 0); - - if (verbose) { - printf("\nDoing algorithm checks.\n"); - } - - if (!(isMD5RSA || isMD2RSA || isSHA1RSA)) { - printf("PROBLEM: Signature not PKCS1 MD5, MD2, or SHA1 + RSA.\n"); - } else if (!isMD5RSA) { - printf("WARNING: Signature not PKCS1 MD5 with RSA Encryption\n"); - } - - if (SECOID_CompareAlgorithmID(&cert->signature, - &signedData->signatureAlgorithm)) { - printf("PROBLEM: Algorithm in sig and certInfo don't match.\n"); - } - } - - if (SECOID_CompareAlgorithmID(&cert->subjectPublicKeyInfo.algorithm, - &rsaEncryption)) { - printf("PROBLEM: Public key algorithm is not PKCS1 RSA Encryption.\n"); - } - - /* Check further public key properties */ - spk = cert->subjectPublicKeyInfo.subjectPublicKey; - DER_ConvertBitString(&spk); - - if (verbose) { - printf("\nsubjectPublicKey DER\n"); - rv = DER_PrettyPrint(stdout, &spk, PR_FALSE); - printf("\n"); - } - - rsapubkey = (SECKEYPublicKey *) - PORT_ArenaZAlloc(arena,sizeof(SECKEYPublicKey)); - if (!rsapubkey) { - fprintf(stderr, "%s: rsapubkey allocation failed.\n", progName); - exit(1); - } - - rv = SEC_ASN1DecodeItem(arena, rsapubkey, - SEC_ASN1_GET(SECKEY_RSAPublicKeyTemplate), &spk); - if (rv) { - printf("PROBLEM: subjectPublicKey is not a DER PKCS1 RSAPublicKey.\n"); - } else { - int mlen; - int pubexp; - if (verbose) { - printf("Decoded RSA Public Key ok. Doing key checks.\n"); - } - PORT_Assert(rsapubkey->keyType == rsaKey); /* XXX RSA */ - mlen = checkInteger(&rsapubkey->u.rsa.modulus, "Modulus", verbose); - printf("INFO: Public Key modulus length in bits: %d\n", mlen); - if (mlen > MAX_MODULUS) { - printf("PROBLEM: Modulus length exceeds %d bits.\n", - MAX_MODULUS); - } - if (mlen < 512) { - printf("WARNING: Short modulus.\n"); - } - if (mlen != (1 << (ffs(mlen)-1))) { - printf("WARNING: Unusual modulus length (not a power of two).\n"); - } - checkInteger(&rsapubkey->u.rsa.publicExponent, "Public Exponent", - verbose); - pubexp = DER_GetInteger(&rsapubkey->u.rsa.publicExponent); - if (pubexp != 17 && pubexp != 3 && pubexp != 65537) { - printf("WARNING: Public exponent not any of: 3, 17, 65537\n"); - } - } - - - /* Name checks */ - checkName(&cert->issuer, "Issuer Name", verbose); - checkName(&cert->subject, "Subject Name", verbose); - - if (issuerCert) { - SECComparison c = - CERT_CompareName(&cert->issuer, &issuerCert->subject); - if (c) { - printf("PROBLEM: Issuer Name and Subject in Issuing Cert differ\n"); - } - } - - /* Check if self-signed */ - selfSigned = (CERT_CompareName(&cert->issuer, &cert->subject) == 0); - if (selfSigned) { - printf("INFO: Certificate is self signed.\n"); - } else { - printf("INFO: Certificate is NOT self-signed.\n"); - } - - - /* Validity time check */ - if (CERT_CertTimesValid(cert) == SECSuccess) { - printf("INFO: Inside validity period of certificate.\n"); - } else { - printf("PROBLEM: Not in validity period of certificate.\n"); - invalid = 1; - } - - /* Signature check if self-signed */ - if (selfSigned && !invalid) { - if (rsapubkey->u.rsa.modulus.len) { - SECStatus ver; - if (verbose) { - printf("Checking self signature.\n"); - } - ver = OurVerifySignedData(signedData, cert); - if (ver != SECSuccess) { - printf("PROBLEM: Verification of self-signature failed!\n"); - } else { - printf("INFO: Self-signature verifies ok.\n"); - } - } else { - printf("INFO: Not checking signature due to key problems.\n"); - } - } else if (!selfSigned && !invalid && issuerCert) { - SECStatus ver; - ver = OurVerifySignedData(signedData, issuerCert); - if (ver != SECSuccess) { - printf("PROBLEM: Verification of issuer's signature failed!\n"); - } else { - printf("INFO: Issuer's signature verifies ok.\n"); - } - } else { - printf("INFO: Not checking signature.\n"); - } - - return 0; -} - - - diff --git a/security/nss/cmd/checkcert/makefile.win b/security/nss/cmd/checkcert/makefile.win deleted file mode 100644 index ff1fe62a7..000000000 --- a/security/nss/cmd/checkcert/makefile.win +++ /dev/null @@ -1,130 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -VERBOSE = 1 -include <manifest.mn> - -#cannot define PROGRAM in manifest compatibly with NT and UNIX -PROGRAM = checkcert -PROGRAM = ./$(OBJDIR)/$(PROGRAM).exe -include <$(DEPTH)\config\config.mak> - -# let manifest generate C_OBJS, it will prepend ./$(OBJDIR)/ -# rules.mak will append C_OBJS onto OBJS. -# OBJS = $(CSRCS:.c=.obj) - -# include files are looked for in $LINCS and $INCS. -# $LINCS is in manifest.mnw, computed from REQUIRES= -INCS = $(INCS) \ - -I$(DEPTH)/security/lib/cert \ - -I../include \ - $(NULL) - -IGNORE_ME = \ - -I$(DEPTH)/security/lib/key \ - -I$(DEPTH)/security/lib/util \ - $(NULL) - - -WINFE = $(DEPTH)/cmd/winfe/mkfiles$(MOZ_BITS)/x86Dbg - -# these files are the content of libdbm -DBM_LIB = \ - $(WINFE)/DB.obj \ - $(WINFE)/HASH.obj \ - $(WINFE)/H_BIGKEY.obj \ - $(WINFE)/H_PAGE.obj \ - $(WINFE)/H_LOG2.obj \ - $(WINFE)/H_FUNC.obj \ - $(WINFE)/HASH_BUF.obj \ - $(NULL) - -MOZ_LIBS = \ - $(WINFE)/ALLXPSTR.obj \ - $(WINFE)/XP_ERROR.obj \ - $(WINFE)/XPASSERT.obj \ - $(WINFE)/XP_REG.obj \ - $(WINFE)/XP_TRACE.obj \ - $(DBM_LIB) \ - $(WINFE)/XP_STR.obj \ - $(WINFE)/MKTEMP.obj \ - $(NULL) - -SEC_LIBS = \ - $(DIST)/lib/cert$(MOZ_BITS).lib \ - $(DIST)/lib/crypto$(MOZ_BITS).lib \ - $(DIST)/lib/hash$(MOZ_BITS).lib \ - $(DIST)/lib/key$(MOZ_BITS).lib \ - $(DIST)/lib/pkcs7$(MOZ_BITS).lib \ - $(DIST)/lib/secmod$(MOZ_BITS).lib \ - $(DIST)/lib/secutl$(MOZ_BITS).lib \ - $(DIST)/lib/ssl$(MOZ_BITS).lib \ - $(NULL) - -LLFLAGS = $(LLFLAGS) \ - ../lib/$(OBJDIR)/sectool$(MOZ_BITS).lib \ - $(SEC_LIBS) \ - $(MOZ_LIBS) \ - $(DEPTH)/nspr/src/$(OBJDIR)/getopt.obj \ - $(LIBNSPR) \ - $(NULL) - - -include <$(DEPTH)\config\rules.mak> - -INSTALL = $(MAKE_INSTALL) - -objs: $(OBJS) - -$(PROGRAM):: - $(INSTALL) $(DIST)/bin/pr3240.dll ./$(OBJDIR) - -programs: $(PROGRAM) - -install:: $(TARGETS) - $(INSTALL) $(TARGETS) $(DIST)/bin - - -symbols: - @echo "CSRCS = $(CSRCS)" - @echo "INCS = $(INCS)" - @echo "OBJS = $(OBJS)" - @echo "LIBRARY = $(LIBRARY)" - @echo "PROGRAM = $(PROGRAM)" - @echo "TARGETS = $(TARGETS)" - @echo "DIST = $(DIST)" - @echo "VERSION_NUMBER = $(VERSION_NUMBER)" - @echo "WINFE = $(WINFE)" - @echo "DBM_LIB = $(DBM_LIB)" - @echo "INSTALL = $(INSTALL)" - diff --git a/security/nss/cmd/checkcert/manifest.mn b/security/nss/cmd/checkcert/manifest.mn deleted file mode 100644 index 470c203ec..000000000 --- a/security/nss/cmd/checkcert/manifest.mn +++ /dev/null @@ -1,47 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -CORE_DEPTH = ../../.. - -# MODULE public and private header directories are implicitly REQUIRED. -MODULE = nss - -# This next line is used by .mk files -# and gets translated into $LINCS in manifest.mnw -REQUIRES = seccmd dbm - -DEFINES = -DNSPR20 - -CSRCS = checkcert.c - -PROGRAM = checkcert diff --git a/security/nss/cmd/cmdlib/Makefile b/security/nss/cmd/cmdlib/Makefile deleted file mode 100644 index 0769c80a3..000000000 --- a/security/nss/cmd/cmdlib/Makefile +++ /dev/null @@ -1,75 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - -include config.mk - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - - diff --git a/security/nss/cmd/cmdlib/cmdline.c b/security/nss/cmd/cmdlib/cmdline.c deleted file mode 100644 index 84ad35be3..000000000 --- a/security/nss/cmd/cmdlib/cmdline.c +++ /dev/null @@ -1,474 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -#include <string.h> -#include <ctype.h> - -#include "cmdutil.h" - -static int s_indent_size = 4; - -void -CMD_SetIndentSize(int size) -{ - s_indent_size = size; -} - -#if 0 -static void -indent(PRFileDesc *out, int level) -{ - int i, j; - for (i=0; i<level; i++) - for (j=0; j<s_indent_size; j++) - PR_fprintf(out, " "); -} -#endif - -struct cmdPrintStateStr { - PRFileDesc *file; - int width; - int indent; - int linepos; -}; - -static void -init_print_ps(cmdPrintState *ps, PRFileDesc *outfile, int width, int indent) -{ - ps->file = (outfile) ? outfile : PR_STDOUT; - ps->width = (width > 0) ? width : 80; - ps->indent = (indent > 0) ? indent : 0; - ps->linepos = 0; -} - -static void -print_ps_indent(cmdPrintState *ps) -{ - int j; - if (ps->linepos != 0) { - PR_fprintf(ps->file, "\n"); - ps->linepos = 0; - } - for (j=0; j<=ps->indent; j++) PR_fprintf(ps->file, " "); - ps->linepos = ps->indent; -} - -static void -print_ps_to_indent(cmdPrintState *ps) -{ - if (ps->linepos > ps->indent) - PR_fprintf(ps->file, "\n"); - while (ps->linepos <= ps->indent) { - PR_fprintf(ps->file, " "); - ps->linepos++; - } -} - -static void -nprintbuf(cmdPrintState *ps, char *buf, int start, int len) -{ - int j; - for (j=start; j<start + len; j++) { - if (buf[j] == '\n') { - PR_fprintf(ps->file, "\n"); - ps->linepos = 0; - print_ps_indent(ps); - } else { - PR_fprintf(ps->file, "%c", buf[j]); - ps->linepos++; - } - } -} - -static void -nprintf(cmdPrintState *ps, char *msg, ...) -{ - char buf[256]; - int i, len, grouplen; - PRBool openquote, openbracket, openparen, openangle, itsaword; - va_list args; - va_start(args, msg); - vsprintf(buf, msg, args); - len = strlen(buf); - /* print_ps_indent(ps); */ - if (len < ps->width - ps->linepos) { - nprintbuf(ps, buf, 0, len + 1); - return; - } - /* group in this order: " [ ( < word > ) ] " */ - i=0; - openquote=openbracket=openparen=openangle=itsaword=PR_FALSE; - while (i<len) { - grouplen = 0; - if (buf[i] == '\"') { openquote = PR_TRUE; grouplen = 1; } - else if (buf[i] == '[') { openbracket = PR_TRUE; grouplen = 1; } - else if (buf[i] == '(') { openparen = PR_TRUE; grouplen = 1; } - else if (buf[i] == '<') { openangle = PR_TRUE; grouplen = 1; } - else itsaword = PR_TRUE; - while (grouplen < len && buf[i+grouplen] != '\0' && - ((openquote && buf[i+grouplen] != '\"') || - (openbracket && buf[i+grouplen] != ']') || - (openparen && buf[i+grouplen] != ')') || - (openangle && buf[i+grouplen] != '>') || - (itsaword && !isspace(buf[i+grouplen])))) - grouplen++; - grouplen++; /* grab the terminator (whitespace for word) */ - if (!itsaword && isspace(buf[i+grouplen])) grouplen++; - if (grouplen < ps->width - ps->linepos) { - nprintbuf(ps, buf, i, grouplen); - } else if (grouplen < ps->width - ps->indent) { - print_ps_indent(ps); - nprintbuf(ps, buf, i, grouplen); - } else { - /* it's just too darn long. what to do? */ - } - i += grouplen; - openquote=openbracket=openparen=openangle=itsaword=PR_FALSE; - } - va_end(args); -} - -void -CMD_PrintUsageString(cmdPrintState *ps, char *str) -{ - nprintf(ps, "%s", str); -} - -/* void because it exits with Usage() if failure */ -static void -command_line_okay(cmdCommand *cmd, char *progName) -{ - int i, c = -1; - /* user asked for help. hope somebody gives it to them. */ - if (cmd->opt[0].on) return; - /* check that the command got all of its needed options */ - for (i=0; i<cmd->ncmd; i++) { - if (cmd->cmd[i].on) { - if (c > 0) { - fprintf(stderr, - "%s: only one command can be given at a time.\n", - progName); - CMD_Usage(progName, cmd); - } else { - c = i; - } - } - } - if (cmd->cmd[c].argUse == CMDArgReq && cmd->cmd[c].arg == NULL) { - /* where's the arg when you need it... */ - fprintf(stderr, "%s: command --%s requires an argument.\n", - progName, cmd->cmd[c].s); - fprintf(stderr, "type \"%s --%s --help\" for help.\n", - progName, cmd->cmd[c].s); - CMD_Usage(progName, cmd); - } - for (i=0; i<cmd->nopt; i++) { - if (cmd->cmd[c].req & CMDBIT(i)) { - /* command requires this option */ - if (!cmd->opt[i].on) { - /* but it ain't there */ - fprintf(stderr, "%s: command --%s requires option --%s.\n", - progName, cmd->cmd[c].s, cmd->opt[i].s); - } else { - /* okay, its there, but does it have an arg? */ - if (cmd->opt[i].argUse == CMDArgReq && !cmd->opt[i].arg) { - fprintf(stderr, "%s: option --%s requires an argument.\n", - progName, cmd->opt[i].s); - } - } - } else if (cmd->cmd[c].opt & CMDBIT(i)) { - /* this option is optional */ - if (cmd->opt[i].on) { - /* okay, its there, but does it have an arg? */ - if (cmd->opt[i].argUse == CMDArgReq && !cmd->opt[i].arg) { - fprintf(stderr, "%s: option --%s requires an argument.\n", - progName, cmd->opt[i].s); - } - } - } else { - /* command knows nothing about it */ - if (cmd->opt[i].on) { - /* so why the h--- is it on? */ - fprintf(stderr, "%s: option --%s not used with command --%s.\n", - progName, cmd->opt[i].s, cmd->cmd[c].s); - } - } - } -} - -static char * -get_arg(char *curopt, char **nextopt, int argc, int *index) -{ - char *str; - if (curopt) { - str = curopt; - } else { - if (*index + 1 >= argc) return NULL; - /* not really an argument but another flag */ - if (nextopt[*index+1][0] == '-') return NULL; - str = nextopt[++(*index)]; - } - /* parse the option */ - return strdup(str); -} - -int -CMD_ParseCommandLine(int argc, char **argv, char *progName, cmdCommand *cmd) -{ - int i, j, k; - int cmdToRun = -1; - char *flag; - i=1; - if (argc <= 1) return -2; /* gross hack for cmdless things like atob */ - do { - flag = argv[i]; - if (strlen(flag) < 2) /* huh? */ - return -1; - if (flag[0] != '-') - return -1; - /* ignore everything after lone "--" (app-specific weirdness there) */ - if (strcmp(flag, "--") == 0) - return cmdToRun; - /* single hyphen means short alias (single-char) */ - if (flag[1] != '-') { - j=1; - /* collect a set of opts, ex. -abc */ - while (flag[j] != '\0') { - PRBool found = PR_FALSE; - /* walk the command set looking for match */ - for (k=0; k<cmd->ncmd; k++) { - if (flag[j] == cmd->cmd[k].c) { - /* done - only take one command at a time */ - if (j > 1) return -1; - cmd->cmd[k].on = found = PR_TRUE; - cmdToRun = k; - if (cmd->cmd[k].argUse != CMDNoArg) - cmd->cmd[k].arg = get_arg(NULL, argv, argc, &i); - goto next_flag; - } - } - /* wasn't found in commands, try options */ - for (k=0; k<cmd->nopt; k++) { - if (flag[j] == cmd->opt[k].c) { - /* collect this option and keep going */ - cmd->opt[k].on = found = PR_TRUE; - if (flag[j+1] == '\0') { - if (cmd->opt[k].argUse != CMDNoArg) - cmd->opt[k].arg = get_arg(NULL, argv, argc, &i); - goto next_flag; - } - } - } - j++; - if (!found) return -1; - } - } else { /* long alias, ex. --list */ - char *fl = NULL, *arg = NULL; - PRBool hyphened = PR_FALSE; - fl = &flag[2]; - arg = strchr(fl, '='); - if (arg) { - *arg++ = '\0'; - } else { - arg = strchr(fl, '-'); - if (arg) { - hyphened = PR_TRUE; /* watch this, see below */ - *arg++ = '\0'; - } - } - for (k=0; k<cmd->ncmd; k++) { - if (strcmp(fl, cmd->cmd[k].s) == 0) { - cmd->cmd[k].on = PR_TRUE; - cmdToRun = k; - if (cmd->cmd[k].argUse != CMDNoArg || hyphened) { - cmd->cmd[k].arg = get_arg(arg, argv, argc, &i); - } - if (arg) arg[-1] = '='; - goto next_flag; - } - } - for (k=0; k<cmd->nopt; k++) { - if (strcmp(fl, cmd->opt[k].s) == 0) { - cmd->opt[k].on = PR_TRUE; - if (cmd->opt[k].argUse != CMDNoArg || hyphened) { - cmd->opt[k].arg = get_arg(arg, argv, argc, &i); - } - if (arg) arg[-1] = '='; - goto next_flag; - } - } - return -1; - } -next_flag: - i++; - } while (i < argc); - command_line_okay(cmd, progName); - return cmdToRun; -} - -void -CMD_LongUsage(char *progName, cmdCommand *cmd, cmdUsageCallback usage) -{ - int i, j; - PRBool oneCommand = PR_FALSE; - cmdPrintState ps; - init_print_ps(&ps, PR_STDERR, 80, 0); - nprintf(&ps, "\n%s: ", progName); - /* prints app-specific header */ - ps.indent = strlen(progName) + 4; - usage(&ps, 0, PR_FALSE, PR_TRUE, PR_FALSE); - for (i=0; i<cmd->ncmd; i++) if (cmd->cmd[i].on) oneCommand = PR_TRUE; - for (i=0; i<cmd->ncmd; i++) { - if ((oneCommand && cmd->cmd[i].on) || !oneCommand) { - ps.indent = 0; - print_ps_indent(&ps); - if (cmd->cmd[i].c != 0) { - nprintf(&ps, "-%c, ", cmd->cmd[i].c); - nprintf(&ps, "--%-16s ", cmd->cmd[i].s); - } else { - nprintf(&ps, "--%-20s ", cmd->cmd[i].s); - } - ps.indent += 20; - usage(&ps, i, PR_TRUE, PR_FALSE, PR_FALSE); - for (j=0; j<cmd->nopt; j++) { - if (cmd->cmd[i].req & CMDBIT(j)) { - ps.indent = 0; - print_ps_indent(&ps); - nprintf(&ps, "%3s* ", ""); - if (cmd->opt[j].c != 0) { - nprintf(&ps, "-%c, ", cmd->opt[j].c); - nprintf(&ps, "--%-16s ", cmd->opt[j].s); - } else { - nprintf(&ps, "--%-20s ", cmd->opt[j].s); - } - ps.indent += 29; - usage(&ps, j, PR_FALSE, PR_FALSE, PR_FALSE); - } - } - for (j=0; j<cmd->nopt; j++) { - if (cmd->cmd[i].opt & CMDBIT(j)) { - ps.indent = 0; - print_ps_indent(&ps); - nprintf(&ps, "%5s", ""); - if (cmd->opt[j].c != 0) { - nprintf(&ps, "-%c, ", cmd->opt[j].c); - nprintf(&ps, "--%-16s ", cmd->opt[j].s); - } else { - nprintf(&ps, "--%-20s ", cmd->opt[j].s); - } - ps.indent += 29; - usage(&ps, j, PR_FALSE, PR_FALSE, PR_FALSE); - } - } - } - nprintf(&ps, "\n"); - } - ps.indent = 0; - nprintf(&ps, "\n* - required flag for command\n\n"); - /* prints app-specific footer */ - usage(&ps, 0, PR_FALSE, PR_FALSE, PR_TRUE); - /*nprintf(&ps, "\n\n");*/ - exit(1); -} - -void -CMD_Usage(char *progName, cmdCommand *cmd) -{ - int i, j, inc; - PRBool first; - cmdPrintState ps; - init_print_ps(&ps, PR_STDERR, 80, 0); - nprintf(&ps, "%s", progName); - ps.indent = strlen(progName) + 1; - print_ps_to_indent(&ps); - for (i=0; i<cmd->ncmd; i++) { - if (cmd->cmd[i].c != 0) { - nprintf(&ps, "-%c", cmd->cmd[i].c); - inc = 4; - } else { - nprintf(&ps, "--%s", cmd->cmd[i].s); - inc = 4 + strlen(cmd->cmd[i].s); - } - first = PR_TRUE; - ps.indent += inc; - print_ps_to_indent(&ps); - for (j=0; j<cmd->nopt; j++) { - if (cmd->cmd[i].req & CMDBIT(j)) { - if (cmd->opt[j].c != 0 && cmd->opt[j].argUse == CMDNoArg) { - if (first) { - nprintf(&ps, "-"); - first = !first; - } - nprintf(&ps, "%c", cmd->opt[j].c); - } - } - } - for (j=0; j<cmd->nopt; j++) { - if (cmd->cmd[i].req & CMDBIT(j)) { - if (cmd->opt[j].c != 0) - nprintf(&ps, "-%c ", cmd->opt[j].c); - else - nprintf(&ps, "--%s ", cmd->opt[j].s); - if (cmd->opt[j].argUse != CMDNoArg) - nprintf(&ps, "%s ", cmd->opt[j].s); - } - } - first = PR_TRUE; - for (j=0; j<cmd->nopt; j++) { - if (cmd->cmd[i].opt & CMDBIT(j)) { - if (cmd->opt[j].c != 0 && cmd->opt[j].argUse == CMDNoArg) { - if (first) { - nprintf(&ps, "[-"); - first = !first; - } - nprintf(&ps, "%c", cmd->opt[j].c); - } - } - } - if (!first) nprintf(&ps, "] "); - for (j=0; j<cmd->nopt; j++) { - if (cmd->cmd[i].opt & CMDBIT(j) && - cmd->opt[j].argUse != CMDNoArg) { - if (cmd->opt[j].c != 0) - nprintf(&ps, "[-%c %s] ", cmd->opt[j].c, cmd->opt[j].s); - else - nprintf(&ps, "[--%s %s] ", cmd->opt[j].s, cmd->opt[j].s); - } - } - ps.indent -= inc; - print_ps_indent(&ps); - } - ps.indent = 0; - nprintf(&ps, "\n"); - exit(1); -} diff --git a/security/nss/cmd/cmdlib/cmdutil.h b/security/nss/cmd/cmdlib/cmdutil.h deleted file mode 100644 index 69d3f2657..000000000 --- a/security/nss/cmd/cmdlib/cmdutil.h +++ /dev/null @@ -1,115 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -#ifndef _CMDUTIL_H_ -#define _CMDUTIL_H_ - -#include <stdio.h> -#include "nspr.h" -#include "nssbase.h" - -typedef int -(* CMD_PPFunc)(PRFileDesc *out, NSSItem *item, char *msg, int level); - - -/* - * Command Line Parsing routines - * - * The attempt here is to provide common functionality for command line - * parsing across an array of tools. The tools should obey the historical - * rules of: - * - * (1) one command per line, - * (2) the command should be uppercase, - * (3) options should be lowercase, - * (4) a short usage statement is presented in case of error, - * (5) a long usage statement is given by -? or --help - */ - -/* To aid in formatting usage output. XXX Uh, why exposed? */ -typedef struct cmdPrintStateStr cmdPrintState; - -typedef enum { - CMDArgReq = 0, - CMDArgOpt, - CMDNoArg -} CMDArg; - -struct cmdCommandLineArgStr { - char c; /* one-character alias for flag */ - char *s; /* string alias for flag */ - CMDArg argUse; /* flag takes an argument */ - char *arg; /* argument given for flag */ - PRBool on; /* flag was issued at command-line */ - int req; /* required arguments for commands */ - int opt; /* optional arguments for commands */ -}; - -struct cmdCommandLineOptStr { - char c; /* one-character alias for flag */ - char *s; /* string alias for flag */ - CMDArg argUse; /* flag takes an argument */ - char *arg; /* argument given for flag */ - PRBool on; /* flag was issued at command-line */ -}; - -typedef struct cmdCommandLineArgStr cmdCommandLineArg; -typedef struct cmdCommandLineOptStr cmdCommandLineOpt; - -struct cmdCommandStr { - int ncmd; - int nopt; - cmdCommandLineArg *cmd; - cmdCommandLineOpt *opt; -}; - -typedef struct cmdCommandStr cmdCommand; - -int -CMD_ParseCommandLine(int argc, char **argv, char *progName, cmdCommand *cmd); - -typedef void -(* cmdUsageCallback)(cmdPrintState *, int, PRBool, PRBool, PRBool); - -#define CMDBIT(n) (1<<n) - -void -CMD_Usage(char *progName, cmdCommand *cmd); - -void -CMD_LongUsage(char *progName, cmdCommand *cmd, cmdUsageCallback use); - -void -CMD_PrintUsageString(cmdPrintState *ps, char *str); - -#endif /* _CMDUTIL_H_ */ diff --git a/security/nss/cmd/cmdlib/config.mk b/security/nss/cmd/cmdlib/config.mk deleted file mode 100644 index 0a00dc61e..000000000 --- a/security/nss/cmd/cmdlib/config.mk +++ /dev/null @@ -1,43 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -# -# Override TARGETS variable so that only static libraries -# are specifed as dependencies within rules.mk. -# - -TARGETS = $(LIBRARY) -SHARED_LIBRARY = -IMPORT_LIBRARY = -PROGRAM = - diff --git a/security/nss/cmd/cmdlib/manifest.mn b/security/nss/cmd/cmdlib/manifest.mn deleted file mode 100644 index d276bdb23..000000000 --- a/security/nss/cmd/cmdlib/manifest.mn +++ /dev/null @@ -1,49 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# -CORE_DEPTH = ../../.. - -LIBRARY_NAME = cmdutil - -# MODULE public and private header directories are implicitly REQUIRED. -MODULE = seccmd - -DEFINES = -DNSPR20 - -EXPORTS = cmdutil.h \ - $(NULL) - -CSRCS = cmdline.c \ - $(NULL) - -REQUIRES = nss nspr dbm - diff --git a/security/nss/cmd/crlutil/Makefile b/security/nss/cmd/crlutil/Makefile deleted file mode 100644 index 573c12cac..000000000 --- a/security/nss/cmd/crlutil/Makefile +++ /dev/null @@ -1,76 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - -include ../platlibs.mk - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - - - -include ../platrules.mk - diff --git a/security/nss/cmd/crlutil/crlutil.c b/security/nss/cmd/crlutil/crlutil.c deleted file mode 100644 index d41dadde7..000000000 --- a/security/nss/cmd/crlutil/crlutil.c +++ /dev/null @@ -1,478 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -/* -** certutil.c -** -** utility for managing certificates and the cert database -** -*/ -/* test only */ - -#include "nspr.h" -#include "plgetopt.h" -#include "secutil.h" -#include "cert.h" -#include "certdb.h" -#include "nss.h" -#include "pk11func.h" - -#define SEC_CERT_DB_EXISTS 0 -#define SEC_CREATE_CERT_DB 1 - -static char *progName; - -static CERTSignedCrl *FindCRL - (CERTCertDBHandle *certHandle, char *name, int type) -{ - CERTSignedCrl *crl = NULL; - CERTCertificate *cert = NULL; - - - cert = CERT_FindCertByNickname(certHandle, name); - if (!cert) { - SECU_PrintError(progName, "could not find certificate named %s", name); - return ((CERTSignedCrl *)NULL); - } - - crl = SEC_FindCrlByName(certHandle, &cert->derSubject, type); - if (crl ==NULL) - SECU_PrintError - (progName, "could not find %s's CRL", name); - CERT_DestroyCertificate (cert); - return (crl); -} - -static void DisplayCRL (CERTCertDBHandle *certHandle, char *nickName, int crlType) -{ - CERTCertificate *cert = NULL; - CERTSignedCrl *crl = NULL; - - crl = FindCRL (certHandle, nickName, crlType); - - if (crl) { - SECU_PrintCRLInfo (stdout, &crl->crl, "CRL Info:\n", 0); - SEC_DestroyCrl (crl); - } -} - -static void ListCRLNames (CERTCertDBHandle *certHandle, int crlType, PRBool deletecrls) -{ - CERTCrlHeadNode *crlList = NULL; - CERTCrlNode *crlNode = NULL; - CERTName *name = NULL; - PRArenaPool *arena = NULL; - SECStatus rv; - - do { - arena = PORT_NewArena (SEC_ASN1_DEFAULT_ARENA_SIZE); - if (arena == NULL) { - fprintf(stderr, "%s: fail to allocate memory\n", progName); - break; - } - - name = PORT_ArenaZAlloc (arena, sizeof(*name)); - if (name == NULL) { - fprintf(stderr, "%s: fail to allocate memory\n", progName); - break; - } - name->arena = arena; - - rv = SEC_LookupCrls (certHandle, &crlList, crlType); - if (rv != SECSuccess) { - fprintf(stderr, "%s: fail to look up CRLs (%s)\n", progName, - SECU_Strerror(PORT_GetError())); - break; - } - - /* just in case */ - if (!crlList) - break; - - crlNode = crlList->first; - - fprintf (stdout, "\n"); - fprintf (stdout, "\n%-40s %-5s\n\n", "CRL names", "CRL Type"); - while (crlNode) { - char* asciiname = NULL; - name = &crlNode->crl->crl.name; - if (!name){ - fprintf(stderr, "%s: fail to get the CRL issuer name (%s)\n", progName, - SECU_Strerror(PORT_GetError())); - break; - } - - asciiname = CERT_NameToAscii(name); - fprintf (stdout, "\n%-40s %-5s\n", asciiname, "CRL"); - if (asciiname) { - PORT_Free(asciiname); - } - if ( PR_TRUE == deletecrls) { - CERTSignedCrl* acrl = NULL; - SECItem* issuer = &crlNode->crl->crl.derName; - acrl = SEC_FindCrlByName(certHandle, issuer, crlType); - if (acrl) - { - SEC_DeletePermCRL(acrl); - } - } - crlNode = crlNode->next; - } - - } while (0); - if (crlList) - PORT_FreeArena (crlList->arena, PR_FALSE); - PORT_FreeArena (arena, PR_FALSE); -} - -static void ListCRL (CERTCertDBHandle *certHandle, char *nickName, int crlType) -{ - if (nickName == NULL) - ListCRLNames (certHandle, crlType, PR_FALSE); - else - DisplayCRL (certHandle, nickName, crlType); -} - - - -static SECStatus DeleteCRL (CERTCertDBHandle *certHandle, char *name, int type) -{ - CERTSignedCrl *crl = NULL; - SECStatus rv = SECFailure; - - crl = FindCRL (certHandle, name, type); - if (!crl) { - SECU_PrintError - (progName, "could not find the issuer %s's CRL", name); - return SECFailure; - } - rv = SEC_DeletePermCRL (crl); - if (rv != SECSuccess) { - SECU_PrintError - (progName, "fail to delete the issuer %s's CRL from the perm database (reason: %s)", - name, SECU_Strerror(PORT_GetError())); - return SECFailure; - } - return (rv); -} - -SECStatus ImportCRL (CERTCertDBHandle *certHandle, char *url, int type, - PRFileDesc *inFile, PRInt32 importOptions, PRInt32 decodeOptions) -{ - CERTCertificate *cert = NULL; - CERTSignedCrl *crl = NULL; - SECItem crlDER; - PK11SlotInfo* slot = NULL; - int rv; - PRIntervalTime starttime, endtime, elapsed; - PRUint32 mins, secs, msecs; - - crlDER.data = NULL; - - - /* Read in the entire file specified with the -f argument */ - rv = SECU_ReadDERFromFile(&crlDER, inFile, PR_FALSE); - if (rv != SECSuccess) { - SECU_PrintError(progName, "unable to read input file"); - return (SECFailure); - } - - decodeOptions |= CRL_DECODE_DONT_COPY_DER; - - slot = PK11_GetInternalKeySlot(); - - starttime = PR_IntervalNow(); - crl = PK11_ImportCRL(slot, &crlDER, url, type, - NULL, importOptions, NULL, decodeOptions); - endtime = PR_IntervalNow(); - elapsed = endtime - starttime; - mins = PR_IntervalToSeconds(elapsed) / 60; - secs = PR_IntervalToSeconds(elapsed) % 60; - msecs = PR_IntervalToMilliseconds(elapsed) % 1000; - printf("Elapsed : %2d:%2d.%3d\n", mins, secs, msecs); - if (!crl) { - const char *errString; - - errString = SECU_Strerror(PORT_GetError()); - if ( errString && PORT_Strlen (errString) == 0) - SECU_PrintError - (progName, "CRL is not imported (error: input CRL is not up to date.)"); - else - SECU_PrintError - (progName, "unable to import CRL"); - } - SEC_DestroyCrl (crl); - if (slot) { - PK11_FreeSlot(slot); - } - return (rv); -} - - -static void Usage(char *progName) -{ - fprintf(stderr, - "Usage: %s -L [-n nickname] [-d keydir] [-P dbprefix] [-t crlType]\n" - " %s -D -n nickname [-d keydir] [-P dbprefix]\n" - " %s -I -i crl -t crlType [-u url] [-d keydir] [-P dbprefix] [-B]\n" - " %s -E -t crlType [-d keydir] [-P dbprefix]\n" - " %s -T\n", progName, progName, progName, progName, progName); - - fprintf (stderr, "%-15s List CRL\n", "-L"); - fprintf(stderr, "%-20s Specify the nickname of the CA certificate\n", - "-n nickname"); - fprintf(stderr, "%-20s Key database directory (default is ~/.netscape)\n", - "-d keydir"); - fprintf(stderr, "%-20s Cert & Key database prefix (default is \"\")\n", - "-P dbprefix"); - - fprintf (stderr, "%-15s Delete a CRL from the cert database\n", "-D"); - fprintf(stderr, "%-20s Specify the nickname for the CA certificate\n", - "-n nickname"); - fprintf(stderr, "%-20s Specify the crl type.\n", "-t crlType"); - fprintf(stderr, "%-20s Key database directory (default is ~/.netscape)\n", - "-d keydir"); - fprintf(stderr, "%-20s Cert & Key database prefix (default is \"\")\n", - "-P dbprefix"); - - fprintf (stderr, "%-15s Erase all CRLs of specified type from hte cert database\n", "-E"); - fprintf(stderr, "%-20s Specify the crl type.\n", "-t crlType"); - fprintf(stderr, "%-20s Key database directory (default is ~/.netscape)\n", - "-d keydir"); - fprintf(stderr, "%-20s Cert & Key database prefix (default is \"\")\n", - "-P dbprefix"); - - fprintf (stderr, "%-15s Import a CRL to the cert database\n", "-I"); - fprintf(stderr, "%-20s Specify the file which contains the CRL to import\n", - "-i crl"); - fprintf(stderr, "%-20s Specify the url.\n", "-u url"); - fprintf(stderr, "%-20s Specify the crl type.\n", "-t crlType"); - fprintf(stderr, "%-20s Key database directory (default is ~/.netscape)\n", - "-d keydir"); - fprintf(stderr, "%-20s Cert & Key database prefix (default is \"\")\n", - "-P dbprefix"); -#ifdef DEBUG - fprintf (stderr, "%-15s Test . Only for debugging purposes. See source code\n", "-T"); -#endif - fprintf(stderr, "%-20s CRL Types (default is SEC_CRL_TYPE):\n", " "); - fprintf(stderr, "%-20s \t 0 - SEC_KRL_TYPE\n", " "); - fprintf(stderr, "%-20s \t 1 - SEC_CRL_TYPE\n", " "); - fprintf(stderr, "\n%-20s Bypass CA certificate checks.\n", "-B"); - fprintf(stderr, "\n%-20s Partial decode for faster operation.\n", "-p"); - fprintf(stderr, "%-20s Repeat the operation.\n", "-r <iterations>"); - - exit(-1); -} - -int main(int argc, char **argv) -{ - SECItem privKeyDER; - CERTCertDBHandle *certHandle; - FILE *certFile; - PRFileDesc *inFile; - int listCRL; - int importCRL; - int deleteCRL; - int rv; - char *nickName; - char *url; - char *dbPrefix = ""; - int crlType; - PLOptState *optstate; - PLOptStatus status; - SECStatus secstatus; - PRBool bypassChecks = PR_FALSE; - PRInt32 decodeOptions = CRL_DECODE_DEFAULT_OPTIONS; - PRInt32 importOptions = CRL_IMPORT_DEFAULT_OPTIONS; - PRBool test = PR_FALSE; - PRBool erase = PR_FALSE; - PRInt32 i = 0; - PRInt32 iterations = 1; - - progName = strrchr(argv[0], '/'); - progName = progName ? progName+1 : argv[0]; - - rv = 0; - deleteCRL = importCRL = listCRL = 0; - certFile = NULL; - inFile = NULL; - nickName = url = NULL; - privKeyDER.data = NULL; - certHandle = NULL; - crlType = SEC_CRL_TYPE; - /* - * Parse command line arguments - */ - optstate = PL_CreateOptState(argc, argv, "BCDILP:d:i:n:pt:u:TEr:"); - while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) { - switch (optstate->option) { - case '?': - Usage(progName); - break; - - case 'T': - test = PR_TRUE; - break; - - case 'E': - erase = PR_TRUE; - break; - - case 'B': - importOptions |= CRL_IMPORT_BYPASS_CHECKS; - break; - - case 'C': - listCRL = 1; - break; - - case 'D': - deleteCRL = 1; - break; - - case 'I': - importCRL = 1; - break; - - case 'L': - listCRL = 1; - break; - - case 'P': - dbPrefix = strdup(optstate->value); - break; - - case 'd': - SECU_ConfigDirectory(optstate->value); - break; - - case 'i': - inFile = PR_Open(optstate->value, PR_RDONLY, 0); - if (!inFile) { - fprintf(stderr, "%s: unable to open \"%s\" for reading\n", - progName, optstate->value); - PL_DestroyOptState(optstate); - return -1; - } - break; - - case 'n': - nickName = strdup(optstate->value); - break; - - case 'p': - decodeOptions |= CRL_DECODE_SKIP_ENTRIES; - break; - - case 'r': { - const char* str = optstate->value; - if (str && atoi(str)>0) - iterations = atoi(str); - } - break; - - case 't': { - char *type; - - type = strdup(optstate->value); - crlType = atoi (type); - if (crlType != SEC_CRL_TYPE && crlType != SEC_KRL_TYPE) { - fprintf(stderr, "%s: invalid crl type\n", progName); - PL_DestroyOptState(optstate); - return -1; - } - break; - - case 'u': - url = strdup(optstate->value); - break; - } - } - } - PL_DestroyOptState(optstate); - - if (deleteCRL && !nickName) Usage (progName); - if (!(listCRL || deleteCRL || importCRL || test || erase)) Usage (progName); - if (importCRL && !inFile) Usage (progName); - - PR_Init( PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1); - secstatus = NSS_Initialize(SECU_ConfigDirectory(NULL), dbPrefix, dbPrefix, - "secmod.db", 0); - if (secstatus != SECSuccess) { - SECU_PrintPRandOSError(progName); - return -1; - } - - certHandle = CERT_GetDefaultCertDB(); - if (certHandle == NULL) { - SECU_PrintError(progName, "unable to open the cert db"); - /*ignoring return value of NSS_Shutdown() as code returns -1*/ - (void) NSS_Shutdown(); - return (-1); - } - - for (i=0; i<iterations; i++) { - /* Read in the private key info */ - if (deleteCRL) - DeleteCRL (certHandle, nickName, crlType); - else if (listCRL) { - ListCRL (certHandle, nickName, crlType); - } - else if (importCRL) { - rv = ImportCRL (certHandle, url, crlType, inFile, importOptions, - decodeOptions); - } - else if (erase) { - /* list and delete all CRLs */ - ListCRLNames (certHandle, crlType, PR_TRUE); - } -#ifdef DEBUG - else if (test) { - /* list and delete all CRLs */ - ListCRLNames (certHandle, crlType, PR_TRUE); - /* list CRLs */ - ListCRLNames (certHandle, crlType, PR_FALSE); - /* import CRL as a blob */ - rv = ImportCRL (certHandle, url, crlType, inFile, importOptions, - decodeOptions); - /* list CRLs */ - ListCRLNames (certHandle, crlType, PR_FALSE); - } -#endif - } - if (NSS_Shutdown() != SECSuccess) { - exit(1); - } - - return (rv); -} diff --git a/security/nss/cmd/crlutil/makefile.win b/security/nss/cmd/crlutil/makefile.win deleted file mode 100644 index 1f1b627ff..000000000 --- a/security/nss/cmd/crlutil/makefile.win +++ /dev/null @@ -1,130 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -VERBOSE = 1 -include <manifest.mn> - -#cannot define PROGRAM in manifest compatibly with NT and UNIX -PROGRAM = crlutil -PROGRAM = ./$(OBJDIR)/$(PROGRAM).exe -include <$(DEPTH)\config\config.mak> - -# let manifest generate C_OBJS, it will prepend ./$(OBJDIR)/ -# rules.mak will append C_OBJS onto OBJS. -# OBJS = $(CSRCS:.c=.obj) - -# include files are looked for in $LINCS and $INCS. -# $LINCS is in manifest.mnw, computed from REQUIRES= -INCS = $(INCS) \ - -I$(DEPTH)/security/lib/cert \ - -I../include \ - $(NULL) - -IGNORE_ME = \ - -I$(DEPTH)/security/lib/key \ - -I$(DEPTH)/security/lib/util \ - $(NULL) - - -WINFE = $(DEPTH)/cmd/winfe/mkfiles$(MOZ_BITS)/x86Dbg - -# these files are the content of libdbm -DBM_LIB = \ - $(WINFE)/DB.obj \ - $(WINFE)/HASH.obj \ - $(WINFE)/H_BIGKEY.obj \ - $(WINFE)/H_PAGE.obj \ - $(WINFE)/H_LOG2.obj \ - $(WINFE)/H_FUNC.obj \ - $(WINFE)/HASH_BUF.obj \ - $(NULL) - -MOZ_LIBS = \ - $(WINFE)/ALLXPSTR.obj \ - $(WINFE)/XP_ERROR.obj \ - $(WINFE)/XPASSERT.obj \ - $(WINFE)/XP_REG.obj \ - $(WINFE)/XP_TRACE.obj \ - $(DBM_LIB) \ - $(WINFE)/XP_STR.obj \ - $(WINFE)/MKTEMP.obj \ - $(NULL) - -SEC_LIBS = \ - $(DIST)/lib/cert$(MOZ_BITS).lib \ - $(DIST)/lib/crypto$(MOZ_BITS).lib \ - $(DIST)/lib/hash$(MOZ_BITS).lib \ - $(DIST)/lib/key$(MOZ_BITS).lib \ - $(DIST)/lib/pkcs7$(MOZ_BITS).lib \ - $(DIST)/lib/secmod$(MOZ_BITS).lib \ - $(DIST)/lib/secutl$(MOZ_BITS).lib \ - $(DIST)/lib/ssl$(MOZ_BITS).lib \ - $(NULL) - -LLFLAGS = $(LLFLAGS) \ - ../lib/$(OBJDIR)/sectool$(MOZ_BITS).lib \ - $(SEC_LIBS) \ - $(MOZ_LIBS) \ - $(DEPTH)/nspr/src/$(OBJDIR)/getopt.obj \ - $(LIBNSPR) \ - $(NULL) - - -include <$(DEPTH)\config\rules.mak> - -INSTALL = $(MAKE_INSTALL) - -objs: $(OBJS) - -$(PROGRAM):: - $(INSTALL) $(DIST)/bin/pr3240.dll ./$(OBJDIR) - -programs: $(PROGRAM) - -install:: $(TARGETS) - $(INSTALL) $(TARGETS) $(DIST)/bin - - -symbols: - @echo "CSRCS = $(CSRCS)" - @echo "INCS = $(INCS)" - @echo "OBJS = $(OBJS)" - @echo "LIBRARY = $(LIBRARY)" - @echo "PROGRAM = $(PROGRAM)" - @echo "TARGETS = $(TARGETS)" - @echo "DIST = $(DIST)" - @echo "VERSION_NUMBER = $(VERSION_NUMBER)" - @echo "WINFE = $(WINFE)" - @echo "DBM_LIB = $(DBM_LIB)" - @echo "INSTALL = $(INSTALL)" - diff --git a/security/nss/cmd/crlutil/manifest.mn b/security/nss/cmd/crlutil/manifest.mn deleted file mode 100644 index 169deb28a..000000000 --- a/security/nss/cmd/crlutil/manifest.mn +++ /dev/null @@ -1,53 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -CORE_DEPTH = ../../.. - -# MODULE public and private header directories are implicitly REQUIRED. -MODULE = nss - -# This next line is used by .mk files -# and gets translated into $LINCS in manifest.mnw -# The MODULE is always implicitly required. -# Listing it here in REQUIRES makes it appear twice in the cc command line. -REQUIRES = seccmd dbm - -DEFINES = -DNSPR20 - -CSRCS = crlutil.c - -# this has to be different for NT and UNIX. -# PROGRAM = ./$(OBJDIR)/crlutil.exe -PROGRAM = crlutil - -#USE_STATIC_LIBS = 1 diff --git a/security/nss/cmd/crmf-cgi/Makefile b/security/nss/cmd/crmf-cgi/Makefile deleted file mode 100644 index 23cb6f6b5..000000000 --- a/security/nss/cmd/crmf-cgi/Makefile +++ /dev/null @@ -1,81 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### -ifeq (,$(filter-out WIN%,$(OS_TARGET))) -EXTRA_LIBS += $(DIST)/lib/crmf.lib -else -EXTRA_LIBS += $(DIST)/lib/libcrmf.$(LIB_SUFFIX) -endif -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - -include ../platlibs.mk - - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - -include ../platrules.mk - diff --git a/security/nss/cmd/crmf-cgi/config.mk b/security/nss/cmd/crmf-cgi/config.mk deleted file mode 100644 index bcbaa2804..000000000 --- a/security/nss/cmd/crmf-cgi/config.mk +++ /dev/null @@ -1,44 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - - -# -# Override TARGETS variable so that only static libraries -# are specifed as dependencies within rules.mk. -# - -TARGETS = $(PROGRAM) -SHARED_LIBRARY = -IMPORT_LIBRARY = -LIBRARY = - diff --git a/security/nss/cmd/crmf-cgi/crmfcgi.c b/security/nss/cmd/crmf-cgi/crmfcgi.c deleted file mode 100644 index 72199cfd5..000000000 --- a/security/nss/cmd/crmf-cgi/crmfcgi.c +++ /dev/null @@ -1,1124 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -#include "seccomon.h" -#include "nss.h" -#include "key.h" -#include "cert.h" -#include "pk11func.h" -#include "secmod.h" -#include "cmmf.h" -#include "crmf.h" -#include "base64.h" -#include "secasn1.h" -#include "cryptohi.h" -#include <string.h> -#include <stdlib.h> -#include <stdio.h> - -#define DEFAULT_ALLOC_SIZE 200 -#define DEFAULT_CGI_VARS 20 - -typedef struct CGIVariableStr { - char *name; - char *value; -} CGIVariable; - -typedef struct CGIVarTableStr { - CGIVariable **variables; - int numVars; - int numAlloc; -} CGIVarTable; - -typedef struct CertResponseInfoStr { - CERTCertificate *cert; - long certReqID; -} CertResponseInfo; - -typedef struct ChallengeCreationInfoStr { - long random; - SECKEYPublicKey *pubKey; -} ChallengeCreationInfo; - -char *missingVar = NULL; - -/* - * Error values. - */ -typedef enum { - NO_ERROR = 0, - NSS_INIT_FAILED, - AUTH_FAILED, - REQ_CGI_VAR_NOT_PRESENT, - CRMF_REQ_NOT_PRESENT, - BAD_ASCII_FOR_REQ, - CGI_VAR_MISSING, - COULD_NOT_FIND_CA, - COULD_NOT_DECODE_REQS, - OUT_OF_MEMORY, - ERROR_RETRIEVING_REQUEST_MSG, - ERROR_RETRIEVING_CERT_REQUEST, - ERROR_RETRIEVING_SUBJECT_FROM_REQ, - ERROR_RETRIEVING_PUBLIC_KEY_FROM_REQ, - ERROR_CREATING_NEW_CERTIFICATE, - COULD_NOT_START_EXTENSIONS, - ERROR_RETRIEVING_EXT_FROM_REQ, - ERROR_ADDING_EXT_TO_CERT, - ERROR_ENDING_EXTENSIONS, - COULD_NOT_FIND_ISSUER_PRIVATE_KEY, - UNSUPPORTED_SIGN_OPERATION_FOR_ISSUER, - ERROR_SETTING_SIGN_ALG, - ERROR_ENCODING_NEW_CERT, - ERROR_SIGNING_NEW_CERT, - ERROR_CREATING_CERT_REP_CONTENT, - ERROR_CREATING_SINGLE_CERT_RESPONSE, - ERROR_SETTING_CERT_RESPONSES, - ERROR_CREATING_CA_LIST, - ERROR_ADDING_ISSUER_TO_CA_LIST, - ERROR_ENCODING_CERT_REP_CONTENT, - NO_POP_FOR_REQUEST, - UNSUPPORTED_POP, - ERROR_RETRIEVING_POP_SIGN_KEY, - ERROR_RETRIEVING_ALG_ID_FROM_SIGN_KEY, - ERROR_RETRIEVING_SIGNATURE_FROM_POP_SIGN_KEY, - DO_CHALLENGE_RESPONSE, - ERROR_RETRIEVING_PUB_KEY_FROM_NEW_CERT, - ERROR_ENCODING_CERT_REQ_FOR_POP, - ERROR_VERIFYING_SIGNATURE_POP, - ERROR_RETRIEVING_PUB_KEY_FOR_CHALL, - ERROR_CREATING_EMPTY_CHAL_CONTENT, - ERROR_EXTRACTING_GEN_NAME_FROM_ISSUER, - ERROR_SETTING_CHALLENGE, - ERROR_ENCODING_CHALL, - ERROR_CONVERTING_CHALL_TO_BASE64, - ERROR_CONVERTING_RESP_FROM_CHALL_TO_BIN, - ERROR_CREATING_KEY_RESP_FROM_DER, - ERROR_RETRIEVING_CLIENT_RESPONSE_TO_CHALLENGE, - ERROR_RETURNED_CHALL_NOT_VALUE_EXPECTED, - ERROR_GETTING_KEY_ENCIPHERMENT, - ERROR_NO_POP_FOR_PRIVKEY, - ERROR_UNSUPPORTED_POPOPRIVKEY_TYPE -} ErrorCode; - -const char * -CGITableFindValue(CGIVarTable *varTable, const char *key); - -void -spitOutHeaders(void) -{ - printf("Content-type: text/html\n\n"); -} - -void -dumpRequest(CGIVarTable *varTable) -{ - int i; - CGIVariable *var; - - printf ("<table border=1 cellpadding=1 cellspacing=1 width=\"100%%\">\n"); - printf ("<tr><td><b><center>Variable Name<center></b></td>" - "<td><b><center>Value</center></b></td></tr>\n"); - for (i=0; i<varTable->numVars; i++) { - var = varTable->variables[i]; - printf ("<tr><td><pre>%s</pre></td><td><pre>%s</pre></td></tr>\n", - var->name, var->value); - } - printf("</table>\n"); -} - -void -echo_request(CGIVarTable *varTable) -{ - spitOutHeaders(); - printf("<html><head><title>CGI Echo Page</title></head>\n" - "<body><h1>Got the following request</h1>\n"); - dumpRequest(varTable); - printf("</body></html>"); -} - -void -processVariable(CGIVariable *var) -{ - char *plusSign, *percentSign; - - /*First look for all of the '+' and convert them to spaces */ - plusSign = var->value; - while ((plusSign=strchr(plusSign, '+')) != NULL) { - *plusSign = ' '; - } - percentSign = var->value; - while ((percentSign=strchr(percentSign, '%')) != NULL) { - char string[3]; - int value; - - string[0] = percentSign[1]; - string[1] = percentSign[2]; - string[2] = '\0'; - - sscanf(string,"%x", &value); - *percentSign = (char)value; - memmove(&percentSign[1], &percentSign[3], 1+strlen(&percentSign[3])); - } -} - -char * -parseNextVariable(CGIVarTable *varTable, char *form_output) -{ - char *ampersand, *equal; - CGIVariable *var; - - if (varTable->numVars == varTable->numAlloc) { - CGIVariable **newArr = realloc(varTable->variables, - (varTable->numAlloc + DEFAULT_CGI_VARS)*sizeof(CGIVariable*)); - if (newArr == NULL) { - return NULL; - } - varTable->variables = newArr; - varTable->numAlloc += DEFAULT_CGI_VARS; - } - equal = strchr(form_output, '='); - if (equal == NULL) { - return NULL; - } - ampersand = strchr(equal, '&'); - if (ampersand == NULL) { - return NULL; - } - equal[0] = '\0'; - if (ampersand != NULL) { - ampersand[0] = '\0'; - } - var = malloc(sizeof(CGIVariable)); - var->name = form_output; - var->value = &equal[1]; - varTable->variables[varTable->numVars] = var; - varTable->numVars++; - processVariable(var); - return (ampersand != NULL) ? &ersand[1] : NULL; -} - -void -ParseInputVariables(CGIVarTable *varTable, char *form_output) -{ - varTable->variables = malloc(sizeof(CGIVariable*)*DEFAULT_CGI_VARS); - varTable->numVars = 0; - varTable->numAlloc = DEFAULT_CGI_VARS; - while (form_output && form_output[0] != '\0') { - form_output = parseNextVariable(varTable, form_output); - } -} - -const char * -CGITableFindValue(CGIVarTable *varTable, const char *key) -{ - const char *retVal = NULL; - int i; - - for (i=0; i<varTable->numVars; i++) { - if (strcmp(varTable->variables[i]->name, key) == 0) { - retVal = varTable->variables[i]->value; - break; - } - } - return retVal; -} - -char* -passwordCallback(PK11SlotInfo *slot, PRBool retry, void *arg) -{ - const char *passwd; - if (retry) { - return NULL; - } - passwd = CGITableFindValue((CGIVarTable*)arg, "dbPassword"); - if (passwd == NULL) { - return NULL; - } - return PORT_Strdup(passwd); -} - -ErrorCode -initNSS(CGIVarTable *varTable) -{ - const char *nssDir; - PK11SlotInfo *keySlot; - SECStatus rv; - - nssDir = CGITableFindValue(varTable,"NSSDirectory"); - if (nssDir == NULL) { - missingVar = "NSSDirectory"; - return REQ_CGI_VAR_NOT_PRESENT; - } - rv = NSS_Init(nssDir); - if (rv != SECSuccess) { - return NSS_INIT_FAILED; - } - PK11_SetPasswordFunc(passwordCallback); - keySlot = PK11_GetInternalKeySlot(); - rv = PK11_Authenticate(keySlot, PR_FALSE, varTable); - PK11_FreeSlot(keySlot); - if (rv != SECSuccess) { - return AUTH_FAILED; - } - return NO_ERROR; -} - -void -dumpErrorMessage(ErrorCode errNum) -{ - spitOutHeaders(); - printf("<html><head><title>Error</title></head><body><h1>Error processing " - "data</h1> Received the error %d<p>", errNum); - if (errNum == REQ_CGI_VAR_NOT_PRESENT) { - printf ("The missing variable is %s.", missingVar); - } - printf ("<i>More useful information here in the future.</i></body></html>"); -} - -ErrorCode -initOldCertReq(CERTCertificateRequest *oldCertReq, - CERTName *subject, CERTSubjectPublicKeyInfo *spki) -{ - PRArenaPool *poolp; - - poolp = oldCertReq->arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - SEC_ASN1EncodeInteger(poolp, &oldCertReq->version, - SEC_CERTIFICATE_VERSION_3); - CERT_CopyName(poolp, &oldCertReq->subject, subject); - SECKEY_CopySubjectPublicKeyInfo(poolp, &oldCertReq->subjectPublicKeyInfo, - spki); - oldCertReq->attributes = NULL; - return NO_ERROR; -} - -ErrorCode -addExtensions(CERTCertificate *newCert, CRMFCertRequest *certReq) -{ - int numExtensions, i; - void *extHandle; - ErrorCode rv = NO_ERROR; - CRMFCertExtension *ext; - SECStatus srv; - - numExtensions = CRMF_CertRequestGetNumberOfExtensions(certReq); - if (numExtensions == 0) { - /* No extensions to add */ - return NO_ERROR; - } - extHandle = CERT_StartCertExtensions(newCert); - if (extHandle == NULL) { - rv = COULD_NOT_START_EXTENSIONS; - goto loser; - } - for (i=0; i<numExtensions; i++) { - ext = CRMF_CertRequestGetExtensionAtIndex(certReq, i); - if (ext == NULL) { - rv = ERROR_RETRIEVING_EXT_FROM_REQ; - } - srv = CERT_AddExtension(extHandle, CRMF_CertExtensionGetOidTag(ext), - CRMF_CertExtensionGetValue(ext), - CRMF_CertExtensionGetIsCritical(ext), PR_FALSE); - if (srv != SECSuccess) { - rv = ERROR_ADDING_EXT_TO_CERT; - } - } - srv = CERT_FinishExtensions(extHandle); - if (srv != SECSuccess) { - rv = ERROR_ENDING_EXTENSIONS; - goto loser; - } - return NO_ERROR; - loser: - return rv; -} - -void -writeOutItem(const char *filePath, SECItem *der) -{ - PRFileDesc *outfile; - - outfile = PR_Open (filePath, - PR_WRONLY | PR_CREATE_FILE | PR_TRUNCATE, - 0666); - PR_Write(outfile, der->data, der->len); - PR_Close(outfile); - -} - -ErrorCode -createNewCert(CERTCertificate**issuedCert,CERTCertificateRequest *oldCertReq, - CRMFCertReqMsg *currReq, CRMFCertRequest *certReq, - CERTCertificate *issuerCert, CGIVarTable *varTable) -{ - CERTCertificate *newCert = NULL; - CERTValidity *validity; - PRExplodedTime printableTime; - PRTime now, after; - ErrorCode rv=NO_ERROR; - SECKEYPrivateKey *issuerPrivKey; - SECItem derCert = { 0 }; - SECOidTag signTag; - SECStatus srv; - long version; - - now = PR_Now(); - PR_ExplodeTime(now, PR_GMTParameters, &printableTime); - printableTime.tm_month += 9; - after = PR_ImplodeTime(&printableTime); - validity = CERT_CreateValidity(now, after); - newCert = *issuedCert = - CERT_CreateCertificate(rand(), &(issuerCert->subject), validity, - oldCertReq); - if (newCert == NULL) { - rv = ERROR_CREATING_NEW_CERTIFICATE; - goto loser; - } - rv = addExtensions(newCert, certReq); - if (rv != NO_ERROR) { - goto loser; - } - issuerPrivKey = PK11_FindKeyByAnyCert(issuerCert, varTable); - if (issuerPrivKey == NULL) { - rv = COULD_NOT_FIND_ISSUER_PRIVATE_KEY; - } - switch(issuerPrivKey->keyType) { - case rsaKey: - signTag = SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION; - break; - case dsaKey: - signTag = SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST; - break; - default: - rv = UNSUPPORTED_SIGN_OPERATION_FOR_ISSUER; - goto loser; - } - srv = SECOID_SetAlgorithmID(newCert->arena, &newCert->signature, - signTag, 0); - if (srv != SECSuccess) { - rv = ERROR_SETTING_SIGN_ALG; - goto loser; - } - srv = CRMF_CertRequestGetCertTemplateVersion(certReq, &version); - if (srv != SECSuccess) { - /* No version included in the request */ - *(newCert->version.data) = SEC_CERTIFICATE_VERSION_3; - } else { - SECITEM_FreeItem(&newCert->version, PR_FALSE); - SEC_ASN1EncodeInteger(newCert->arena, &newCert->version, version); - } - SEC_ASN1EncodeItem(newCert->arena, &derCert, newCert, - CERT_CertificateTemplate); - if (derCert.data == NULL) { - rv = ERROR_ENCODING_NEW_CERT; - goto loser; - } - srv = SEC_DerSignData(newCert->arena, &(newCert->derCert), derCert.data, - derCert.len, issuerPrivKey, signTag); - if (srv != SECSuccess) { - rv = ERROR_SIGNING_NEW_CERT; - goto loser; - } -#ifdef WRITE_OUT_RESPONSE - writeOutItem("newcert.der", &newCert->derCert); -#endif - return NO_ERROR; - loser: - *issuedCert = NULL; - if (newCert) { - CERT_DestroyCertificate(newCert); - } - return rv; - -} - -void -formatCMMFResponse(char *nickname, char *base64Response) -{ - char *currLine, *nextLine; - - printf("var retVal = crypto.importUserCertificates(\"%s\",\n", nickname); - currLine = base64Response; - while (1) { - nextLine = strchr(currLine, '\n'); - if (nextLine == NULL) { - /* print out the last line here. */ - printf ("\"%s\",\n", currLine); - break; - } - nextLine[0] = '\0'; - printf("\"%s\\n\"+\n", currLine); - currLine = nextLine+1; - } - printf("true);\n" - "if(retVal == '') {\n" - "\tdocument.write(\"<h1>New Certificate Succesfully Imported.</h1>\");\n" - "} else {\n" - "\tdocument.write(\"<h2>Unable to import New Certificate</h2>\");\n" - "\tdocument.write(\"crypto.importUserCertificates returned <b>\");\n" - "\tdocument.write(retVal);\n" - "\tdocument.write(\"</b>\");\n" - "}\n"); -} - -void -spitOutCMMFResponse(char *nickname, char *base64Response) -{ - spitOutHeaders(); - printf("<html>\n<head>\n<title>CMMF Resonse Page</title>\n</head>\n\n" - "<body><h1>CMMF Response Page</h1>\n" - "<script language=\"JavaScript\">\n" - "<!--\n"); - formatCMMFResponse(nickname, base64Response); - printf("// -->\n" - "</script>\n</body>\n</html>"); -} - -char* -getNickname(CERTCertificate *cert) -{ - char *nickname; - - if (cert->nickname != NULL) { - return cert->nickname; - } - nickname = CERT_GetCommonName(&cert->subject); - if (nickname != NULL) { - return nickname; - } - return CERT_NameToAscii(&cert->subject); -} - -ErrorCode -createCMMFResponse(CertResponseInfo *issuedCerts, int numCerts, - CERTCertificate *issuerCert, char **base64der) -{ - CMMFCertRepContent *certRepContent=NULL; - ErrorCode rv = NO_ERROR; - CMMFCertResponse **responses, *currResponse; - CERTCertList *caList; - int i; - SECStatus srv; - PRArenaPool *poolp; - SECItem *der; - - certRepContent = CMMF_CreateCertRepContent(); - if (certRepContent == NULL) { - rv = ERROR_CREATING_CERT_REP_CONTENT; - goto loser; - } - responses = PORT_NewArray(CMMFCertResponse*, numCerts); - if (responses == NULL) { - rv = OUT_OF_MEMORY; - goto loser; - } - for (i=0; i<numCerts;i++) { - responses[i] = currResponse = - CMMF_CreateCertResponse(issuedCerts[i].certReqID); - if (currResponse == NULL) { - rv = ERROR_CREATING_SINGLE_CERT_RESPONSE; - goto loser; - } - CMMF_CertResponseSetPKIStatusInfoStatus(currResponse, cmmfGranted); - CMMF_CertResponseSetCertificate(currResponse, issuedCerts[i].cert); - } - srv = CMMF_CertRepContentSetCertResponses(certRepContent, responses, - numCerts); - if (srv != SECSuccess) { - rv = ERROR_SETTING_CERT_RESPONSES; - goto loser; - } - caList = CERT_NewCertList(); - if (caList == NULL) { - rv = ERROR_CREATING_CA_LIST; - goto loser; - } - srv = CERT_AddCertToListTail(caList, issuerCert); - if (srv != SECSuccess) { - rv = ERROR_ADDING_ISSUER_TO_CA_LIST; - goto loser; - } - srv = CMMF_CertRepContentSetCAPubs(certRepContent, caList); - CERT_DestroyCertList(caList); - poolp = PORT_NewArena(1024); - der = SEC_ASN1EncodeItem(poolp, NULL, certRepContent, - CMMFCertRepContentTemplate); - if (der == NULL) { - rv = ERROR_ENCODING_CERT_REP_CONTENT; - goto loser; - } -#ifdef WRITE_OUT_RESPONSE - writeOutItem("CertRepContent.der", der); -#endif - *base64der = BTOA_DataToAscii(der->data, der->len); - return NO_ERROR; - loser: - return rv; -} - -ErrorCode -issueCerts(CertResponseInfo *issuedCerts, int numCerts, - CERTCertificate *issuerCert) -{ - ErrorCode rv; - char *base64Response; - - rv = createCMMFResponse(issuedCerts, numCerts, issuerCert, &base64Response); - if (rv != NO_ERROR) { - goto loser; - } - spitOutCMMFResponse(getNickname(issuedCerts[0].cert),base64Response); - return NO_ERROR; - loser: - return rv; -} - -ErrorCode -verifySignature(CGIVarTable *varTable, CRMFCertReqMsg *currReq, - CRMFCertRequest *certReq, CERTCertificate *newCert) -{ - SECStatus srv; - ErrorCode rv = NO_ERROR; - CRMFPOPOSigningKey *signKey = NULL; - SECAlgorithmID *algID = NULL; - SECItem *signature = NULL; - SECKEYPublicKey *pubKey = NULL; - SECItem *reqDER = NULL; - - srv = CRMF_CertReqMsgGetPOPOSigningKey(currReq, &signKey); - if (srv != SECSuccess || signKey == NULL) { - rv = ERROR_RETRIEVING_POP_SIGN_KEY; - goto loser; - } - algID = CRMF_POPOSigningKeyGetAlgID(signKey); - if (algID == NULL) { - rv = ERROR_RETRIEVING_ALG_ID_FROM_SIGN_KEY; - goto loser; - } - signature = CRMF_POPOSigningKeyGetSignature(signKey); - if (signature == NULL) { - rv = ERROR_RETRIEVING_SIGNATURE_FROM_POP_SIGN_KEY; - goto loser; - } - /* Make the length the number of bytes instead of bits */ - signature->len = (signature->len+7)/8; - pubKey = CERT_ExtractPublicKey(newCert); - if (pubKey == NULL) { - rv = ERROR_RETRIEVING_PUB_KEY_FROM_NEW_CERT; - goto loser; - } - reqDER = SEC_ASN1EncodeItem(NULL, NULL, certReq, CRMFCertRequestTemplate); - if (reqDER == NULL) { - rv = ERROR_ENCODING_CERT_REQ_FOR_POP; - goto loser; - } - srv = VFY_VerifyData(reqDER->data, reqDER->len, pubKey, signature, - SECOID_FindOIDTag(&algID->algorithm), varTable); - if (srv != SECSuccess) { - rv = ERROR_VERIFYING_SIGNATURE_POP; - goto loser; - } - /* Fall thru in successfull case. */ - loser: - if (pubKey != NULL) { - SECKEY_DestroyPublicKey(pubKey); - } - if (reqDER != NULL) { - SECITEM_FreeItem(reqDER, PR_TRUE); - } - if (signature != NULL) { - SECITEM_FreeItem(signature, PR_TRUE); - } - if (algID != NULL) { - SECOID_DestroyAlgorithmID(algID, PR_TRUE); - } - if (signKey != NULL) { - CRMF_DestroyPOPOSigningKey(signKey); - } - return rv; -} - -ErrorCode -doChallengeResponse(CGIVarTable *varTable, CRMFCertReqMsg *currReq, - CRMFCertRequest *certReq, CERTCertificate *newCert, - ChallengeCreationInfo *challs, int *numChall) -{ - CRMFPOPOPrivKey *privKey = NULL; - CRMFPOPOPrivKeyChoice privKeyChoice; - SECStatus srv; - ErrorCode rv = NO_ERROR; - - srv = CRMF_CertReqMsgGetPOPKeyEncipherment(currReq, &privKey); - if (srv != SECSuccess || privKey == NULL) { - rv = ERROR_GETTING_KEY_ENCIPHERMENT; - goto loser; - } - privKeyChoice = CRMF_POPOPrivKeyGetChoice(privKey); - CRMF_DestroyPOPOPrivKey(privKey); - switch (privKeyChoice) { - case crmfSubsequentMessage: - challs = &challs[*numChall]; - challs->random = rand(); - challs->pubKey = CERT_ExtractPublicKey(newCert); - if (challs->pubKey == NULL) { - rv = ERROR_RETRIEVING_PUB_KEY_FOR_CHALL; - goto loser; - } - (*numChall)++; - rv = DO_CHALLENGE_RESPONSE; - break; - case crmfThisMessage: - /* There'd better be a PKIArchiveControl in this message */ - if (!CRMF_CertRequestIsControlPresent(certReq, - crmfPKIArchiveOptionsControl)) { - rv = ERROR_NO_POP_FOR_PRIVKEY; - goto loser; - } - break; - default: - rv = ERROR_UNSUPPORTED_POPOPRIVKEY_TYPE; - goto loser; - } -loser: - return rv; -} - -ErrorCode -doProofOfPossession(CGIVarTable *varTable, CRMFCertReqMsg *currReq, - CRMFCertRequest *certReq, CERTCertificate *newCert, - ChallengeCreationInfo *challs, int *numChall) -{ - CRMFPOPChoice popChoice; - ErrorCode rv = NO_ERROR; - - popChoice = CRMF_CertReqMsgGetPOPType(currReq); - if (popChoice == crmfNoPOPChoice) { - rv = NO_POP_FOR_REQUEST; - goto loser; - } - switch (popChoice) { - case crmfSignature: - rv = verifySignature(varTable, currReq, certReq, newCert); - break; - case crmfKeyEncipherment: - rv = doChallengeResponse(varTable, currReq, certReq, newCert, - challs, numChall); - break; - case crmfRAVerified: - case crmfKeyAgreement: - default: - rv = UNSUPPORTED_POP; - goto loser; - } - loser: - return rv; -} - -void -convertB64ToJS(char *base64) -{ - int i; - - for (i=0; base64[i] != '\0'; i++) { - if (base64[i] == '\n') { - printf ("\\n"); - }else { - printf ("%c", base64[i]); - } - } -} - -void -formatChallenge(char *chall64, char *certRepContentDER, - ChallengeCreationInfo *challInfo, int numChalls) -{ - printf ("function respondToChallenge() {\n" - " var chalForm = document.chalForm;\n\n" - " chalForm.CertRepContent.value = '"); - convertB64ToJS(certRepContentDER); - printf ("';\n" - " chalForm.ChallResponse.value = crypto.popChallengeResponse('"); - convertB64ToJS(chall64); - printf("');\n" - " chalForm.submit();\n" - "}\n"); - -} - -void -spitOutChallenge(char *chall64, char *certRepContentDER, - ChallengeCreationInfo *challInfo, int numChalls, - char *nickname) -{ - int i; - - spitOutHeaders(); - printf("<html>\n" - "<head>\n" - "<title>Challenge Page</title>\n" - "<script language=\"JavaScript\">\n" - "<!--\n"); - /* The JavaScript function actually gets defined within - * this function call - */ - formatChallenge(chall64, certRepContentDER, challInfo, numChalls); - printf("// -->\n" - "</script>\n" - "</head>\n" - "<body onLoad='respondToChallenge()'>\n" - "<h1>Cartman is now responding to the Challenge " - "presented by the CGI</h1>\n" - "<form action='crmfcgi' method='post' name='chalForm'>\n" - "<input type='hidden' name=CertRepContent value=''>\n" - "<input type='hidden' name=ChallResponse value=''>\n"); - for (i=0;i<numChalls; i++) { - printf("<input type='hidden' name='chal%d' value='%d'>\n", - i+1, challInfo[i].random); - } - printf("<input type='hidden' name='nickname' value='%s'>\n", nickname); - printf("</form>\n</body>\n</html>"); -} - -ErrorCode -issueChallenge(CertResponseInfo *issuedCerts, int numCerts, - ChallengeCreationInfo *challInfo, int numChalls, - CERTCertificate *issuer, CGIVarTable *varTable) -{ - ErrorCode rv = NO_ERROR; - CMMFPOPODecKeyChallContent *chalContent = NULL; - int i; - SECStatus srv; - PRArenaPool *poolp; - CERTGeneralName *genName; - SECItem *challDER = NULL; - char *chall64, *certRepContentDER; - - rv = createCMMFResponse(issuedCerts, numCerts, issuer, - &certRepContentDER); - if (rv != NO_ERROR) { - goto loser; - } - chalContent = CMMF_CreatePOPODecKeyChallContent(); - if (chalContent == NULL) { - rv = ERROR_CREATING_EMPTY_CHAL_CONTENT; - goto loser; - } - poolp = PORT_NewArena(1024); - if (poolp == NULL) { - rv = OUT_OF_MEMORY; - goto loser; - } - genName = CERT_GetCertificateNames(issuer, poolp); - if (genName == NULL) { - rv = ERROR_EXTRACTING_GEN_NAME_FROM_ISSUER; - goto loser; - } - for (i=0;i<numChalls;i++) { - srv = CMMF_POPODecKeyChallContentSetNextChallenge(chalContent, - challInfo[i].random, - genName, - challInfo[i].pubKey, - varTable); - SECKEY_DestroyPublicKey(challInfo[i].pubKey); - if (srv != SECSuccess) { - rv = ERROR_SETTING_CHALLENGE; - goto loser; - } - } - challDER = SEC_ASN1EncodeItem(NULL, NULL, chalContent, - CMMFPOPODecKeyChallContentTemplate); - if (challDER == NULL) { - rv = ERROR_ENCODING_CHALL; - goto loser; - } - chall64 = BTOA_DataToAscii(challDER->data, challDER->len); - SECITEM_FreeItem(challDER, PR_TRUE); - if (chall64 == NULL) { - rv = ERROR_CONVERTING_CHALL_TO_BASE64; - goto loser; - } - spitOutChallenge(chall64, certRepContentDER, challInfo, numChalls, - getNickname(issuedCerts[0].cert)); - loser: - return rv; -} - - -ErrorCode -processRequest(CGIVarTable *varTable) -{ - CERTCertDBHandle *certdb; - SECKEYKeyDBHandle *keydb; - CRMFCertReqMessages *certReqs = NULL; - const char *crmfReq; - const char *caNickname; - CERTCertificate *caCert = NULL; - CertResponseInfo *issuedCerts = NULL; - CERTSubjectPublicKeyInfo spki = { 0 }; - ErrorCode rv=NO_ERROR; - PRBool doChallengeResponse = PR_FALSE; - SECItem der = { 0 }; - SECStatus srv; - CERTCertificateRequest oldCertReq = { 0 }; - CRMFCertReqMsg **reqMsgs = NULL,*currReq = NULL; - CRMFCertRequest **reqs = NULL, *certReq = NULL; - CERTName subject = { 0 }; - int numReqs,i; - ChallengeCreationInfo *challInfo=NULL; - int numChalls = 0; - - certdb = CERT_GetDefaultCertDB(); - keydb = SECKEY_GetDefaultKeyDB(); - crmfReq = CGITableFindValue(varTable, "CRMFRequest"); - if (crmfReq == NULL) { - rv = CGI_VAR_MISSING; - missingVar = "CRMFRequest"; - goto loser; - } - caNickname = CGITableFindValue(varTable, "CANickname"); - if (caNickname == NULL) { - rv = CGI_VAR_MISSING; - missingVar = "CANickname"; - goto loser; - } - caCert = CERT_FindCertByNickname(certdb, caNickname); - if (caCert == NULL) { - rv = COULD_NOT_FIND_CA; - goto loser; - } - srv = ATOB_ConvertAsciiToItem(&der, crmfReq); - if (srv != SECSuccess) { - rv = BAD_ASCII_FOR_REQ; - goto loser; - } - certReqs = CRMF_CreateCertReqMessagesFromDER(der.data, der.len); - SECITEM_FreeItem(&der, PR_FALSE); - if (certReqs == NULL) { - rv = COULD_NOT_DECODE_REQS; - goto loser; - } - numReqs = CRMF_CertReqMessagesGetNumMessages(certReqs); - issuedCerts = PORT_ZNewArray(CertResponseInfo, numReqs); - challInfo = PORT_ZNewArray(ChallengeCreationInfo, numReqs); - if (issuedCerts == NULL || challInfo == NULL) { - rv = OUT_OF_MEMORY; - goto loser; - } - reqMsgs = PORT_ZNewArray(CRMFCertReqMsg*, numReqs); - reqs = PORT_ZNewArray(CRMFCertRequest*, numReqs); - if (reqMsgs == NULL || reqs == NULL) { - rv = OUT_OF_MEMORY; - goto loser; - } - for (i=0; i<numReqs; i++) { - currReq = reqMsgs[i] = - CRMF_CertReqMessagesGetCertReqMsgAtIndex(certReqs, i); - if (currReq == NULL) { - rv = ERROR_RETRIEVING_REQUEST_MSG; - goto loser; - } - certReq = reqs[i] = CRMF_CertReqMsgGetCertRequest(currReq); - if (certReq == NULL) { - rv = ERROR_RETRIEVING_CERT_REQUEST; - goto loser; - } - srv = CRMF_CertRequestGetCertTemplateSubject(certReq, &subject); - if (srv != SECSuccess) { - rv = ERROR_RETRIEVING_SUBJECT_FROM_REQ; - goto loser; - } - srv = CRMF_CertRequestGetCertTemplatePublicKey(certReq, &spki); - if (srv != SECSuccess) { - rv = ERROR_RETRIEVING_PUBLIC_KEY_FROM_REQ; - goto loser; - } - rv = initOldCertReq(&oldCertReq, &subject, &spki); - if (rv != NO_ERROR) { - goto loser; - } - rv = createNewCert(&issuedCerts[i].cert, &oldCertReq, currReq, certReq, - caCert, varTable); - if (rv != NO_ERROR) { - goto loser; - } - rv = doProofOfPossession(varTable, currReq, certReq, issuedCerts[i].cert, - challInfo, &numChalls); - if (rv != NO_ERROR) { - if (rv == DO_CHALLENGE_RESPONSE) { - doChallengeResponse = PR_TRUE; - } else { - goto loser; - } - } - CRMF_CertReqMsgGetID(currReq, &issuedCerts[i].certReqID); - CRMF_DestroyCertReqMsg(currReq); - CRMF_DestroyCertRequest(certReq); - } - if (doChallengeResponse) { - rv = issueChallenge(issuedCerts, numReqs, challInfo, numChalls, caCert, - varTable); - } else { - rv = issueCerts(issuedCerts, numReqs, caCert); - } - loser: - if (certReqs != NULL) { - CRMF_DestroyCertReqMessages(certReqs); - } - return rv; -} - -ErrorCode -processChallengeResponse(CGIVarTable *varTable, const char *certRepContent) -{ - SECItem binDER = { 0 }; - SECStatus srv; - ErrorCode rv = NO_ERROR; - const char *clientResponse; - const char *formChalValue; - const char *nickname; - CMMFPOPODecKeyRespContent *respContent = NULL; - int numResponses,i; - long curResponse, expectedResponse; - char cgiChalVar[10]; -#ifdef WRITE_OUT_RESPONSE - SECItem certRepBinDER = { 0 }; - - ATOB_ConvertAsciiToItem(&certRepBinDER, certRepContent); - writeOutItem("challCertRepContent.der", &certRepBinDER); - PORT_Free(certRepBinDER.data); -#endif - clientResponse = CGITableFindValue(varTable, "ChallResponse"); - if (clientResponse == NULL) { - rv = REQ_CGI_VAR_NOT_PRESENT; - missingVar = "ChallResponse"; - goto loser; - } - srv = ATOB_ConvertAsciiToItem(&binDER, clientResponse); - if (srv != SECSuccess) { - rv = ERROR_CONVERTING_RESP_FROM_CHALL_TO_BIN; - goto loser; - } - respContent = CMMF_CreatePOPODecKeyRespContentFromDER(binDER.data, - binDER.len); - SECITEM_FreeItem(&binDER, PR_FALSE); - binDER.data = NULL; - if (respContent == NULL) { - rv = ERROR_CREATING_KEY_RESP_FROM_DER; - goto loser; - } - numResponses = CMMF_POPODecKeyRespContentGetNumResponses(respContent); - for (i=0;i<numResponses;i++){ - srv = CMMF_POPODecKeyRespContentGetResponse(respContent,i,&curResponse); - if (srv != SECSuccess) { - rv = ERROR_RETRIEVING_CLIENT_RESPONSE_TO_CHALLENGE; - goto loser; - } - sprintf(cgiChalVar, "chal%d", i+1); - formChalValue = CGITableFindValue(varTable, cgiChalVar); - if (formChalValue == NULL) { - rv = REQ_CGI_VAR_NOT_PRESENT; - missingVar = strdup(cgiChalVar); - goto loser; - } - sscanf(formChalValue, "%ld", &expectedResponse); - if (expectedResponse != curResponse) { - rv = ERROR_RETURNED_CHALL_NOT_VALUE_EXPECTED; - goto loser; - } - } - nickname = CGITableFindValue(varTable, "nickname"); - if (nickname == NULL) { - rv = REQ_CGI_VAR_NOT_PRESENT; - missingVar = "nickname"; - goto loser; - } - spitOutCMMFResponse(nickname, certRepContent); - loser: - if (respContent != NULL) { - CMMF_DestroyPOPODecKeyRespContent(respContent); - } - return rv; -} - -int -main() -{ - char *form_output = NULL; - int form_output_len, form_output_used; - CGIVarTable varTable = { 0 }; - ErrorCode errNum = 0; - char *certRepContent; - -#ifdef ATTACH_CGI - /* Put an ifinite loop in here so I can attach to - * the process after the process is spun off - */ - { int stupid = 1; - while (stupid); - } -#endif - - form_output_used = 0; - srand(time(NULL)); - while (feof(stdin) == 0) { - if (form_output == NULL) { - form_output = PORT_NewArray(char, DEFAULT_ALLOC_SIZE+1); - form_output_len = DEFAULT_ALLOC_SIZE; - } else if ((form_output_used + DEFAULT_ALLOC_SIZE) >= form_output_len) { - form_output_len += DEFAULT_ALLOC_SIZE; - form_output = PORT_Realloc(form_output, form_output_len+1); - } - form_output_used += fread(&form_output[form_output_used], sizeof(char), - DEFAULT_ALLOC_SIZE, stdin); - } - ParseInputVariables(&varTable, form_output); - certRepContent = CGITableFindValue(&varTable, "CertRepContent"); - if (certRepContent == NULL) { - errNum = initNSS(&varTable); - if (errNum != 0) { - goto loser; - } - errNum = processRequest(&varTable); - } else { - errNum = processChallengeResponse(&varTable, certRepContent); - } - if (errNum != NO_ERROR) { - goto loser; - } - goto done; -loser: - dumpErrorMessage(errNum); -done: - free (form_output); - return 0; -} - diff --git a/security/nss/cmd/crmf-cgi/crmfcgi.html b/security/nss/cmd/crmf-cgi/crmfcgi.html deleted file mode 100644 index e91923ece..000000000 --- a/security/nss/cmd/crmf-cgi/crmfcgi.html +++ /dev/null @@ -1,165 +0,0 @@ -<!-- - - The contents of this file are subject to the Mozilla Public - - License Version 1.1 (the "License"); you may not use this file - - except in compliance with the License. You may obtain a copy of - - the License at http://www.mozilla.org/MPL/ - - - - Software distributed under the License is distributed on an "AS - - IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - - implied. See the License for the specific language governing - - rights and limitations under the License. - - - - The Original Code is the Netscape security libraries. - - - - The Initial Developer of the Original Code is Netscape - - Communications Corporation. Portions created by Netscape are - - Copyright (C) 1994-2000 Netscape Communications Corporation. All - - Rights Reserved. - - - - Contributor(s): - - - - Alternatively, the contents of this file may be used under the - - terms of the GNU General Public License Version 2 or later (the - - "GPL"), in which case the provisions of the GPL are applicable - - instead of those above. If you wish to allow use of your - - version of this file only under the terms of the GPL and not to - - allow others to use your version of this file under the MPL, - - indicate your decision by deleting the provisions above and - - replace them with the notice and other provisions required by - - the GPL. If you do not delete the provisions above, a recipient - - may use your version of this file under either the MPL or the - - GPL. - --> - -<html> -<head> -<title>CRMF Test Page for PSM</title> -<script language=javascript> -var request; -//This variable must be set to the first value -//in the select field "testType" in the form. -var keyGenType="SigningOnlyRSA"; - -var requestedDN = "CN=Javi CA Shack ID, O=NSS"; - -function setTestType() { - var testType = document.crmfForm.testType; - - keyGenType = testType.options[testType.selectedIndex].value; -} - -function setRequest() { - with (document.crmfForm) { - CRMFRequest.value = request.request; - submit(); - } -} - -function generateSignAndEncryptRSARequest() { - request = crypto.generateCRMFRequest(requestedDN, - null, null, null, "setRequest()", - crypto.algorithms.rsa.keyEx.keySizes[0], - null, "rsa-dual-use"); -} - -function generateSigningOnlyRSARequest() { - request = crypto.generateCRMFRequest(requestedDN,null,null,null,"setRequest()", - crypto.algorithms.rsa.signing.keySizes[0], - null, "rsa-sign"); -} - -function generateEncryptionOnlyRSARequest() { - request = crypto.generateCRMFRequest(requestedDN, null, null, null, "setRequest()", - crypto.algorithms.rsa.keyEx.keySizes[0], - null, "rsa-ex"); -} - -function generateDualRSAKeys() { - request = crypto.generateCRMFRequest(requestedDN, null, null, null, "setRequest()", - crypto.algorithms.rsa.keyEx.keySizes[0], - null, "rsa-ex", - crypto.algorithms.rsa.signing.keySizes[0], - null, "rsa-sign"); -} - -function generateDSAKey() { - request = crypto.generateCRMFRequest(requestedDN, null, null, null, "setRequest()", - crypto.algorithms.dsa.keySizes[0], - null, "dsa-sign-nonrepudiation"); -} - -function processForm(form) { - with (form) { - if (typeof(crypto.version) == "undefined") { - alert('You must be running PSM in order to use this page.'); - return false; - } - if (NSSDirectory.value == "") { - alert('You must provide a path for NSS to use.'); - return false; - } - if (dbPassword.value == "") { - alert('You must provide a password for the certificate database.'); - return false; - } - if (CANickname.value == "") { - alert('You must provide a CA Nickname to use.'); - return false; - } - //Now do the correct key generation. - if (keyGenType == "SignAndEncryptRSA") { - generateSignAndEncryptRSARequest(); - } else if (keyGenType == "SigningOnlyRSA") { - generateSigningOnlyRSARequest(); - } else if (keyGenType == "EncryptionOnlyRSA") { - generateEncryptionOnlyRSARequest(); - } else if (keyGenType == "DualRSAKeys") { - generateDualRSAKeys(); - } else if (keyGenType == "DSAKeyGen") { - generateDSAKey(); - } - } - return true; -} -</script> -</head> -<body> -<h1><center>CRMF Test page for PSM</center></h1> -This page is designed to be used in combination with the executable -produced by ns/security/cmd/crmf-cgi in a CGI environment. In order -to successfully use this page, modify its action to post to a a server -where you have installed the crmfcgi executable and you'll be able to -test the functionality. -<hr> -<form name="crmfForm" method=post action="http://www.cgi-site.com/cgi-bin/crmfcgi"> -<h2>Certificate Database information</h2> -First, enter all the information for the CGI to use for initializing -NSS. The CGI will use the directory entered below as the directory -where to look for the certificate and key databases. -<pre> -Path for NSS Config: <input size=40 type="text" name="NSSDirectory"> -</pre> -Enter the password for the certificate database found in the direcotry -above. -<pre> -Database Password: <input type="password" name="dbPassword" size=40> -</pre> -Now enter the nickname of the certificate to use for signing the -certificate issued during this test. -<pre> -CA Nickname: <input size=40 type="text" name="CANickname"> -</pre> -<h2>Now, figure out which type of key generation you want to test:</h2> -<select name="testType" onChange="setTestType()">` -<option value="SigningOnlyRSA">Signing Only-RSA -<option value="EncryptionOnlyRSA">Encryption Only-RSA -<option value="SignAndEncryptRSA">Sign and Encrypt Single Key -RSA -<option value="DualRSAKeys">Dual Keys-RSA -<option value="DSAKeyGen">DSA Key Gen -</select> -<input type="hidden" name=CRMFRequest value=""> -<hr> -<input type="button" value="OK" onclick="processForm(document.crmfForm)"> -</form> -</body> -</html> diff --git a/security/nss/cmd/crmf-cgi/manifest.mn b/security/nss/cmd/crmf-cgi/manifest.mn deleted file mode 100644 index 3a3496327..000000000 --- a/security/nss/cmd/crmf-cgi/manifest.mn +++ /dev/null @@ -1,61 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -CORE_DEPTH = ../../.. -MODULE = sectools - -EXPORTS = \ - $(NULL) - -CSRCS = \ - crmfcgi.c \ - $(NULL) - - -REQUIRES = nss dbm seccmd - -ifdef ATTACH_CGI -DEFINES += -DATTACH_CGI -endif - -ifdef WRITE_OUT_RESPONSE -DEFINES += -DWRITE_OUT_RESPONSE -endif - -PROGRAM = crmfcgi - -USE_STATIC_LIBS = 1 - -INCLUDES = - -DEFINES = -DNSPR20 diff --git a/security/nss/cmd/crmftest/Makefile b/security/nss/cmd/crmftest/Makefile deleted file mode 100644 index 5df669763..000000000 --- a/security/nss/cmd/crmftest/Makefile +++ /dev/null @@ -1,99 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### -include config.mk - -ifeq ($(OS_TARGET)$(OS_RELEASE), AIX4.2) -OS_LIBS += -lsvld -endif - -ifeq ($(OS_TARGET)$(OS_RELEASE), SunOS5.6) -OS_LIBS += -ldl -lxnet -lposix4 -lsocket -lnsl -endif - -ifeq (,$(filter-out WIN%,$(OS_TARGET))) -EXTRA_LIBS += $(DIST)/lib/crmf.lib -else -EXTRA_LIBS += $(DIST)/lib/libcrmf.$(LIB_SUFFIX) -endif - -include ../platlibs.mk - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - -LDDIST = $(DIST)/lib - -ifeq (,$(filter-out WIN%,$(OS_TARGET))) -EXTRA_LIBS += $(LDDIST)/sectool.lib -endif - -lame: - echo $(CPU_ARCH) - -include ../platrules.mk diff --git a/security/nss/cmd/crmftest/config.mk b/security/nss/cmd/crmftest/config.mk deleted file mode 100644 index 7343609f8..000000000 --- a/security/nss/cmd/crmftest/config.mk +++ /dev/null @@ -1,43 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -# -# Override TARGETS variable so that only static libraries -# are specifed as dependencies within rules.mk. -# - -TARGETS = $(PROGRAM) -SHARED_LIBRARY = -IMPORT_LIBRARY = -LIBRARY = - diff --git a/security/nss/cmd/crmftest/manifest.mn b/security/nss/cmd/crmftest/manifest.mn deleted file mode 100644 index cd5275094..000000000 --- a/security/nss/cmd/crmftest/manifest.mn +++ /dev/null @@ -1,53 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -CORE_DEPTH = ../../.. -DEPTH = . - -# MODULE public and private header directories are implicitly REQUIRED. -MODULE = nss - -EXPORTS = \ - $(NULL) - -CSRCS = \ - testcrmf.c \ - $(NULL) - - -# The MODULE is always implicitly required. -# Listing it here in REQUIRES makes it appear twice in the cc command line. -REQUIRES = dbm - -PROGRAM = crmftest - diff --git a/security/nss/cmd/crmftest/testcrmf.c b/security/nss/cmd/crmftest/testcrmf.c deleted file mode 100644 index e9bb08bdb..000000000 --- a/security/nss/cmd/crmftest/testcrmf.c +++ /dev/null @@ -1,1533 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -#include "crmf.h" -#include "secrng.h" -#include "secpkcs5.h" -#include "pk11func.h" -#include "pkcs11.h" -#include "secmod.h" -#include "secmodi.h" -#include "key.h" -#include "prio.h" -#include "pqggen.h" -#include "cmmf.h" -#include "seccomon.h" -#include "secmod.h" -#include "prlock.h" -#include "secmodi.h" -#include "pkcs11.h" -#include "pk11func.h" -#include "secitem.h" -#include "key.h" -#include "rsa.h" -#include "secpkcs5.h" -#include "secasn1.h" -#include "sechash.h" -#include "cert.h" -#include "secerr.h" -#include <stdio.h> -#include "prprf.h" -#if !defined(XP_UNIX) && !defined(LINUX) -extern int getopt(int, char **, char*); -extern char *optarg; -#endif -#define MAX_KEY_LEN 512 - -int64 notBefore; -char *personalCert = NULL; -char *recoveryEncrypter = NULL; -char *caCertName = NULL; - -CERTCertDBHandle *db; -SECKEYKeyDBHandle *keydb; - -void -debug_test(SECItem *src, char *filePath) -{ - PRFileDesc *fileDesc; - - fileDesc = PR_Open (filePath, PR_WRONLY | PR_CREATE_FILE | PR_TRUNCATE, - 0666); - if (fileDesc == NULL) { - printf ("Could not cretae file %s.\n", filePath); - return; - } - PR_Write(fileDesc, src->data, src->len); - -} - -SECStatus -get_serial_number(long *dest) -{ - RNGContext *rng; - SECStatus rv; - - if (dest == NULL) { - return SECFailure; - } - rng = RNG_CreateContext(); - if (rng == NULL) { - *dest = 0; - return SECFailure; - } - rv = RNG_GenerateRandomBytes(rng, (void*)dest, sizeof(long)); - RNG_DestroyContext(rng, PR_TRUE); - return SECSuccess; -} - -char * -promptForPassword (PK11SlotInfo *slot, PRBool retry, void *cx) -{ - char passWord[80]; - char *retPass = NULL; - - if (retry) { - printf ("Incorrect password. Please re-enter the password.\n"); - } - printf ("WARNING: Password will be echoed to the screen.\n"); - printf ("Please enter the password for slot \"%s\":", - PK11_GetTokenName(slot)); - scanf ("%s", passWord); - retPass = PORT_Strdup(passWord); - return retPass; -} - -PK11RSAGenParams * -GetRSAParams(void) -{ - PK11RSAGenParams *rsaParams; - - rsaParams = PORT_ZNew(PK11RSAGenParams); - - if (rsaParams == NULL) - return NULL; - - rsaParams->keySizeInBits = MAX_KEY_LEN; - rsaParams->pe = 0x1001; - - return rsaParams; - -} - -SECStatus -SetSlotPassword(PK11SlotInfo *slot) -{ - char userPin[80]; - - printf ("Initialization of PIN's for your Database.\n"); - printf ("------------------------------------------\n"); - printf ("Please enter the PIN's for your Database.\n"); - printf ("Warning: ALL PIN'S WILL BE ECHOED TO SCREEN!!!\n"); - printf ("Now enter the PIN for the user: "); - scanf ("%s", userPin); - return PK11_InitPin (slot, NULL, userPin); -} - -PQGParams* -GetDSAParams(void) -{ - PQGParams *params = NULL; - PQGVerify *vfy = NULL; - - SECStatus rv; - - rv = PQG_ParamGen(0, ¶ms, &vfy); - if (rv != SECSuccess) { - return NULL; - } - PQG_DestroyVerify(vfy); - return params; -} - -CERTSubjectPublicKeyInfo * -GetSubjectPubKeyInfo(SECKEYPrivateKey **destPrivKey, - SECKEYPublicKey **destPubKey) { - CERTSubjectPublicKeyInfo *spki = NULL; - SECKEYPrivateKey *privKey = NULL; - SECKEYPublicKey *pubKey = NULL; - PK11SlotInfo *keySlot = NULL; - PK11SlotInfo *cryptoSlot = NULL; - PK11RSAGenParams *rsaParams = NULL; - PQGParams *dsaParams = NULL; - - keySlot = PK11_GetInternalKeySlot(); - PK11_Authenticate(keySlot, PR_FALSE, NULL); - cryptoSlot = PK11_GetInternalSlot(); - PK11_Authenticate(cryptoSlot, PR_FALSE, NULL); - PK11_FreeSlot(cryptoSlot); - rsaParams = GetRSAParams(); - privKey = PK11_GenerateKeyPair(keySlot, CKM_RSA_PKCS_KEY_PAIR_GEN, - (void*)rsaParams, &pubKey, PR_FALSE, - PR_FALSE, NULL); -/* dsaParams = GetDSAParams(); - if (dsaParams == NULL) { - PK11_FreeSlot(keySlot); - return NULL; - } - privKey = PK11_GenerateKeyPair(keySlot, CKM_DSA_KEY_PAIR_GEN, - (void*)dsaParams, &pubKey, PR_FALSE, - PR_FALSE, NULL);*/ - PK11_FreeSlot(keySlot); - if (privKey == NULL || pubKey == NULL) { - if (pubKey) { - SECKEY_DestroyPublicKey(pubKey); - } - if (privKey) { - SECKEY_DestroyPrivateKey(privKey); - } - return NULL; - } - - spki = SECKEY_CreateSubjectPublicKeyInfo(pubKey); - *destPrivKey = privKey; - *destPubKey = pubKey; - return spki; -} - - -SECStatus -InitPKCS11(void) -{ - PK11SlotInfo *cryptoSlot, *keySlot; - - PK11_SetPasswordFunc(promptForPassword); - - cryptoSlot = PK11_GetInternalSlot(); - keySlot = PK11_GetInternalKeySlot(); - - if (PK11_NeedUserInit(cryptoSlot) && PK11_NeedLogin(cryptoSlot)) { - if (SetSlotPassword (cryptoSlot) != SECSuccess) { - printf ("Initializing the PIN's failed.\n"); - return SECFailure; - } - } - - if (PK11_NeedUserInit(keySlot) && PK11_NeedLogin(keySlot)) { - if (SetSlotPassword (keySlot) != SECSuccess) { - printf ("Initializing the PIN's failed.\n"); - return SECFailure; - } - } - - PK11_FreeSlot(cryptoSlot); - PK11_FreeSlot(keySlot); - return SECSuccess; -} - - -void -WriteItOut (void *arg, const char *buf, unsigned long len) -{ - PRFileDesc *fileDesc = (PRFileDesc*)arg; - - PR_Write(fileDesc, (void*)buf, len); -} - -SECItem -GetRandomBitString(void) -{ -#define NUM_BITS 800 -#define BITS_IN_BYTE 8 - SECItem bitString; - int numBytes = NUM_BITS/BITS_IN_BYTE; - unsigned char *bits = PORT_ZNewArray(unsigned char, numBytes); - RNGContext *rng; - - rng = RNG_CreateContext(); - RNG_GenerateRandomBytes(rng, (void*)bits, numBytes); - RNG_DestroyContext(rng, PR_TRUE); - bitString.data = bits; - bitString.len = NUM_BITS; - bitString.type = siBuffer; - return bitString; -} - -CRMFCertExtCreationInfo* -GetExtensions(void) -{ - CRMFCertExtCreationInfo *extInfo; - CRMFCertExtension *currExt; - CRMFCertExtension *extension; - SECItem data; - PRBool prFalse = PR_FALSE; - unsigned char keyUsage[4]; - - data.len = 4; - data.data = keyUsage; - keyUsage[0] = 0x03; - keyUsage[1] = 0x02; - keyUsage[2] = 0x07; - keyUsage[3] = KU_DIGITAL_SIGNATURE; - extension = CRMF_CreateCertExtension(SEC_OID_X509_KEY_USAGE,prFalse, - &data); - extInfo = PORT_ZNew(CRMFCertExtCreationInfo); - extInfo->numExtensions = 1; - extInfo->extensions = PORT_ZNewArray(CRMFCertExtension*, 1); - extInfo->extensions[0] = extension; - return extInfo; -} - -void -FreeExtInfo(CRMFCertExtCreationInfo *extInfo) -{ - int i; - - for (i=0; i<extInfo->numExtensions; i++) { - CRMF_DestroyCertExtension(extInfo->extensions[i]); - } - PORT_Free(extInfo->extensions); - PORT_Free(extInfo); -} - -int -CreateCertRequest (CRMFCertRequest **inCertReq, SECKEYPrivateKey **privKey, - SECKEYPublicKey **pubKey) -{ - long serialNumber; - long version = 3; - char *issuerStr = PORT_Strdup ("CN=Javi's CA Shack, O=Information Systems"); - char *subjectStr = PORT_Strdup ("CN=Javi's CA Shack ID, O=Engineering, " - "C=US"); - CRMFCertRequest *certReq; - SECAlgorithmID * algID; - CERTName *issuer, *subject; - CRMFValidityCreationInfo validity; - CERTSubjectPublicKeyInfo *spki; - SECStatus rv; - SECOidTag tag, tag2; - SECItem issuerUID, subjectUID; - CRMFCertExtCreationInfo *extInfo; - CRMFEncryptedKey *encKey; - CERTCertificate *caCert; - CRMFPKIArchiveOptions *pkiArchOpt; - - *inCertReq = NULL; - certReq = CRMF_CreateCertRequest(0x0ff02345); - if (certReq == NULL) { - printf ("Could not initialize a certificate request.\n"); - return 1; - } - rv = CRMF_CertRequestSetTemplateField (certReq, crmfVersion, (void*)(&version)); - if (rv != SECSuccess) { - printf("Could not add the version number to the " - "Certificate Request.\n"); - CRMF_DestroyCertRequest(certReq); - return 2; - } - - if (get_serial_number(&serialNumber) != SECSuccess) { - printf ("Could not generate a serial number for cert request.\n"); - CRMF_DestroyCertRequest(certReq); - return 3; - } - - rv = CRMF_CertRequestSetTemplateField (certReq, crmfSerialNumber, - (void*)(&serialNumber)); - if (rv != SECSuccess) { - printf ("Could not add serial number to certificate template\n."); - CRMF_DestroyCertRequest(certReq); - return 4; - } - - issuer = CERT_AsciiToName(issuerStr); - if (issuer == NULL) { - printf ("Could not create CERTName structure from %s.\n", issuerStr); - CRMF_DestroyCertRequest(certReq); - return 5; - } - rv = CRMF_CertRequestSetTemplateField (certReq, crmfIssuer, (void*) issuer); - PORT_Free(issuerStr); - CERT_DestroyName(issuer); - if (rv != SECSuccess) { - printf ("Could not add issuer to cert template\n"); - CRMF_DestroyCertRequest(certReq); - return 6; - } - - subject = CERT_AsciiToName(subjectStr); - if (subject == NULL) { - printf ("Could not create CERTName structure from %s.\n", subjectStr); - CRMF_DestroyCertRequest(certReq); - return 7; - } - PORT_Free(subjectStr); - rv = CRMF_CertRequestSetTemplateField (certReq, crmfSubject, (void*)subject); - if (rv != SECSuccess) { - printf ("Could not add subject to cert template\n"); - CRMF_DestroyCertRequest(certReq); - return 8; - } - CERT_DestroyName(subject); - - algID = - SEC_PKCS5CreateAlgorithmID (SEC_OID_PKCS5_PBE_WITH_SHA1_AND_DES_CBC, - NULL, 1); - if (algID == NULL) { - printf ("Couldn't create algorithm ID\n"); - CRMF_DestroyCertRequest(certReq); - return 9; - } - rv = CRMF_CertRequestSetTemplateField(certReq, crmfSigningAlg, (void*)algID); - SECOID_DestroyAlgorithmID(algID, PR_TRUE); - if (rv != SECSuccess) { - printf ("Could not add the signing algorithm to the cert template.\n"); - CRMF_DestroyCertRequest(certReq); - return 10; - } - - validity.notBefore = ¬Before; - validity.notAfter = NULL; - notBefore = PR_Now(); - rv = CRMF_CertRequestSetTemplateField(certReq, crmfValidity,(void*)(&validity)); - if (rv != SECSuccess) { - printf ("Could not add validity to cert template\n"); - CRMF_DestroyCertRequest(certReq); - return 11; - } - - spki = GetSubjectPubKeyInfo(privKey, pubKey); - if (spki == NULL) { - printf ("Could not create a Subject Public Key Info to add\n"); - CRMF_DestroyCertRequest(certReq); - return 12; - } - rv = CRMF_CertRequestSetTemplateField(certReq, crmfPublicKey, (void*)spki); - SECKEY_DestroySubjectPublicKeyInfo(spki); - if (rv != SECSuccess) { - printf ("Could not add the public key to the template\n"); - CRMF_DestroyCertRequest(certReq); - return 13; - } - - caCert = - CERT_FindCertByNickname(CERT_GetDefaultCertDB(), - caCertName); - if (caCert == NULL) { - printf ("Could not find the certificate for %s\n", caCertName); - CRMF_DestroyCertRequest(certReq); - return 50; - } - - issuerUID = GetRandomBitString(); - subjectUID = GetRandomBitString(); - CRMF_CertRequestSetTemplateField(certReq,crmfIssuerUID, (void*)&issuerUID); - CRMF_CertRequestSetTemplateField(certReq,crmfSubjectUID, (void*)&subjectUID); - PORT_Free(issuerUID.data); - PORT_Free(subjectUID.data); - extInfo = GetExtensions(); - CRMF_CertRequestSetTemplateField(certReq, crmfExtension, (void*)extInfo); - FreeExtInfo(extInfo); - encKey = CRMF_CreateEncryptedKeyWithEncryptedValue(*privKey, caCert); - CERT_DestroyCertificate(caCert); - if (encKey == NULL) { - printf ("Could not create Encrypted Key with Encrypted Value.\n"); - return 14; - } - pkiArchOpt = CRMF_CreatePKIArchiveOptions(crmfEncryptedPrivateKey, encKey); - CRMF_DestroyEncryptedKey(encKey); - if (pkiArchOpt == NULL) { - printf ("Could not create PKIArchiveOptions.\n"); - return 15; - } - rv = CRMF_CertRequestSetPKIArchiveOptions(certReq, pkiArchOpt); - CRMF_DestroyPKIArchiveOptions(pkiArchOpt); - if (rv != SECSuccess) { - printf ("Could not add the PKIArchiveControl to Cert Request.\n"); - return 16; - } - *inCertReq = certReq; - return 0; -} - -int -Encode (CRMFCertReqMsg *inCertReq, - CRMFCertReqMsg *secondReq, char *configdir) -{ -#define PATH_LEN 150 -#define CRMF_FILE "CertReqMessages.der" - char filePath[PATH_LEN]; - PRFileDesc *fileDesc; - SECStatus rv; - int irv = 0; - CRMFCertReqMsg *msgArr[3]; - CRMFCertReqMsg *newMsg; - - PR_snprintf(filePath, PATH_LEN, "%s/%s", configdir, CRMF_FILE); - fileDesc = PR_Open (filePath, PR_WRONLY | PR_CREATE_FILE | PR_TRUNCATE, - 0666); - if (fileDesc == NULL) { - printf ("Could not open file %s\n", filePath); - irv = 14; - goto finish; - } -/* rv = CRMF_EncodeCertReqMsg (inCertReq, WriteItOut, (void*)fileDesc);*/ - msgArr[0] = inCertReq; - msgArr[1] = secondReq; - msgArr[2] = NULL; - rv = CRMF_EncodeCertReqMessages(msgArr, WriteItOut, (void*)fileDesc); - if (rv != SECSuccess) { - printf ("An error occurred while encoding.\n"); - irv = 15; - goto finish; - } - finish: - PR_Close(fileDesc); - return irv; -} - -int -AddProofOfPossession(CRMFCertReqMsg *certReqMsg, SECKEYPrivateKey *privKey, - SECKEYPublicKey *pubKey, CRMFPOPChoice inPOPChoice) -{ - - switch(inPOPChoice){ - case crmfSignature: - CRMF_CertReqMsgSetSignaturePOP(certReqMsg, privKey, pubKey, NULL, NULL, - NULL); - break; - case crmfRAVerified: - CRMF_CertReqMsgSetRAVerifiedPOP(certReqMsg); - break; - case crmfKeyEncipherment: - CRMF_CertReqMsgSetKeyEnciphermentPOP(certReqMsg, - crmfSubsequentMessage, - crmfChallengeResp, NULL); - break; - case crmfKeyAgreement: - { - SECItem pendejo; - unsigned char lame[] = { 0xf0, 0x0f, 0xf0, 0x0f, 0xf0 }; - - pendejo.data = lame; - pendejo.len = 5; - - CRMF_CertReqMsgSetKeyAgreementPOP(certReqMsg, crmfThisMessage, - crmfNoSubseqMess, &pendejo); - } - break; - default: - return 1; - } - return 0; -} - -#define BUFF_SIZE 150 - -int -Decode(char *configdir) -{ - char filePath[PATH_LEN]; - unsigned char buffer[BUFF_SIZE]; - char *asn1Buff; - PRFileDesc *fileDesc; - PRInt32 fileLen = 0; - PRInt32 bytesRead; - CRMFCertReqMsg *certReqMsg; - CRMFCertRequest *certReq; - CRMFGetValidity validity= {NULL, NULL}; - CRMFCertReqMessages *certReqMsgs; - int numMsgs, i; - long lame; - - PR_snprintf(filePath, PATH_LEN, "%s/%s", configdir, CRMF_FILE); - fileDesc = PR_Open(filePath, PR_RDONLY, 0644); - while (1) { - bytesRead = PR_Read(fileDesc, buffer, BUFF_SIZE); - if (bytesRead <= 0) break; - fileLen += bytesRead; - } - if (bytesRead < 0) { - printf ("Error while getting the length of the file %s\n", filePath); - return 200; - } - - PR_Close(fileDesc); - fileDesc = PR_Open(filePath, PR_RDONLY, 0644); - asn1Buff = PORT_ZNewArray(char, fileLen); - bytesRead = PR_Read(fileDesc, asn1Buff, fileLen); - if (bytesRead != fileLen) { - printf ("Error while reading in the contents of %s\n", filePath); - return 201; - } - /*certReqMsg = CRMF_CreateCertReqMsgFromDER(asn1Buff, fileLen); - if (certReqMsg == NULL) { - printf ("Error while decoding the CertReqMsg\n"); - return 202; - } - certReq = CRMF_CertReqMsgGetCertRequest(certReqMsg); -*/ - certReqMsgs = CRMF_CreateCertReqMessagesFromDER(asn1Buff, fileLen); - if (certReqMsgs == NULL) { - printf ("Error decoding CertReqMessages.\n"); - return 202; - } - numMsgs = CRMF_CertReqMessagesGetNumMessages(certReqMsgs); - if (numMsgs <= 0) { - printf ("WARNING: The DER contained %d messages.\n", numMsgs); - } - for (i=0; i < numMsgs; i++) { - certReqMsg = CRMF_CertReqMessagesGetCertReqMsgAtIndex(certReqMsgs, i); - if (certReqMsg == NULL) { - printf ("ERROR: Could not access the message at index %d of %s\n", - i, filePath); - } - CRMF_CertReqMsgGetID(certReqMsg, &lame); - certReq = CRMF_CertReqMsgGetCertRequest(certReqMsg); - CRMF_CertRequestGetCertTemplateValidity(certReq, &validity); - CRMF_DestroyGetValidity(&validity); - CRMF_DestroyCertRequest(certReq); - CRMF_DestroyCertReqMsg(certReqMsg); - } - CRMF_DestroyCertReqMessages(certReqMsgs); - PORT_Free(asn1Buff); - return 0; -} - -void -GetBitsFromFile(char *filePath, SECItem *fileBits) -{ - PRFileDesc *fileDesc; - int bytesRead, fileLen=0; - char buffer[BUFF_SIZE], *asn1Buf; - - fileDesc = PR_Open(filePath, PR_RDONLY, 0644); - while (1) { - bytesRead = PR_Read(fileDesc, buffer, BUFF_SIZE); - if (bytesRead <= 0) break; - fileLen += bytesRead; - } - if (bytesRead < 0) { - printf ("Error while getting the length of file %s.\n", filePath); - goto loser; - } - PR_Close(fileDesc); - - fileDesc = PR_Open(filePath, PR_RDONLY, 0644); - asn1Buf = PORT_ZNewArray(char, fileLen); - if (asn1Buf == NULL) { - printf ("Out of memory in function GetBitsFromFile\n"); - goto loser; - } - bytesRead = PR_Read(fileDesc, asn1Buf, fileLen); - if (bytesRead != fileLen) { - printf ("Error while reading the contents of %s\n", filePath); - goto loser; - } - fileBits->data = (unsigned char*)asn1Buf; - fileBits->len = fileLen; - return; - loser: - if (asn1Buf) { - PORT_Free(asn1Buf); - } - fileBits->data = NULL; - fileBits->len = 0; -} - -int -DecodeCMMFCertRepContent(char *derFile) -{ - int fileLen=0; - char *asn1Buf; - SECItem fileBits; - CMMFCertRepContent *certRepContent; - - - GetBitsFromFile(derFile, &fileBits); - if (fileBits.data == NULL) { - printf("Could not get bits from file %s\n", derFile); - return 304; - } - asn1Buf = (char*)fileBits.data; - fileLen = fileBits.len; - certRepContent = CMMF_CreateCertRepContentFromDER(db, asn1Buf, fileLen); - if (certRepContent == NULL) { - printf ("Error while decoding %s\n", derFile); - return 303; - } - CMMF_DestroyCertRepContent(certRepContent); - PORT_Free(asn1Buf); - return 0; -} - -int -DoCMMFStuff(char *configdir) -{ - CMMFCertResponse *certResp=NULL, *certResp2=NULL, *certResponses[3]; - CMMFCertRepContent *certRepContent=NULL; - CERTCertificate *cert=NULL, *caCert=NULL; - CERTCertList *list=NULL; - PRFileDesc *fileDesc=NULL; - char filePath[PATH_LEN]; - int rv = 0; - long random; - CMMFKeyRecRepContent *repContent=NULL; - SECKEYPrivateKey *privKey = NULL; - SECKEYPublicKey *caPubKey; - SECStatus srv; - SECItem fileBits; - - certResp = CMMF_CreateCertResponse(0xff123); - CMMF_CertResponseSetPKIStatusInfoStatus(certResp, cmmfGranted); - cert = CERT_FindCertByNickname(CERT_GetDefaultCertDB(), personalCert); - if (cert == NULL) { - printf ("Could not find the certificate for %s\n", personalCert); - rv = 416; - goto finish; - } - CMMF_CertResponseSetCertificate(certResp, cert); - certResp2 = CMMF_CreateCertResponse(0xff122); - CMMF_CertResponseSetPKIStatusInfoStatus(certResp2, cmmfGranted); - CMMF_CertResponseSetCertificate(certResp2, cert); - - certResponses[0] = certResp; - certResponses[1] = NULL; - certResponses[2] = NULL; - - certRepContent = CMMF_CreateCertRepContent(); - CMMF_CertRepContentSetCertResponses(certRepContent, certResponses, 1); - - list = CERT_GetCertChainFromCert(cert, PR_Now(), certUsageEmailSigner); - CMMF_CertRepContentSetCAPubs(certRepContent, list); - - PR_snprintf(filePath, PATH_LEN, "%s/%s", configdir, "CertRepContent.der"); - fileDesc = PR_Open (filePath, PR_WRONLY | PR_CREATE_FILE | PR_TRUNCATE, - 0666); - if (fileDesc == NULL) { - printf ("Could not open file %s\n", filePath); - rv = 400; - goto finish; - } - - srv = CMMF_EncodeCertRepContent(certRepContent, WriteItOut, - (void*)fileDesc); - PORT_Assert (srv == SECSuccess); - PR_Close(fileDesc); - rv = DecodeCMMFCertRepContent(filePath); - if (rv != 0) { - goto finish; - } - random = 0xa4e7; - caCert = CERT_FindCertByNickname(CERT_GetDefaultCertDB(), - caCertName); - if (caCert == NULL) { - printf ("Could not get the certifcate for %s\n", caCertName); - rv = 411; - goto finish; - } - repContent = CMMF_CreateKeyRecRepContent(); - if (repContent == NULL) { - printf ("Could not allocate a CMMFKeyRecRepContent structure\n"); - rv = 407; - goto finish; - } - srv = CMMF_KeyRecRepContentSetPKIStatusInfoStatus(repContent, - cmmfGrantedWithMods); - if (srv != SECSuccess) { - printf ("Error trying to set PKIStatusInfo for " - "CMMFKeyRecRepContent.\n"); - rv = 406; - goto finish; - } - srv = CMMF_KeyRecRepContentSetNewSignCert(repContent, cert); - if (srv != SECSuccess) { - printf ("Error trying to set the new signing certificate for " - "key recovery\n"); - rv = 408; - goto finish; - } - srv = CMMF_KeyRecRepContentSetCACerts(repContent, list); - if (srv != SECSuccess) { - printf ("Errory trying to add the list of CA certs to the " - "CMMFKeyRecRepContent structure.\n"); - rv = 409; - goto finish; - } - privKey = PK11_FindKeyByAnyCert(cert, NULL); - if (privKey == NULL) { - printf ("Could not get the private key associated with the\n" - "certificate %s\n", personalCert); - rv = 410; - goto finish; - } - caPubKey = CERT_ExtractPublicKey(caCert); - if (caPubKey == NULL) { - printf ("Could not extract the public from the " - "certificate for \n%s\n", caCertName); - rv = 412; - goto finish; - } - CERT_DestroyCertificate(caCert); - caCert = NULL; - srv = CMMF_KeyRecRepContentSetCertifiedKeyPair(repContent, cert, privKey, - caPubKey); - SECKEY_DestroyPrivateKey(privKey); - SECKEY_DestroyPublicKey(caPubKey); - if (srv != SECSuccess) { - printf ("Could not set the Certified Key Pair\n"); - rv = 413; - goto finish; - } - PR_snprintf(filePath, PATH_LEN, "%s/%s", configdir, - "KeyRecRepContent.der"); - fileDesc = PR_Open (filePath, PR_WRONLY | PR_CREATE_FILE | PR_TRUNCATE, - 0666); - if (fileDesc == NULL) { - printf ("Could not open file %s\n", filePath); - rv = 414; - goto finish; - } - - srv = CMMF_EncodeKeyRecRepContent(repContent, WriteItOut, - (void*)fileDesc); - PORT_Assert (srv == SECSuccess); - PR_Close(fileDesc); - CMMF_DestroyKeyRecRepContent(repContent); - GetBitsFromFile(filePath, &fileBits); - repContent = - CMMF_CreateKeyRecRepContentFromDER(db, (const char *) fileBits.data, - fileBits.len); - if (repContent == NULL) { - printf ("ERROR: CMMF_CreateKeyRecRepContentFromDER failed on file:\n" - "\t%s\n", filePath); - rv = 415; - goto finish; - } - finish: - if (repContent) { - CMMF_DestroyKeyRecRepContent(repContent); - } - if (cert) { - CERT_DestroyCertificate(cert); - } - if (list) { - CERT_DestroyCertList(list); - } - if (certResp) { - CMMF_DestroyCertResponse(certResp); - } - if (certResp2) { - CMMF_DestroyCertResponse(certResp2); - } - if (certRepContent) { - CMMF_DestroyCertRepContent(certRepContent); - } - return rv; -} - -static CK_MECHANISM_TYPE -mapWrapKeyType(KeyType keyType) -{ - switch (keyType) { - case rsaKey: - return CKM_RSA_PKCS; - default: - break; - } - return CKM_INVALID_MECHANISM; -} - -#define KNOWN_MESSAGE_LENGTH 20 /*160 bits*/ - -int -DoKeyRecovery(char *configdir, SECKEYPrivateKey *privKey) -{ - SECKEYPublicKey *pubKey; - PK11SlotInfo *slot; - CK_OBJECT_HANDLE id; - CK_MECHANISM mech = { CKM_INVALID_MECHANISM, NULL, 0}; - unsigned char *known_message = (unsigned char*)"Known Crypto Message"; - unsigned char plaintext[KNOWN_MESSAGE_LENGTH]; - char filePath[PATH_LEN]; - CK_RV crv; - unsigned char *ciphertext; - CK_ULONG max_bytes_encrypted, bytes_encrypted; - unsigned char *text_compared; - CK_ULONG bytes_compared, bytes_decrypted; - SECKEYPrivateKey *unwrappedPrivKey, *caPrivKey; - CMMFKeyRecRepContent *keyRecRep; - SECStatus rv; - CERTCertificate *caCert, *myCert; - SECKEYPublicKey *caPubKey; - PRFileDesc *fileDesc; - SECItem fileBits, nickname; - CMMFCertifiedKeyPair *certKeyPair; - - /*caCert = CERT_FindCertByNickname(CERT_GetDefaultCertDB(), - caCertName);*/ - myCert = CERT_FindCertByNickname(CERT_GetDefaultCertDB(), personalCert); - if (myCert == NULL) { - printf ("Could not find the certificate for %s\n", personalCert); - return 700; - } - caCert = CERT_FindCertByNickname(CERT_GetDefaultCertDB(), - recoveryEncrypter); - if (caCert == NULL) { - printf ("Could not find the certificate for %s\n", recoveryEncrypter); - return 701; - } - caPubKey = CERT_ExtractPublicKey(caCert); - pubKey = SECKEY_ConvertToPublicKey(privKey); - max_bytes_encrypted = PK11_GetPrivateModulusLen(privKey); - slot = PK11_GetBestSlot(mapWrapKeyType(privKey->keyType), NULL); - id = PK11_ImportPublicKey(slot, pubKey, PR_FALSE); - switch(privKey->keyType) { - case rsaKey: - mech.mechanism = CKM_RSA_PKCS; - break; - case dsaKey: - mech.mechanism = CKM_DSA; - break; - case dhKey: - mech.mechanism = CKM_DH_PKCS_DERIVE; - break; - default: - printf ("Bad Key type in key recovery.\n"); - return 512; - - } - PK11_EnterSlotMonitor(slot); - crv = PK11_GETTAB(slot)->C_EncryptInit(slot->session, &mech, id); - if (crv != CKR_OK) { - PK11_ExitSlotMonitor(slot); - PK11_FreeSlot(slot); - printf ("C_EncryptInit failed in KeyRecovery\n"); - return 500; - } - ciphertext = PORT_NewArray(unsigned char, max_bytes_encrypted); - if (ciphertext == NULL) { - PK11_ExitSlotMonitor(slot); - PK11_FreeSlot(slot); - printf ("Could not allocate memory for ciphertext.\n"); - return 501; - } - bytes_encrypted = max_bytes_encrypted; - crv = PK11_GETTAB(slot)->C_Encrypt(slot->session, - known_message, - KNOWN_MESSAGE_LENGTH, - ciphertext, - &bytes_encrypted); - PK11_ExitSlotMonitor(slot); - PK11_FreeSlot(slot); - if (crv != CKR_OK) { - PORT_Free(ciphertext); - return 502; - } - /* Always use the smaller of these two values . . . */ - bytes_compared = ( bytes_encrypted > KNOWN_MESSAGE_LENGTH ) - ? KNOWN_MESSAGE_LENGTH - : bytes_encrypted; - - /* If there was a failure, the plaintext */ - /* goes at the end, therefore . . . */ - text_compared = ( bytes_encrypted > KNOWN_MESSAGE_LENGTH ) - ? (ciphertext + bytes_encrypted - - KNOWN_MESSAGE_LENGTH ) - : ciphertext; - - keyRecRep = CMMF_CreateKeyRecRepContent(); - if (keyRecRep == NULL) { - PORT_Free(ciphertext); - PK11_FreeSlot(slot); - CMMF_DestroyKeyRecRepContent(keyRecRep); - printf ("Could not allocate a CMMFKeyRecRepContent structre.\n"); - return 503; - } - rv = CMMF_KeyRecRepContentSetPKIStatusInfoStatus(keyRecRep, - cmmfGranted); - if (rv != SECSuccess) { - PORT_Free(ciphertext); - PK11_FreeSlot(slot); - CMMF_DestroyKeyRecRepContent(keyRecRep); - printf ("Could not set the status for the KeyRecRepContent\n"); - return 504; - } - /* The myCert here should correspond to the certificate corresponding - * to the private key, but for this test any certificate will do. - */ - rv = CMMF_KeyRecRepContentSetCertifiedKeyPair(keyRecRep, myCert, - privKey, caPubKey); - if (rv != SECSuccess) { - PORT_Free(ciphertext); - PK11_FreeSlot(slot); - CMMF_DestroyKeyRecRepContent(keyRecRep); - printf ("Could not set the Certified Key Pair\n"); - return 505; - } - PR_snprintf(filePath, PATH_LEN, "%s/%s", configdir, - "KeyRecRepContent.der"); - fileDesc = PR_Open (filePath, PR_WRONLY | PR_CREATE_FILE | PR_TRUNCATE, - 0666); - if (fileDesc == NULL) { - PORT_Free(ciphertext); - PK11_FreeSlot(slot); - CMMF_DestroyKeyRecRepContent(keyRecRep); - printf ("Could not open file %s\n", filePath); - return 506; - } - rv = CMMF_EncodeKeyRecRepContent(keyRecRep, WriteItOut, fileDesc); - CMMF_DestroyKeyRecRepContent(keyRecRep); - PR_Close(fileDesc); - - if (rv != SECSuccess) { - PORT_Free(ciphertext); - PK11_FreeSlot(slot); - printf ("Error while encoding CMMFKeyRecRepContent\n"); - return 507; - } - GetBitsFromFile(filePath, &fileBits); - if (fileBits.data == NULL) { - PORT_Free(ciphertext); - PK11_FreeSlot(slot); - printf ("Could not get the bits from file %s\n", filePath); - return 508; - } - keyRecRep = - CMMF_CreateKeyRecRepContentFromDER(db,(const char*)fileBits.data, - fileBits.len); - if (keyRecRep == NULL) { - printf ("Could not decode the KeyRecRepContent in file %s\n", - filePath); - PORT_Free(ciphertext); - PK11_FreeSlot(slot); - return 509; - } - caPrivKey = PK11_FindKeyByAnyCert(caCert, NULL); - if (CMMF_KeyRecRepContentGetPKIStatusInfoStatus(keyRecRep) != - cmmfGranted) { - PORT_Free(ciphertext); - PK11_FreeSlot(slot); - CMMF_DestroyKeyRecRepContent(keyRecRep); - printf ("A bad status came back with the " - "KeyRecRepContent structure\n"); - return 510; - } -#define NICKNAME "Key Recovery Test Key" - nickname.data = (unsigned char*)NICKNAME; - nickname.len = PORT_Strlen(NICKNAME); - certKeyPair = CMMF_KeyRecRepContentGetCertKeyAtIndex(keyRecRep, 0); - CMMF_DestroyKeyRecRepContent(keyRecRep); - rv = CMMF_CertifiedKeyPairUnwrapPrivKey(certKeyPair, - caPrivKey, - &nickname, - PK11_GetInternalKeySlot(), - db, - &unwrappedPrivKey, NULL); - CMMF_DestroyCertifiedKeyPair(certKeyPair); - if (rv != SECSuccess) { - printf ("Unwrapping the private key failed.\n"); - return 511; - } - /*Now let's try to decrypt the ciphertext with the "recovered" key*/ - PK11_EnterSlotMonitor(slot); - crv = - PK11_GETTAB(slot)->C_DecryptInit(unwrappedPrivKey->pkcs11Slot->session, - &mech, - unwrappedPrivKey->pkcs11ID); - if (crv != CKR_OK) { - PK11_ExitSlotMonitor(slot); - PORT_Free(ciphertext); - PK11_FreeSlot(slot); - printf ("Decrypting with the recovered key failed.\n"); - return 513; - } - bytes_decrypted = KNOWN_MESSAGE_LENGTH; - crv = PK11_GETTAB(slot)->C_Decrypt(unwrappedPrivKey->pkcs11Slot->session, - ciphertext, - bytes_encrypted, plaintext, - &bytes_decrypted); - SECKEY_DestroyPrivateKey(unwrappedPrivKey); - PK11_ExitSlotMonitor(slot); - PORT_Free(ciphertext); - if (crv != CKR_OK) { - PK11_FreeSlot(slot); - printf ("Decrypting the ciphertext with recovered key failed.\n"); - return 514; - } - if ((bytes_decrypted != KNOWN_MESSAGE_LENGTH) || - (PORT_Memcmp(plaintext, known_message, KNOWN_MESSAGE_LENGTH) != 0)) { - PK11_FreeSlot(slot); - printf ("The recovered plaintext does not equal the known message:\n" - "\tKnown message: %s\n" - "\tRecovered plaintext: %s\n", known_message, plaintext); - return 515; - } - return 0; -} - -int -DoChallengeResponse(char *configdir, SECKEYPrivateKey *privKey, - SECKEYPublicKey *pubKey) -{ - CMMFPOPODecKeyChallContent *chalContent = NULL; - CMMFPOPODecKeyRespContent *respContent = NULL; - CERTCertificate *myCert = NULL; - CERTGeneralName *myGenName = NULL; - PRArenaPool *poolp = NULL; - SECItem DecKeyChallBits; - long *randomNums; - int numChallengesFound=0; - int numChallengesSet = 1,i; - long retrieved; - char filePath[PATH_LEN]; - RNGContext *rng; - SECStatus rv; - PRFileDesc *fileDesc; - SECItem *publicValue, *keyID; - SECKEYPrivateKey *foundPrivKey; - - chalContent = CMMF_CreatePOPODecKeyChallContent(); - myCert = CERT_FindCertByNickname(db, personalCert); - if (myCert == NULL) { - printf ("Could not find the certificate for %s\n", personalCert); - return 900; - } - poolp = PORT_NewArena(1024); - if (poolp == NULL) { - printf("Could no allocate a new arena in DoChallengeResponse\n"); - return 901; - } - myGenName = CERT_GetCertificateNames(myCert, poolp); - if (myGenName == NULL) { - printf ("Could not get the general names for %s certificate\n", - personalCert); - return 902; - } - randomNums = PORT_ArenaNewArray(poolp,long, numChallengesSet); - rng = RNG_CreateContext(); - RNG_GenerateRandomBytes(rng, randomNums, numChallengesSet*sizeof(long)); - for (i=0; i<numChallengesSet; i++) { - rv = CMMF_POPODecKeyChallContentSetNextChallenge(chalContent, - randomNums[i], - myGenName, - pubKey, - NULL); - } - RNG_DestroyContext(rng, PR_TRUE); - if (rv != SECSuccess) { - printf ("Could not set the challenge in DoChallengeResponse\n"); - return 903; - } - PR_snprintf(filePath, PATH_LEN, "%s/POPODecKeyChallContent.der", - configdir); - fileDesc = PR_Open(filePath, PR_WRONLY | PR_CREATE_FILE | PR_TRUNCATE, - 0666); - if (fileDesc == NULL) { - printf ("Could not open file %s\n", filePath); - return 904; - } - rv = CMMF_EncodePOPODecKeyChallContent(chalContent,WriteItOut, - (void*)fileDesc); - PR_Close(fileDesc); - CMMF_DestroyPOPODecKeyChallContent(chalContent); - if (rv != SECSuccess) { - printf ("Could not encode the POPODecKeyChallContent.\n"); - return 905; - } - GetBitsFromFile(filePath, &DecKeyChallBits); - chalContent = - CMMF_CreatePOPODecKeyChallContentFromDER - ((const char*)DecKeyChallBits.data, DecKeyChallBits.len); - PORT_Free(DecKeyChallBits.data); - if (chalContent == NULL) { - printf ("Could not create the POPODecKeyChallContent from DER\n"); - return 906; - } - numChallengesFound = - CMMF_POPODecKeyChallContentGetNumChallenges(chalContent); - if (numChallengesFound != numChallengesSet) { - printf ("Number of Challenges Found (%d) does not equal the number " - "set (%d)\n", numChallengesFound, numChallengesSet); - return 907; - } - for (i=0; i<numChallengesSet; i++) { - publicValue = CMMF_POPODecKeyChallContentGetPublicValue(chalContent, i); - if (publicValue == NULL) { - printf("Could not get the public value for challenge at index %d\n", - i); - return 908; - } - keyID = PK11_MakeIDFromPubKey(publicValue); - if (keyID == NULL) { - printf ("Could not make the keyID from the public value\n"); - return 909; - } - foundPrivKey = PK11_FindKeyByKeyID(privKey->pkcs11Slot,keyID, NULL); - if (foundPrivKey == NULL) { - printf ("Could not find the private key corresponding to the public" - " value.\n"); - return 910; - } - rv = CMMF_POPODecKeyChallContDecryptChallenge(chalContent, i, - foundPrivKey); - if (rv != SECSuccess) { - printf ("Could not decrypt the challenge at index %d\n", i); - return 911; - } - rv = CMMF_POPODecKeyChallContentGetRandomNumber(chalContent, i, - &retrieved); - if (rv != SECSuccess) { - printf ("Could not get the random number from the challenge at " - "index %d\n", i); - return 912; - } - if (retrieved != randomNums[i]) { - printf ("Retrieved the number (%d), expected (%d)\n", retrieved, - randomNums[i]); - return 913; - } - } - CMMF_DestroyPOPODecKeyChallContent(chalContent); - PR_snprintf(filePath, PATH_LEN, "%s/POPODecKeyRespContent.der", - configdir); - fileDesc = PR_Open(filePath, PR_WRONLY | PR_CREATE_FILE | PR_TRUNCATE, - 0666); - if (fileDesc == NULL) { - printf ("Could not open file %s\n", filePath); - return 914; - } - rv = CMMF_EncodePOPODecKeyRespContent(randomNums, numChallengesSet, - WriteItOut, fileDesc); - PR_Close(fileDesc); - if (rv != 0) { - printf ("Could not encode the POPODecKeyRespContent\n"); - return 915; - } - GetBitsFromFile(filePath, &DecKeyChallBits); - respContent = - CMMF_CreatePOPODecKeyRespContentFromDER((const char*)DecKeyChallBits.data, - DecKeyChallBits.len); - if (respContent == NULL) { - printf ("Could not decode the contents of the file %s\n", filePath); - return 916; - } - numChallengesFound = - CMMF_POPODecKeyRespContentGetNumResponses(respContent); - if (numChallengesFound != numChallengesSet) { - printf ("Number of responses found (%d) does not match the number " - "of challenges set (%d)\n", - numChallengesFound, numChallengesSet); - return 917; - } - for (i=0; i<numChallengesSet; i++) { - rv = CMMF_POPODecKeyRespContentGetResponse(respContent, i, &retrieved); - if (rv != SECSuccess) { - printf ("Could not retrieve the response at index %d\n", i); - return 918; - } - if (retrieved != randomNums[i]) { - printf ("Retrieved the number (%ld), expected (%ld)\n", retrieved, - randomNums[i]); - return 919; - } - - } - CMMF_DestroyPOPODecKeyRespContent(respContent); - return 0; -} - -char * -certdb_name_cb(void *arg, int dbVersion) -{ - char *configdir = (char *)arg; - char *dbver; - - switch (dbVersion) { - case 7: - dbver = "7"; - break; - case 6: - dbver = "6"; - break; - case 5: - dbver = "5"; - break; - case 4: - default: - dbver = ""; - break; - } - return PR_smprintf("%s/cert%s.db", configdir, dbver); -} - -SECStatus -OpenCertDB(char *configdir) -{ - CERTCertDBHandle *certdb; - SECStatus status = SECFailure; - - certdb = PORT_ZNew(CERTCertDBHandle); - if (certdb == NULL) { - goto loser; - } - status = CERT_OpenCertDB(certdb, PR_TRUE, certdb_name_cb, configdir); - if (status == SECSuccess) { - CERT_SetDefaultCertDB(certdb); - db = certdb; - } else { - PORT_Free(certdb); - } - loser: - return status; -} - -char * -keydb_name_cb(void *arg, int dbVersion) -{ - char *configdir = (char*) arg; - char *dbver; - - switch(dbVersion){ - case 3: - dbver = "3"; - break; - case 2: - default: - dbver = ""; - break; - } - return PR_smprintf("%s/key%s.db", configdir, dbver); -} - -SECStatus -OpenKeyDB(char *configdir) -{ - SECKEYKeyDBHandle *keydb; - - keydb = SECKEY_OpenKeyDB(PR_FALSE, keydb_name_cb, configdir); - if (keydb == NULL) { - return SECFailure; - } - SECKEY_SetDefaultKeyDB(keydb); - return SECSuccess; -} - -SECStatus -OpenSecModDB(char *configdir) -{ - char *secmodname = PR_smprintf("%d/secmod.db", configdir); - if (secmodname == NULL) { - return SECFailure; - } - SECMOD_init(secmodname); - return SECSuccess; -} - -void -CloseHCL(void) -{ - CERTCertDBHandle *certHandle; - SECKEYKeyDBHandle *keyHandle; - - certHandle = CERT_GetDefaultCertDB(); - if (certHandle) { - CERT_ClosePermCertDB(certHandle); - } - keyHandle = SECKEY_GetDefaultKeyDB(); - if (keyHandle) { - SECKEY_CloseKeyDB(keyHandle); - } -} - -SECStatus -InitHCL(char *configdir) -{ - SECStatus status; - SECStatus rv = SECFailure; - - RNG_RNGInit(); - RNG_SystemInfoForRNG(); - - status = OpenCertDB(configdir); - if (status != SECSuccess) { - goto loser; - } - - status = OpenKeyDB(configdir); - if (status != SECSuccess) { - goto loser; - } - - status = OpenSecModDB(configdir); - if (status != SECSuccess) { - goto loser; - } - - rv = SECSuccess; - - loser: - if (rv != SECSuccess) { - CloseHCL(); - } - return rv; -} -void -Usage (void) -{ - printf ("Usage:\n" - "\tcrmftest -d [Database Directory] -p [Personal Cert]\n" - "\t -e [Encrypter] -s [CA Certificate]\n\n" - "Database Directory\n" - "\tThis is the directory where the key3.db, cert7.db, and\n" - "\tsecmod.db files are located. This is also the directory\n" - "\twhere the program will place CRMF/CMMF der files\n" - "Personal Cert\n" - "\tThis is the certificate that already exists in the cert\n" - "\tdatabase to use while encoding the response. The private\n" - "\tkey associated with the certificate must also exist in the\n" - "\tkey database.\n" - "Encrypter\n" - "\tThis is the certificate to use when encrypting the the \n" - "\tkey recovery response. The private key for this cert\n" - "\tmust also be present in the key database.\n" - "CA Certificate\n" - "\tThis is the nickname of the certificate to use as the\n" - "\tCA when doing all of the encoding.\n"); -} - -int -main(int argc, char **argv) -{ - CRMFCertRequest *certReq, *certReq2; - CRMFCertReqMsg *certReqMsg; - CRMFCertReqMsg *secondMsg; - char *configdir; - int irv; - SECStatus rv; - SECKEYPrivateKey *privKey; - SECKEYPublicKey *pubKey; - int o; - PRBool hclInit = PR_FALSE, pArg = PR_FALSE, eArg = PR_FALSE, - sArg = PR_FALSE; - - printf ("\ncrmftest v1.0\n"); - while (-1 != (o = getopt(argc, argv, "d:p:e:s:"))) { - switch(o) { - case 'd': - configdir = PORT_Strdup(optarg); - rv = InitHCL(configdir); - if (rv != SECSuccess) { - printf ("InitHCL failed\n"); - return 101; - } - hclInit = PR_TRUE; - break; - case 'p': - personalCert = PORT_Strdup(optarg); - if (personalCert == NULL) { - return 603; - } - pArg = PR_TRUE; - break; - case 'e': - recoveryEncrypter = PORT_Strdup(optarg); - if (recoveryEncrypter == NULL) { - return 602; - } - eArg = PR_TRUE; - break; - case 's': - caCertName = PORT_Strdup(optarg); - if (caCertName == NULL) { - return 604; - } - sArg = PR_TRUE; - break; - default: - Usage(); - return 601; - } - } - if (!hclInit || !pArg || !eArg || !sArg) { - Usage(); - return 600; - } - - InitPKCS11(); - - irv = CreateCertRequest(&certReq, &privKey, &pubKey); - if (irv != 0 || certReq == NULL) { - goto loser; - } - - certReqMsg = CRMF_CreateCertReqMsg(); - secondMsg = CRMF_CreateCertReqMsg(); - CRMF_CertReqMsgSetCertRequest(certReqMsg, certReq); - CRMF_CertReqMsgSetCertRequest(secondMsg, certReq); - - irv = AddProofOfPossession(certReqMsg, privKey, pubKey, crmfSignature); - irv = AddProofOfPossession(secondMsg, privKey, pubKey, crmfKeyAgreement); - irv = Encode (certReqMsg, secondMsg, configdir); - if (irv != 0) { - goto loser; - } - - rv = CRMF_DestroyCertRequest (certReq); - if (rv != SECSuccess) { - printf ("Error when destroy certificate request.\n"); - irv = 100; - goto loser; - } - - rv = CRMF_DestroyCertReqMsg(certReqMsg); - CRMF_DestroyCertReqMsg(secondMsg); - - irv = Decode (configdir); - if (irv != 0) { - printf("Error while decoding\n"); - goto loser; - } - - if ((irv = DoCMMFStuff(configdir)) != 0) { - printf ("CMMF tests failed.\n"); - goto loser; - } - - if ((irv = DoKeyRecovery(configdir, privKey)) != 0) { - printf ("Error doing key recovery\n"); - goto loser; - } - - if ((irv = DoChallengeResponse(configdir, privKey, pubKey)) != 0) { - printf ("Error doing challenge-response\n"); - goto loser; - } - printf ("Exiting successfully!!!\n\n"); - irv = 0; - - loser: - CloseHCL(); - PORT_Free(configdir); - return irv; -} diff --git a/security/nss/cmd/dbck/Makefile b/security/nss/cmd/dbck/Makefile deleted file mode 100644 index 7ca8f0630..000000000 --- a/security/nss/cmd/dbck/Makefile +++ /dev/null @@ -1,75 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - -include ../platlibs.mk - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - - -include ../platrules.mk - diff --git a/security/nss/cmd/dbck/dbck.c b/security/nss/cmd/dbck/dbck.c deleted file mode 100644 index a5fa1e6fd..000000000 --- a/security/nss/cmd/dbck/dbck.c +++ /dev/null @@ -1,1876 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -/* -** dbck.c -** -** utility for fixing corrupt cert databases -** -*/ -#include <stdio.h> -#include <string.h> - -#include "secutil.h" -#include "cdbhdl.h" -#include "certdb.h" -#include "cert.h" -#include "nspr.h" -#include "prtypes.h" -#include "prtime.h" -#include "prlong.h" - -static char *progName; - -/* placeholders for pointer error types */ -static void *WrongEntry; -static void *NoNickname; -static void *NoSMime; - -enum { - GOBOTH = 0, - GORIGHT, - GOLEFT -}; - -typedef struct -{ - PRBool verbose; - PRBool dograph; - PRFileDesc *out; - PRFileDesc *graphfile; - int dbErrors[10]; -} dbDebugInfo; - -/* - * A list node for a cert db entry. The index is a unique identifier - * to use for creating generic maps of a db. This struct handles - * the cert, nickname, and smime db entry types, as all three have a - * single handle to a subject entry. - * This structure is pointed to by certDBEntryListNode->appData. - */ -typedef struct -{ - PRArenaPool *arena; - int index; - certDBEntryListNode *pSubject; -} certDBEntryMap; - -/* - * Subject entry is special case, it has bidirectional handles. One - * subject entry can point to several certs (using the same DN), and - * a nickname and/or smime entry. - * This structure is pointed to by certDBEntryListNode->appData. - */ -typedef struct -{ - PRArenaPool *arena; - int index; - int numCerts; - certDBEntryListNode **pCerts; - certDBEntryListNode *pNickname; - certDBEntryListNode *pSMime; -} certDBSubjectEntryMap; - -/* - * A map of a certdb. - */ -typedef struct -{ - int numCerts; - int numSubjects; - int numNicknames; - int numSMime; - certDBEntryListNode certs; /* pointer to head of cert list */ - certDBEntryListNode subjects; /* pointer to head of subject list */ - certDBEntryListNode nicknames; /* pointer to head of nickname list */ - certDBEntryListNode smime; /* pointer to head of smime list */ -} certDBArray; - -/* Cast list to the base element, a certDBEntryListNode. */ -#define LISTNODE_CAST(node) \ - ((certDBEntryListNode *)(node)) - -static void -Usage(char *progName) -{ -#define FPS fprintf(stderr, - FPS "Type %s -H for more detailed descriptions\n", progName); - FPS "Usage: %s -D [-d certdir] [-i dbname] [-m] [-v [-f dumpfile]]\n", - progName); - FPS " %s -R -o newdbname [-d certdir] [-i dbname] [-aprsx] [-v [-f dumpfile]]\n", - progName); - exit(-1); -} - -static void -LongUsage(char *progName) -{ - FPS "%-15s Display this help message.\n", - "-H"); - FPS "%-15s Dump analysis. No changes will be made to the database.\n", - "-D"); - FPS "%-15s Cert database directory (default is ~/.netscape)\n", - " -d certdir"); - FPS "%-15s Input cert database name (default is cert7.db)\n", - " -i dbname"); - FPS "%-15s Mail a graph of the database to certdb@netscape.com.\n", - " -m"); - FPS "%-15s This will produce an index graph of your cert db and send\n", - ""); - FPS "%-15s it to Netscape for analysis. Personal info will be removed.\n", - ""); - FPS "%-15s Verbose mode. Dumps the entire contents of your cert7.db.\n", - " -v"); - FPS "%-15s File to dump verbose output into.\n", - " -f dumpfile"); - FPS "%-15s Repair the database. The program will look for broken\n", - "-R"); - FPS "%-15s dependencies between subject entries and certificates,\n", - ""); - FPS "%-15s between nickname entries and subjects, and between SMIME\n", - ""); - FPS "%-15s profiles and subjects. Any duplicate entries will be\n", - ""); - FPS "%-15s removed, any missing entries will be created.\n", - ""); - FPS "%-15s File to store new database in (default is new_cert7.db)\n", - " -o newdbname"); - FPS "%-15s Cert database directory (default is ~/.netscape)\n", - " -d certdir"); - FPS "%-15s Input cert database name (default is cert7.db)\n", - " -i dbname"); - FPS "%-15s Prompt before removing any certificates.\n", - " -p"); - FPS "%-15s Keep all possible certificates. Only remove certificates\n", - " -a"); - FPS "%-15s which prevent creation of a consistent database. Thus any\n", - ""); - FPS "%-15s expired or redundant entries will be kept.\n", - ""); - FPS "%-15s Keep redundant nickname/email entries. It is possible\n", - " -r"); - FPS "%-15s only one such entry will be usable.\n", - ""); - FPS "%-15s Don't require an S/MIME profile in order to keep an S/MIME\n", - " -s"); - FPS "%-15s cert. An empty profile will be created.\n", - ""); - FPS "%-15s Keep expired certificates.\n", - " -x"); - FPS "%-15s Verbose mode - report all activity while recovering db.\n", - " -v"); - FPS "%-15s File to dump verbose output into.\n", - " -f dumpfile"); - FPS "\n"); - exit(-1); -#undef FPS -} - -/******************************************************************* - * - * Functions for dbck. - * - ******************************************************************/ - -void -printHexString(PRFileDesc *out, SECItem *hexval) -{ - int i; - for (i = 0; i < hexval->len; i++) { - if (i != hexval->len - 1) { - PR_fprintf(out, "%02x:", hexval->data[i]); - } else { - PR_fprintf(out, "%02x", hexval->data[i]); - } - } - PR_fprintf(out, "\n"); -} - -typedef enum { -/* 0*/ NoSubjectForCert = 0, -/* 1*/ SubjectHasNoKeyForCert, -/* 2*/ NoNicknameOrSMimeForSubject, -/* 3*/ WrongNicknameForSubject, -/* 4*/ NoNicknameEntry, -/* 5*/ WrongSMimeForSubject, -/* 6*/ NoSMimeEntry, -/* 7*/ NoSubjectForNickname, -/* 8*/ NoSubjectForSMime, -/* 9*/ NicknameAndSMimeEntry -} dbErrorType; - -static char *dbErrorString[] = { -/* 0*/ "<CERT ENTRY>\nDid not find a subject entry for this certificate.", -/* 1*/ "<SUBJECT ENTRY>\nSubject has certKey which is not in db.", -/* 2*/ "<SUBJECT ENTRY>\nSubject does not have a nickname or email address.", -/* 3*/ "<SUBJECT ENTRY>\nUsing this subject's nickname, found a nickname entry for a different subject.", -/* 4*/ "<SUBJECT ENTRY>\nDid not find a nickname entry for this subject.", -/* 5*/ "<SUBJECT ENTRY>\nUsing this subject's email, found an S/MIME entry for a different subject.", -/* 6*/ "<SUBJECT ENTRY>\nDid not find an S/MIME entry for this subject.", -/* 7*/ "<NICKNAME ENTRY>\nDid not find a subject entry for this nickname.", -/* 8*/ "<S/MIME ENTRY>\nDid not find a subject entry for this S/MIME profile.", -}; - -SECStatus -dumpCertificate(CERTCertificate *cert, int num, PRFileDesc *outfile) -{ - int userCert = 0; - CERTCertTrust *trust = cert->trust; - userCert = (SEC_GET_TRUST_FLAGS(trust, trustSSL) & CERTDB_USER) || - (SEC_GET_TRUST_FLAGS(trust, trustEmail) & CERTDB_USER) || - (SEC_GET_TRUST_FLAGS(trust, trustObjectSigning) & CERTDB_USER); - if (num >= 0) { - PR_fprintf(outfile, "Certificate: %3d\n", num); - } else { - PR_fprintf(outfile, "Certificate:\n"); - } - PR_fprintf(outfile, "----------------\n"); - if (userCert) - PR_fprintf(outfile, "(User Cert)\n"); - PR_fprintf(outfile, "## SUBJECT: %s\n", cert->subjectName); - PR_fprintf(outfile, "## ISSUER: %s\n", cert->issuerName); - PR_fprintf(outfile, "## SERIAL NUMBER: "); - printHexString(outfile, &cert->serialNumber); - { /* XXX should be separate function. */ - int64 timeBefore, timeAfter; - PRExplodedTime beforePrintable, afterPrintable; - char *beforestr, *afterstr; - CERT_DecodeTimeChoice(&timeBefore, &cert->validity.notBefore); - CERT_DecodeTimeChoice(&timeAfter, &cert->validity.notAfter); - PR_ExplodeTime(timeBefore, PR_GMTParameters, &beforePrintable); - PR_ExplodeTime(timeAfter, PR_GMTParameters, &afterPrintable); - beforestr = PORT_Alloc(100); - afterstr = PORT_Alloc(100); - PR_FormatTime(beforestr, 100, "%a %b %d %H:%M:%S %Y", &beforePrintable); - PR_FormatTime(afterstr, 100, "%a %b %d %H:%M:%S %Y", &afterPrintable); - PR_fprintf(outfile, "## VALIDITY: %s to %s\n", beforestr, afterstr); - } - PR_fprintf(outfile, "\n"); - return SECSuccess; -} - -SECStatus -dumpCertEntry(certDBEntryCert *entry, int num, PRFileDesc *outfile) -{ - CERTCertificate *cert; - cert = CERT_DecodeDERCertificate(&entry->derCert, PR_FALSE, NULL); - if (!cert) { - fprintf(stderr, "Failed to decode certificate.\n"); - return SECFailure; - } - cert->trust = &entry->trust; - dumpCertificate(cert, num, outfile); - CERT_DestroyCertificate(cert); - return SECSuccess; -} - -SECStatus -dumpSubjectEntry(certDBEntrySubject *entry, int num, PRFileDesc *outfile) -{ - char *subjectName; - subjectName = CERT_DerNameToAscii(&entry->derSubject); - PR_fprintf(outfile, "Subject: %3d\n", num); - PR_fprintf(outfile, "------------\n"); - PR_fprintf(outfile, "## %s\n", subjectName); - if (entry->nickname) - PR_fprintf(outfile, "## Subject nickname: %s\n", entry->nickname); - if (entry->emailAddr && entry->emailAddr[0]) - PR_fprintf(outfile, "## Subject email address: %s\n", - entry->emailAddr); - PR_fprintf(outfile, "## This subject has %d cert(s).\n", entry->ncerts); - PR_fprintf(outfile, "\n"); - PORT_Free(subjectName); - return SECSuccess; -} - -SECStatus -dumpNicknameEntry(certDBEntryNickname *entry, int num, PRFileDesc *outfile) -{ - PR_fprintf(outfile, "Nickname: %3d\n", num); - PR_fprintf(outfile, "-------------\n"); - PR_fprintf(outfile, "## \"%s\"\n\n", entry->nickname); - return SECSuccess; -} - -SECStatus -dumpSMimeEntry(certDBEntrySMime *entry, int num, PRFileDesc *outfile) -{ - PR_fprintf(outfile, "S/MIME Profile: %3d\n", num); - PR_fprintf(outfile, "-------------------\n"); - PR_fprintf(outfile, "## \"%s\"\n", entry->emailAddr); - PR_fprintf(outfile, "## OPTIONS: "); - printHexString(outfile, &entry->smimeOptions); - PR_fprintf(outfile, "## TIMESTAMP: "); - printHexString(outfile, &entry->optionsDate); - PR_fprintf(outfile, "\n"); - return SECSuccess; -} - -SECStatus -mapCertEntries(certDBArray *dbArray) -{ - certDBEntryCert *certEntry; - certDBEntrySubject *subjectEntry; - certDBEntryListNode *certNode, *subjNode; - certDBSubjectEntryMap *smap; - certDBEntryMap *map; - PRArenaPool *tmparena; - SECItem derSubject; - SECItem certKey; - PRCList *cElem, *sElem; - int i; - - /* Arena for decoded entries */ - tmparena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if (tmparena == NULL) { - PORT_SetError(SEC_ERROR_NO_MEMORY); - return SECFailure; - } - - /* Iterate over cert entries and map them to subject entries. - * NOTE: mapSubjectEntries must be called first to alloc memory - * for array of subject->cert map. - */ - for (cElem = PR_LIST_HEAD(&dbArray->certs.link); - cElem != &dbArray->certs.link; cElem = PR_NEXT_LINK(cElem)) { - certNode = LISTNODE_CAST(cElem); - certEntry = (certDBEntryCert *)&certNode->entry; - map = (certDBEntryMap *)certNode->appData; - CERT_NameFromDERCert(&certEntry->derCert, &derSubject); - CERT_KeyFromDERCert(tmparena, &certEntry->derCert, &certKey); - /* Loop over found subjects for cert's DN. */ - for (sElem = PR_LIST_HEAD(&dbArray->subjects.link); - sElem != &dbArray->subjects.link; sElem = PR_NEXT_LINK(sElem)) { - subjNode = LISTNODE_CAST(sElem); - subjectEntry = (certDBEntrySubject *)&subjNode->entry; - if (SECITEM_ItemsAreEqual(&derSubject, &subjectEntry->derSubject)) { - /* Found matching subject name, create link. */ - map->pSubject = subjNode; - /* Make sure subject entry has cert's key. */ - for (i=0; i<subjectEntry->ncerts; i++) { - if (SECITEM_ItemsAreEqual(&certKey, - &subjectEntry->certKeys[i])) { - /* Found matching cert key. */ - smap = (certDBSubjectEntryMap *)subjNode->appData; - smap->pCerts[i] = certNode; - break; - } - } - } - } - } - PORT_FreeArena(tmparena, PR_FALSE); - return SECSuccess; -} - -SECStatus -mapSubjectEntries(certDBArray *dbArray) -{ - certDBEntrySubject *subjectEntry; - certDBEntryNickname *nicknameEntry; - certDBEntrySMime *smimeEntry; - certDBEntryListNode *subjNode, *nickNode, *smimeNode; - certDBSubjectEntryMap *subjMap; - certDBEntryMap *nickMap, *smimeMap; - PRCList *sElem, *nElem, *mElem; - - for (sElem = PR_LIST_HEAD(&dbArray->subjects.link); - sElem != &dbArray->subjects.link; sElem = PR_NEXT_LINK(sElem)) { - /* Iterate over subject entries and map subjects to nickname - * and smime entries. The cert<->subject map will be handled - * by a subsequent call to mapCertEntries. - */ - subjNode = LISTNODE_CAST(sElem); - subjectEntry = (certDBEntrySubject *)&subjNode->entry; - subjMap = (certDBSubjectEntryMap *)subjNode->appData; - /* need to alloc memory here for array of matching certs. */ - subjMap->pCerts = PORT_ArenaAlloc(subjMap->arena, - subjectEntry->ncerts*sizeof(int)); - subjMap->numCerts = subjectEntry->ncerts; - if (subjectEntry->nickname) { - /* Subject should have a nickname entry, so create a link. */ - for (nElem = PR_LIST_HEAD(&dbArray->nicknames.link); - nElem != &dbArray->nicknames.link; - nElem = PR_NEXT_LINK(nElem)) { - /* Look for subject's nickname in nickname entries. */ - nickNode = LISTNODE_CAST(nElem); - nicknameEntry = (certDBEntryNickname *)&nickNode->entry; - nickMap = (certDBEntryMap *)nickNode->appData; - if (PL_strcmp(subjectEntry->nickname, - nicknameEntry->nickname) == 0) { - /* Found a nickname entry for subject's nickname. */ - if (SECITEM_ItemsAreEqual(&subjectEntry->derSubject, - &nicknameEntry->subjectName)) { - /* Nickname and subject match. */ - subjMap->pNickname = nickNode; - nickMap->pSubject = subjNode; - } else { - /* Nickname entry found is for diff. subject. */ - subjMap->pNickname = WrongEntry; - } - } - } - } else { - subjMap->pNickname = NoNickname; - } - if (subjectEntry->emailAddr && subjectEntry->emailAddr[0]) { - /* Subject should have an smime entry, so create a link. */ - for (mElem = PR_LIST_HEAD(&dbArray->smime.link); - mElem != &dbArray->smime.link; mElem = PR_NEXT_LINK(mElem)) { - /* Look for subject's email in S/MIME entries. */ - smimeNode = LISTNODE_CAST(mElem); - smimeEntry = (certDBEntrySMime *)&smimeNode->entry; - smimeMap = (certDBEntryMap *)smimeNode->appData; - if (PL_strcmp(subjectEntry->emailAddr, - smimeEntry->emailAddr) == 0) { - /* Found a S/MIME entry for subject's email. */ - if (SECITEM_ItemsAreEqual(&subjectEntry->derSubject, - &smimeEntry->subjectName)) { - /* S/MIME entry and subject match. */ - subjMap->pSMime = smimeNode; - smimeMap->pSubject = subjNode; - } else { - /* S/MIME entry found is for diff. subject. */ - subjMap->pSMime = WrongEntry; - } - } - } - } else { - subjMap->pSMime = NoSMime; - } - } - return SECSuccess; -} - -void -printnode(dbDebugInfo *info, const char *str, int num) -{ - if (!info->dograph) - return; - if (num < 0) { - PR_fprintf(info->graphfile, str); - } else { - PR_fprintf(info->graphfile, str, num); - } -} - -PRBool -map_handle_is_ok(dbDebugInfo *info, void *mapPtr, int indent) -{ - if (mapPtr == NULL) { - if (indent > 0) - printnode(info, " ", -1); - if (indent >= 0) - printnode(info, "******************* ", -1); - return PR_FALSE; - } else if (mapPtr == WrongEntry) { - if (indent > 0) - printnode(info, " ", -1); - if (indent >= 0) - printnode(info, "??????????????????? ", -1); - return PR_FALSE; - } else { - return PR_TRUE; - } -} - -/* these call each other */ -void print_smime_graph(dbDebugInfo *info, certDBEntryMap *smimeMap, - int direction); -void print_nickname_graph(dbDebugInfo *info, certDBEntryMap *nickMap, - int direction); -void print_subject_graph(dbDebugInfo *info, certDBSubjectEntryMap *subjMap, - int direction, int optindex, int opttype); -void print_cert_graph(dbDebugInfo *info, certDBEntryMap *certMap, - int direction); - -/* Given an smime entry, print its unique identifier. If GOLEFT is - * specified, print the cert<-subject<-smime map, else just print - * the smime entry. - */ -void -print_smime_graph(dbDebugInfo *info, certDBEntryMap *smimeMap, int direction) -{ - certDBSubjectEntryMap *subjMap; - certDBEntryListNode *subjNode; - if (direction == GOLEFT) { - /* Need to output subject and cert first, see print_subject_graph */ - subjNode = smimeMap->pSubject; - if (map_handle_is_ok(info, (void *)subjNode, 1)) { - subjMap = (certDBSubjectEntryMap *)subjNode->appData; - print_subject_graph(info, subjMap, GOLEFT, - smimeMap->index, certDBEntryTypeSMimeProfile); - } else { - printnode(info, "<---- S/MIME %5d ", smimeMap->index); - } - } else { - printnode(info, "S/MIME %5d ", smimeMap->index); - } -} - -/* Given a nickname entry, print its unique identifier. If GOLEFT is - * specified, print the cert<-subject<-nickname map, else just print - * the nickname entry. - */ -void -print_nickname_graph(dbDebugInfo *info, certDBEntryMap *nickMap, int direction) -{ - certDBSubjectEntryMap *subjMap; - certDBEntryListNode *subjNode; - if (direction == GOLEFT) { - /* Need to output subject and cert first, see print_subject_graph */ - subjNode = nickMap->pSubject; - if (map_handle_is_ok(info, (void *)subjNode, 1)) { - subjMap = (certDBSubjectEntryMap *)subjNode->appData; - print_subject_graph(info, subjMap, GOLEFT, - nickMap->index, certDBEntryTypeNickname); - } else { - printnode(info, "<---- Nickname %5d ", nickMap->index); - } - } else { - printnode(info, "Nickname %5d ", nickMap->index); - } -} - -/* Given a subject entry, if going right print the graph of the nickname|smime - * that it maps to (by its unique identifier); and if going left - * print the list of certs that it points to. - */ -void -print_subject_graph(dbDebugInfo *info, certDBSubjectEntryMap *subjMap, - int direction, int optindex, int opttype) -{ - certDBEntryMap *map; - certDBEntryListNode *node; - int i; - /* The first line of output always contains the cert id, subject id, - * and nickname|smime id. Subsequent lines may contain additional - * cert id's for the subject if going left or both directions. - * Ex. of printing the graph for a subject entry: - * Cert 3 <- Subject 5 -> Nickname 32 - * Cert 8 / - * Cert 9 / - * means subject 5 has 3 certs, 3, 8, and 9, and corresponds - * to nickname entry 32. - * To accomplish the above, it is required to dump the entire first - * line left-to-right, regardless of the input direction, and then - * finish up any remaining cert entries. Hence the code is uglier - * than one may expect. - */ - if (direction == GOLEFT || direction == GOBOTH) { - /* In this case, nothing should be output until the first cert is - * located and output (cert 3 in the above example). - */ - if (subjMap->numCerts == 0 || subjMap->pCerts == NULL) - /* XXX uh-oh */ - return; - /* get the first cert and dump it. */ - node = subjMap->pCerts[0]; - if (map_handle_is_ok(info, (void *)node, 0)) { - map = (certDBEntryMap *)node->appData; - /* going left here stops. */ - print_cert_graph(info, map, GOLEFT); - } - /* Now it is safe to output the subject id. */ - if (direction == GOLEFT) - printnode(info, "Subject %5d <---- ", subjMap->index); - else /* direction == GOBOTH */ - printnode(info, "Subject %5d ----> ", subjMap->index); - } - if (direction == GORIGHT || direction == GOBOTH) { - /* Okay, now output the nickname|smime for this subject. */ - if (direction != GOBOTH) /* handled above */ - printnode(info, "Subject %5d ----> ", subjMap->index); - if (subjMap->pNickname) { - node = subjMap->pNickname; - if (map_handle_is_ok(info, (void *)node, 0)) { - map = (certDBEntryMap *)node->appData; - /* going right here stops. */ - print_nickname_graph(info, map, GORIGHT); - } - } - if (subjMap->pSMime) { - node = subjMap->pSMime; - if (map_handle_is_ok(info, (void *)node, 0)) { - map = (certDBEntryMap *)node->appData; - /* going right here stops. */ - print_smime_graph(info, map, GORIGHT); - } - } - if (!subjMap->pNickname && !subjMap->pSMime) { - printnode(info, "******************* ", -1); - } - } - if (direction != GORIGHT) { /* going right has only one cert */ - if (opttype == certDBEntryTypeNickname) - printnode(info, "Nickname %5d ", optindex); - else if (opttype == certDBEntryTypeSMimeProfile) - printnode(info, "S/MIME %5d ", optindex); - for (i=1 /* 1st one already done */; i<subjMap->numCerts; i++) { - printnode(info, "\n", -1); /* start a new line */ - node = subjMap->pCerts[i]; - if (map_handle_is_ok(info, (void *)node, 0)) { - map = (certDBEntryMap *)node->appData; - /* going left here stops. */ - print_cert_graph(info, map, GOLEFT); - printnode(info, "/", -1); - } - } - } -} - -/* Given a cert entry, print its unique identifer. If GORIGHT is specified, - * print the cert->subject->nickname|smime map, else just print - * the cert entry. - */ -void -print_cert_graph(dbDebugInfo *info, certDBEntryMap *certMap, int direction) -{ - certDBSubjectEntryMap *subjMap; - certDBEntryListNode *subjNode; - if (direction == GOLEFT) { - printnode(info, "Cert %5d <---- ", certMap->index); - /* only want cert entry, terminate here. */ - return; - } - /* Keep going right then. */ - printnode(info, "Cert %5d ----> ", certMap->index); - subjNode = certMap->pSubject; - if (map_handle_is_ok(info, (void *)subjNode, 0)) { - subjMap = (certDBSubjectEntryMap *)subjNode->appData; - print_subject_graph(info, subjMap, GORIGHT, -1, -1); - } -} - -SECStatus -computeDBGraph(certDBArray *dbArray, dbDebugInfo *info) -{ - PRCList *cElem, *sElem, *nElem, *mElem; - certDBEntryListNode *node; - certDBEntryMap *map; - certDBSubjectEntryMap *subjMap; - - /* Graph is of this form: - * - * certs: - * cert ---> subject ---> (nickname|smime) - * - * subjects: - * cert <--- subject ---> (nickname|smime) - * - * nicknames and smime: - * cert <--- subject <--- (nickname|smime) - */ - - /* Print cert graph. */ - for (cElem = PR_LIST_HEAD(&dbArray->certs.link); - cElem != &dbArray->certs.link; cElem = PR_NEXT_LINK(cElem)) { - /* Print graph of everything to right of cert entry. */ - node = LISTNODE_CAST(cElem); - map = (certDBEntryMap *)node->appData; - print_cert_graph(info, map, GORIGHT); - printnode(info, "\n", -1); - } - printnode(info, "\n", -1); - - /* Print subject graph. */ - for (sElem = PR_LIST_HEAD(&dbArray->subjects.link); - sElem != &dbArray->subjects.link; sElem = PR_NEXT_LINK(sElem)) { - /* Print graph of everything to both sides of subject entry. */ - node = LISTNODE_CAST(sElem); - subjMap = (certDBSubjectEntryMap *)node->appData; - print_subject_graph(info, subjMap, GOBOTH, -1, -1); - printnode(info, "\n", -1); - } - printnode(info, "\n", -1); - - /* Print nickname graph. */ - for (nElem = PR_LIST_HEAD(&dbArray->nicknames.link); - nElem != &dbArray->nicknames.link; nElem = PR_NEXT_LINK(nElem)) { - /* Print graph of everything to left of nickname entry. */ - node = LISTNODE_CAST(nElem); - map = (certDBEntryMap *)node->appData; - print_nickname_graph(info, map, GOLEFT); - printnode(info, "\n", -1); - } - printnode(info, "\n", -1); - - /* Print smime graph. */ - for (mElem = PR_LIST_HEAD(&dbArray->smime.link); - mElem != &dbArray->smime.link; mElem = PR_NEXT_LINK(mElem)) { - /* Print graph of everything to left of smime entry. */ - node = LISTNODE_CAST(mElem); - if (node == NULL) break; - map = (certDBEntryMap *)node->appData; - print_smime_graph(info, map, GOLEFT); - printnode(info, "\n", -1); - } - printnode(info, "\n", -1); - - return SECSuccess; -} - -/* - * List the entries in the db, showing handles between entry types. - */ -void -verboseOutput(certDBArray *dbArray, dbDebugInfo *info) -{ - int i, ref; - PRCList *elem; - certDBEntryListNode *node; - certDBEntryMap *map; - certDBSubjectEntryMap *smap; - certDBEntrySubject *subjectEntry; - - /* List certs */ - for (elem = PR_LIST_HEAD(&dbArray->certs.link); - elem != &dbArray->certs.link; elem = PR_NEXT_LINK(elem)) { - node = LISTNODE_CAST(elem); - map = (certDBEntryMap *)node->appData; - dumpCertEntry((certDBEntryCert*)&node->entry, map->index, info->out); - /* walk the cert handle to it's subject entry */ - if (map_handle_is_ok(info, map->pSubject, -1)) { - smap = (certDBSubjectEntryMap *)map->pSubject->appData; - ref = smap->index; - PR_fprintf(info->out, "-->(subject %d)\n\n\n", ref); - } else { - PR_fprintf(info->out, "-->(MISSING SUBJECT ENTRY)\n\n\n"); - } - } - /* List subjects */ - for (elem = PR_LIST_HEAD(&dbArray->subjects.link); - elem != &dbArray->subjects.link; elem = PR_NEXT_LINK(elem)) { - node = LISTNODE_CAST(elem); - subjectEntry = (certDBEntrySubject *)&node->entry; - smap = (certDBSubjectEntryMap *)node->appData; - dumpSubjectEntry(subjectEntry, smap->index, info->out); - /* iterate over subject's certs */ - for (i=0; i<smap->numCerts; i++) { - /* walk each subject handle to it's cert entries */ - if (map_handle_is_ok(info, smap->pCerts[i], -1)) { - ref = ((certDBEntryMap *)smap->pCerts[i]->appData)->index; - PR_fprintf(info->out, "-->(%d. certificate %d)\n", i, ref); - } else { - PR_fprintf(info->out, "-->(%d. MISSING CERT ENTRY)\n", i); - } - } - if (subjectEntry->nickname) { - /* walk each subject handle to it's nickname entry */ - if (map_handle_is_ok(info, smap->pNickname, -1)) { - ref = ((certDBEntryMap *)smap->pNickname->appData)->index; - PR_fprintf(info->out, "-->(nickname %d)\n", ref); - } else { - PR_fprintf(info->out, "-->(MISSING NICKNAME ENTRY)\n"); - } - } - if (subjectEntry->emailAddr && subjectEntry->emailAddr[0]) { - /* walk each subject handle to it's smime entry */ - if (map_handle_is_ok(info, smap->pSMime, -1)) { - ref = ((certDBEntryMap *)smap->pSMime->appData)->index; - PR_fprintf(info->out, "-->(s/mime %d)\n", ref); - } else { - PR_fprintf(info->out, "-->(MISSING S/MIME ENTRY)\n"); - } - } - PR_fprintf(info->out, "\n\n"); - } - for (elem = PR_LIST_HEAD(&dbArray->nicknames.link); - elem != &dbArray->nicknames.link; elem = PR_NEXT_LINK(elem)) { - node = LISTNODE_CAST(elem); - map = (certDBEntryMap *)node->appData; - dumpNicknameEntry((certDBEntryNickname*)&node->entry, map->index, - info->out); - if (map_handle_is_ok(info, map->pSubject, -1)) { - ref = ((certDBEntryMap *)map->pSubject->appData)->index; - PR_fprintf(info->out, "-->(subject %d)\n\n\n", ref); - } else { - PR_fprintf(info->out, "-->(MISSING SUBJECT ENTRY)\n\n\n"); - } - } - for (elem = PR_LIST_HEAD(&dbArray->smime.link); - elem != &dbArray->smime.link; elem = PR_NEXT_LINK(elem)) { - node = LISTNODE_CAST(elem); - map = (certDBEntryMap *)node->appData; - dumpSMimeEntry((certDBEntrySMime*)&node->entry, map->index, info->out); - if (map_handle_is_ok(info, map->pSubject, -1)) { - ref = ((certDBEntryMap *)map->pSubject->appData)->index; - PR_fprintf(info->out, "-->(subject %d)\n\n\n", ref); - } else { - PR_fprintf(info->out, "-->(MISSING SUBJECT ENTRY)\n\n\n"); - } - } - PR_fprintf(info->out, "\n\n"); -} - -char *errResult[] = { - "Certificate entries that had no subject entry.", - "Certificate entries that had no key in their subject entry.", - "Subject entries that had no nickname or email address.", - "Redundant nicknames (subjects with the same nickname).", - "Subject entries that had no nickname entry.", - "Redundant email addresses (subjects with the same email address).", - "Subject entries that had no S/MIME entry.", - "Nickname entries that had no subject entry.", - "S/MIME entries that had no subject entry.", -}; - -int -fillDBEntryArray(CERTCertDBHandle *handle, certDBEntryType type, - certDBEntryListNode *list) -{ - PRCList *elem; - certDBEntryListNode *node; - certDBEntryMap *mnode; - certDBSubjectEntryMap *smnode; - PRArenaPool *arena; - int count = 0; - /* Initialize a dummy entry in the list. The list head will be the - * next element, so this element is skipped by for loops. - */ - PR_INIT_CLIST((PRCList *)list); - /* Collect all of the cert db entries for this type into a list. */ - SEC_TraverseDBEntries(handle, type, SEC_GetCertDBEntryList, - (PRCList *)list); - for (elem = PR_LIST_HEAD(&list->link); - elem != &list->link; elem = PR_NEXT_LINK(elem)) { - /* Iterate over the entries and ... */ - node = (certDBEntryListNode *)elem; - if (type != certDBEntryTypeSubject) { - arena = PORT_NewArena(sizeof(*mnode)); - mnode = (certDBEntryMap *)PORT_ArenaZAlloc(arena, sizeof(*mnode)); - mnode->arena = arena; - /* ... assign a unique index number to each node, and ... */ - mnode->index = count; - /* ... set the map pointer for the node. */ - node->appData = (void *)mnode; - } else { - /* allocate some room for the cert pointers also */ - arena = PORT_NewArena(sizeof(*smnode) + 20*sizeof(void *)); - smnode = (certDBSubjectEntryMap *) - PORT_ArenaZAlloc(arena, sizeof(*smnode)); - smnode->arena = arena; - smnode->index = count; - node->appData = (void *)smnode; - } - count++; - } - return count; -} - -void -freeDBEntryList(PRCList *list) -{ - PRCList *next, *elem; - certDBEntryListNode *node; - certDBEntryMap *map; - - for (elem = PR_LIST_HEAD(list); elem != list;) { - next = PR_NEXT_LINK(elem); - node = (certDBEntryListNode *)elem; - map = (certDBEntryMap *)node->appData; - PR_REMOVE_LINK(&node->link); - PORT_FreeArena(map->arena, PR_TRUE); - PORT_FreeArena(node->entry.common.arena, PR_TRUE); - elem = next; - } -} - -void -DBCK_DebugDB(CERTCertDBHandle *handle, PRFileDesc *out, PRFileDesc *mailfile) -{ - int i, nCertsFound, nSubjFound, nErr; - int nCerts, nSubjects, nSubjCerts, nNicknames, nSMime; - PRCList *elem; - char c; - dbDebugInfo info; - certDBArray dbArray; - - PORT_Memset(&dbArray, 0, sizeof(dbArray)); - PORT_Memset(&info, 0, sizeof(info)); - info.verbose = (out == NULL) ? PR_FALSE : PR_TRUE ; - info.dograph = (mailfile == NULL) ? PR_FALSE : PR_TRUE ; - info.out = (out) ? out : PR_STDOUT; - info.graphfile = mailfile; - - /* Fill the array structure with cert/subject/nickname/smime entries. */ - dbArray.numCerts = fillDBEntryArray(handle, certDBEntryTypeCert, - &dbArray.certs); - dbArray.numSubjects = fillDBEntryArray(handle, certDBEntryTypeSubject, - &dbArray.subjects); - dbArray.numNicknames = fillDBEntryArray(handle, certDBEntryTypeNickname, - &dbArray.nicknames); - dbArray.numSMime = fillDBEntryArray(handle, certDBEntryTypeSMimeProfile, - &dbArray.smime); - - /* Compute the map between the database entries. */ - mapSubjectEntries(&dbArray); - mapCertEntries(&dbArray); - computeDBGraph(&dbArray, &info); - - /* Store the totals for later reference. */ - nCerts = dbArray.numCerts; - nSubjects = dbArray.numSubjects; - nNicknames = dbArray.numNicknames; - nSMime = dbArray.numSMime; - nSubjCerts = 0; - for (elem = PR_LIST_HEAD(&dbArray.subjects.link); - elem != &dbArray.subjects.link; elem = PR_NEXT_LINK(elem)) { - certDBSubjectEntryMap *smap; - smap = (certDBSubjectEntryMap *)LISTNODE_CAST(elem)->appData; - nSubjCerts += smap->numCerts; - } - - if (info.verbose) { - /* Dump the database contents. */ - verboseOutput(&dbArray, &info); - } - - freeDBEntryList(&dbArray.certs.link); - freeDBEntryList(&dbArray.subjects.link); - freeDBEntryList(&dbArray.nicknames.link); - freeDBEntryList(&dbArray.smime.link); - - PR_fprintf(info.out, "\n"); - PR_fprintf(info.out, "Database statistics:\n"); - PR_fprintf(info.out, "N0: Found %4d Certificate entries.\n", - nCerts); - PR_fprintf(info.out, "N1: Found %4d Subject entries (unique DN's).\n", - nSubjects); - PR_fprintf(info.out, "N2: Found %4d Cert keys within Subject entries.\n", - nSubjCerts); - PR_fprintf(info.out, "N3: Found %4d Nickname entries.\n", - nNicknames); - PR_fprintf(info.out, "N4: Found %4d S/MIME entries.\n", - nSMime); - PR_fprintf(info.out, "\n"); - - nErr = 0; - for (i=0; i<sizeof(errResult)/sizeof(char*); i++) { - PR_fprintf(info.out, "E%d: Found %4d %s\n", - i, info.dbErrors[i], errResult[i]); - nErr += info.dbErrors[i]; - } - PR_fprintf(info.out, "--------------\n Found %4d errors in database.\n", - nErr); - - PR_fprintf(info.out, "\nCertificates:\n"); - PR_fprintf(info.out, "N0 == N2 + E%d + E%d\n", NoSubjectForCert, - SubjectHasNoKeyForCert); - nCertsFound = nSubjCerts + - info.dbErrors[NoSubjectForCert] + - info.dbErrors[SubjectHasNoKeyForCert]; - c = (nCertsFound == nCerts) ? '=' : '!'; - PR_fprintf(info.out, "%d %c= %d + %d + %d\n", nCerts, c, nSubjCerts, - info.dbErrors[NoSubjectForCert], - info.dbErrors[SubjectHasNoKeyForCert]); - PR_fprintf(info.out, "\nSubjects:\n"); - PR_fprintf(info.out, "N1 == N3 + N4 + E%d + E%d + E%d + E%d + E%d - E%d - E%d\n", - NoNicknameOrSMimeForSubject, WrongNicknameForSubject, - NoNicknameEntry, WrongSMimeForSubject, NoSMimeEntry, - NoSubjectForNickname, NoSubjectForSMime); - PR_fprintf(info.out, " - #(subjects with both nickname and S/MIME entries)\n"); - nSubjFound = nNicknames + nSMime + - info.dbErrors[NoNicknameOrSMimeForSubject] + - info.dbErrors[WrongNicknameForSubject] + - info.dbErrors[NoNicknameEntry] + - info.dbErrors[WrongSMimeForSubject] + - info.dbErrors[NoSMimeEntry] - - info.dbErrors[NoSubjectForNickname] - - info.dbErrors[NoSubjectForSMime] - - info.dbErrors[NicknameAndSMimeEntry]; - c = (nSubjFound == nSubjects) ? '=' : '!'; - PR_fprintf(info.out, "%d %c= %d + %d + %d + %d + %d + %d + %d - %d - %d - %d\n", - nSubjects, c, nNicknames, nSMime, - info.dbErrors[NoNicknameOrSMimeForSubject], - info.dbErrors[WrongNicknameForSubject], - info.dbErrors[NoNicknameEntry], - info.dbErrors[WrongSMimeForSubject], - info.dbErrors[NoSMimeEntry], - info.dbErrors[NoSubjectForNickname], - info.dbErrors[NoSubjectForSMime], - info.dbErrors[NicknameAndSMimeEntry]); - PR_fprintf(info.out, "\n"); -} - -#ifdef DORECOVER -enum { - dbInvalidCert = 0, - dbNoSMimeProfile, - dbOlderCert, - dbBadCertificate, - dbCertNotWrittenToDB -}; - -typedef struct dbRestoreInfoStr -{ - CERTCertDBHandle *handle; - PRBool verbose; - PRFileDesc *out; - int nCerts; - int nOldCerts; - int dbErrors[5]; - PRBool removeType[3]; - PRBool promptUser[3]; -} dbRestoreInfo; - -char * -IsEmailCert(CERTCertificate *cert) -{ - char *email, *tmp1, *tmp2; - PRBool isCA; - int len; - - if (!cert->subjectName) { - return NULL; - } - - tmp1 = PORT_Strstr(cert->subjectName, "E="); - tmp2 = PORT_Strstr(cert->subjectName, "MAIL="); - /* XXX Nelson has cert for KTrilli which does not have either - * of above but is email cert (has cert->emailAddr). - */ - if (!tmp1 && !tmp2 && !(cert->emailAddr && cert->emailAddr[0])) { - return NULL; - } - - /* Server or CA cert, not personal email. */ - isCA = CERT_IsCACert(cert, NULL); - if (isCA) - return NULL; - - /* XXX CERT_IsCACert advertises checking the key usage ext., - but doesn't appear to. */ - /* Check the key usage extension. */ - if (cert->keyUsagePresent) { - /* Must at least be able to sign or encrypt (not neccesarily - * both if it is one of a dual cert). - */ - if (!((cert->rawKeyUsage & KU_DIGITAL_SIGNATURE) || - (cert->rawKeyUsage & KU_KEY_ENCIPHERMENT))) - return NULL; - - /* CA cert, not personal email. */ - if (cert->rawKeyUsage & (KU_KEY_CERT_SIGN | KU_CRL_SIGN)) - return NULL; - } - - if (cert->emailAddr && cert->emailAddr[0]) { - email = PORT_Strdup(cert->emailAddr); - } else { - if (tmp1) - tmp1 += 2; /* "E=" */ - else - tmp1 = tmp2 + 5; /* "MAIL=" */ - len = strcspn(tmp1, ", "); - email = (char*)PORT_Alloc(len+1); - PORT_Strncpy(email, tmp1, len); - email[len] = '\0'; - } - - return email; -} - -SECStatus -deleteit(CERTCertificate *cert, void *arg) -{ - return SEC_DeletePermCertificate(cert); -} - -/* Different than DeleteCertificate - has the added bonus of removing - * all certs with the same DN. - */ -SECStatus -deleteAllEntriesForCert(CERTCertDBHandle *handle, CERTCertificate *cert, - PRFileDesc *outfile) -{ -#if 0 - certDBEntrySubject *subjectEntry; - certDBEntryNickname *nicknameEntry; - certDBEntrySMime *smimeEntry; - int i; -#endif - - if (outfile) { - PR_fprintf(outfile, "$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$\n\n"); - PR_fprintf(outfile, "Deleting redundant certificate:\n"); - dumpCertificate(cert, -1, outfile); - } - - CERT_TraverseCertsForSubject(handle, cert->subjectList, deleteit, NULL); -#if 0 - CERT_LockDB(handle); - subjectEntry = ReadDBSubjectEntry(handle, &cert->derSubject); - /* It had better be there, or created a bad db. */ - PORT_Assert(subjectEntry); - for (i=0; i<subjectEntry->ncerts; i++) { - DeleteDBCertEntry(handle, &subjectEntry->certKeys[i]); - } - DeleteDBSubjectEntry(handle, &cert->derSubject); - if (subjectEntry->emailAddr && subjectEntry->emailAddr[0]) { - smimeEntry = ReadDBSMimeEntry(handle, subjectEntry->emailAddr); - if (smimeEntry) { - if (SECITEM_ItemsAreEqual(&subjectEntry->derSubject, - &smimeEntry->subjectName)) - /* Only delete it if it's for this subject! */ - DeleteDBSMimeEntry(handle, subjectEntry->emailAddr); - SEC_DestroyDBEntry((certDBEntry*)smimeEntry); - } - } - if (subjectEntry->nickname) { - nicknameEntry = ReadDBNicknameEntry(handle, subjectEntry->nickname); - if (nicknameEntry) { - if (SECITEM_ItemsAreEqual(&subjectEntry->derSubject, - &nicknameEntry->subjectName)) - /* Only delete it if it's for this subject! */ - DeleteDBNicknameEntry(handle, subjectEntry->nickname); - SEC_DestroyDBEntry((certDBEntry*)nicknameEntry); - } - } - SEC_DestroyDBEntry((certDBEntry*)subjectEntry); - CERT_UnlockDB(handle); -#endif - return SECSuccess; -} - -void -getCertsToDelete(char *numlist, int len, int *certNums, int nCerts) -{ - int j, num; - char *numstr, *numend, *end; - - numstr = numlist; - end = numstr + len - 1; - while (numstr != end) { - numend = strpbrk(numstr, ", \n"); - *numend = '\0'; - if (PORT_Strlen(numstr) == 0) - return; - num = PORT_Atoi(numstr); - if (numstr == numlist) - certNums[0] = num; - for (j=1; j<nCerts+1; j++) { - if (num == certNums[j]) { - certNums[j] = -1; - break; - } - } - if (numend == end) - break; - numstr = strpbrk(numend+1, "0123456789"); - } -} - -PRBool -userSaysDeleteCert(CERTCertificate **certs, int nCerts, - int errtype, dbRestoreInfo *info, int *certNums) -{ - char response[32]; - int32 nb; - int i; - /* User wants to remove cert without prompting. */ - if (info->promptUser[errtype] == PR_FALSE) - return (info->removeType[errtype]); - switch (errtype) { - case dbInvalidCert: - PR_fprintf(PR_STDOUT, "******** Expired ********\n"); - PR_fprintf(PR_STDOUT, "Cert has expired.\n\n"); - dumpCertificate(certs[0], -1, PR_STDOUT); - PR_fprintf(PR_STDOUT, - "Keep it? (y/n - this one, Y/N - all expired certs) [n] "); - break; - case dbNoSMimeProfile: - PR_fprintf(PR_STDOUT, "******** No Profile ********\n"); - PR_fprintf(PR_STDOUT, "S/MIME cert has no profile.\n\n"); - dumpCertificate(certs[0], -1, PR_STDOUT); - PR_fprintf(PR_STDOUT, - "Keep it? (y/n - this one, Y/N - all S/MIME w/o profile) [n] "); - break; - case dbOlderCert: - PR_fprintf(PR_STDOUT, "******* Redundant nickname/email *******\n\n"); - PR_fprintf(PR_STDOUT, "These certs have the same nickname/email:\n"); - for (i=0; i<nCerts; i++) - dumpCertificate(certs[i], i, PR_STDOUT); - PR_fprintf(PR_STDOUT, - "Enter the certs you would like to keep from those listed above.\n"); - PR_fprintf(PR_STDOUT, - "Use a comma-separated list of the cert numbers (ex. 0, 8, 12).\n"); - PR_fprintf(PR_STDOUT, - "The first cert in the list will be the primary cert\n"); - PR_fprintf(PR_STDOUT, - " accessed by the nickname/email handle.\n"); - PR_fprintf(PR_STDOUT, - "List cert numbers to keep here, or hit enter\n"); - PR_fprintf(PR_STDOUT, - " to always keep only the newest cert: "); - break; - default: - } - nb = PR_Read(PR_STDIN, response, sizeof(response)); - PR_fprintf(PR_STDOUT, "\n\n"); - if (errtype == dbOlderCert) { - if (!isdigit(response[0])) { - info->promptUser[errtype] = PR_FALSE; - info->removeType[errtype] = PR_TRUE; - return PR_TRUE; - } - getCertsToDelete(response, nb, certNums, nCerts); - return PR_TRUE; - } - /* User doesn't want to be prompted for this type anymore. */ - if (response[0] == 'Y') { - info->promptUser[errtype] = PR_FALSE; - info->removeType[errtype] = PR_FALSE; - return PR_FALSE; - } else if (response[0] == 'N') { - info->promptUser[errtype] = PR_FALSE; - info->removeType[errtype] = PR_TRUE; - return PR_TRUE; - } - return (response[0] != 'y') ? PR_TRUE : PR_FALSE; -} - -SECStatus -addCertToDB(certDBEntryCert *certEntry, dbRestoreInfo *info, - CERTCertDBHandle *oldhandle) -{ - SECStatus rv = SECSuccess; - PRBool allowOverride; - PRBool userCert; - SECCertTimeValidity validity; - CERTCertificate *oldCert = NULL; - CERTCertificate *dbCert = NULL; - CERTCertificate *newCert = NULL; - CERTCertTrust *trust; - certDBEntrySMime *smimeEntry = NULL; - char *email = NULL; - char *nickname = NULL; - int nCertsForSubject = 1; - - oldCert = CERT_DecodeDERCertificate(&certEntry->derCert, PR_FALSE, - certEntry->nickname); - if (!oldCert) { - info->dbErrors[dbBadCertificate]++; - SEC_DestroyDBEntry((certDBEntry*)certEntry); - return SECSuccess; - } - - oldCert->dbEntry = certEntry; - oldCert->trust = &certEntry->trust; - oldCert->dbhandle = oldhandle; - - trust = oldCert->trust; - - info->nOldCerts++; - - if (info->verbose) - PR_fprintf(info->out, "%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%\n\n"); - - if (oldCert->nickname) - nickname = PORT_Strdup(oldCert->nickname); - - /* Always keep user certs. Skip ahead. */ - /* XXX if someone sends themselves a signed message, it is possible - for their cert to be imported as an "other" cert, not a user cert. - this mucks with smime entries... */ - userCert = (SEC_GET_TRUST_FLAGS(trust, trustSSL) & CERTDB_USER) || - (SEC_GET_TRUST_FLAGS(trust, trustEmail) & CERTDB_USER) || - (SEC_GET_TRUST_FLAGS(trust, trustObjectSigning) & CERTDB_USER); - if (userCert) - goto createcert; - - /* If user chooses so, ignore expired certificates. */ - allowOverride = (PRBool)((oldCert->keyUsage == certUsageSSLServer) || - (oldCert->keyUsage == certUsageSSLServerWithStepUp)); - validity = CERT_CheckCertValidTimes(oldCert, PR_Now(), allowOverride); - /* If cert expired and user wants to delete it, ignore it. */ - if ((validity != secCertTimeValid) && - userSaysDeleteCert(&oldCert, 1, dbInvalidCert, info, 0)) { - info->dbErrors[dbInvalidCert]++; - if (info->verbose) { - PR_fprintf(info->out, "Deleting expired certificate:\n"); - dumpCertificate(oldCert, -1, info->out); - } - goto cleanup; - } - - /* New database will already have default certs, don't attempt - to overwrite them. */ - dbCert = CERT_FindCertByDERCert(info->handle, &oldCert->derCert); - if (dbCert) { - info->nCerts++; - if (info->verbose) { - PR_fprintf(info->out, "Added certificate to database:\n"); - dumpCertificate(oldCert, -1, info->out); - } - goto cleanup; - } - - /* Determine if cert is S/MIME and get its email if so. */ - email = IsEmailCert(oldCert); - - /* - XXX Just create empty profiles? - if (email) { - SECItem *profile = CERT_FindSMimeProfile(oldCert); - if (!profile && - userSaysDeleteCert(&oldCert, 1, dbNoSMimeProfile, info, 0)) { - info->dbErrors[dbNoSMimeProfile]++; - if (info->verbose) { - PR_fprintf(info->out, - "Deleted cert missing S/MIME profile.\n"); - dumpCertificate(oldCert, -1, info->out); - } - goto cleanup; - } else { - SECITEM_FreeItem(profile); - } - } - */ - -createcert: - - /* Sometimes happens... */ - if (!nickname && userCert) - nickname = PORT_Strdup(oldCert->subjectName); - - /* Create a new certificate, copy of the old one. */ - newCert = CERT_NewTempCertificate(info->handle, &oldCert->derCert, - nickname, PR_FALSE, PR_TRUE); - if (!newCert) { - PR_fprintf(PR_STDERR, "Unable to create new certificate.\n"); - dumpCertificate(oldCert, -1, PR_STDERR); - info->dbErrors[dbBadCertificate]++; - goto cleanup; - } - - /* Add the cert to the new database. */ - rv = CERT_AddTempCertToPerm(newCert, nickname, oldCert->trust); - if (rv) { - PR_fprintf(PR_STDERR, "Failed to write temp cert to perm database.\n"); - dumpCertificate(oldCert, -1, PR_STDERR); - info->dbErrors[dbCertNotWrittenToDB]++; - goto cleanup; - } - - if (info->verbose) { - PR_fprintf(info->out, "Added certificate to database:\n"); - dumpCertificate(oldCert, -1, info->out); - } - - /* If the cert is an S/MIME cert, and the first with it's subject, - * modify the subject entry to include the email address, - * CERT_AddTempCertToPerm does not do email addresses and S/MIME entries. - */ - if (smimeEntry) { /*&& !userCert && nCertsForSubject == 1) { */ -#if 0 - UpdateSubjectWithEmailAddr(newCert, email); -#endif - SECItem emailProfile, profileTime; - rv = CERT_FindFullSMimeProfile(oldCert, &emailProfile, &profileTime); - /* calls UpdateSubjectWithEmailAddr */ - if (rv == SECSuccess) - rv = CERT_SaveSMimeProfile(newCert, &emailProfile, &profileTime); - } - - info->nCerts++; - -cleanup: - - if (nickname) - PORT_Free(nickname); - if (email) - PORT_Free(email); - if (oldCert) - CERT_DestroyCertificate(oldCert); - if (dbCert) - CERT_DestroyCertificate(dbCert); - if (newCert) - CERT_DestroyCertificate(newCert); - if (smimeEntry) - SEC_DestroyDBEntry((certDBEntry*)smimeEntry); - return SECSuccess; -} - -#if 0 -SECStatus -copyDBEntry(SECItem *data, SECItem *key, certDBEntryType type, void *pdata) -{ - SECStatus rv; - CERTCertDBHandle *newdb = (CERTCertDBHandle *)pdata; - certDBEntryCommon common; - SECItem dbkey; - - common.type = type; - common.version = CERT_DB_FILE_VERSION; - common.flags = data->data[2]; - common.arena = NULL; - - dbkey.len = key->len + SEC_DB_KEY_HEADER_LEN; - dbkey.data = (unsigned char *)PORT_Alloc(dbkey.len*sizeof(unsigned char)); - PORT_Memcpy(&dbkey.data[SEC_DB_KEY_HEADER_LEN], key->data, key->len); - dbkey.data[0] = type; - - rv = WriteDBEntry(newdb, &common, &dbkey, data); - - PORT_Free(dbkey.data); - return rv; -} -#endif - -int -certIsOlder(CERTCertificate **cert1, CERTCertificate** cert2) -{ - return !CERT_IsNewer(*cert1, *cert2); -} - -int -findNewestSubjectForEmail(CERTCertDBHandle *handle, int subjectNum, - certDBArray *dbArray, dbRestoreInfo *info, - int *subjectWithSMime, int *smimeForSubject) -{ - int newestSubject; - int subjectsForEmail[50]; - int i, j, ns, sNum; - certDBEntryListNode *subjects = &dbArray->subjects; - certDBEntryListNode *smime = &dbArray->smime; - certDBEntrySubject *subjectEntry1, *subjectEntry2; - certDBEntrySMime *smimeEntry; - CERTCertificate **certs; - CERTCertificate *cert; - CERTCertTrust *trust; - PRBool userCert; - int *certNums; - - ns = 0; - subjectEntry1 = (certDBEntrySubject*)&subjects.entries[subjectNum]; - subjectsForEmail[ns++] = subjectNum; - - *subjectWithSMime = -1; - *smimeForSubject = -1; - newestSubject = subjectNum; - - cert = CERT_FindCertByKey(handle, &subjectEntry1->certKeys[0]); - if (cert) { - trust = cert->trust; - userCert = (SEC_GET_TRUST_FLAGS(trust, trustSSL) & CERTDB_USER) || - (SEC_GET_TRUST_FLAGS(trust, trustEmail) & CERTDB_USER) || - (SEC_GET_TRUST_FLAGS(trust, trustObjectSigning) & CERTDB_USER); - CERT_DestroyCertificate(cert); - } - - /* - * XXX Should we make sure that subjectEntry1->emailAddr is not - * a null pointer or an empty string before going into the next - * two for loops, which pass it to PORT_Strcmp? - */ - - /* Loop over the remaining subjects. */ - for (i=subjectNum+1; i<subjects.numEntries; i++) { - subjectEntry2 = (certDBEntrySubject*)&subjects.entries[i]; - if (!subjectEntry2) - continue; - if (subjectEntry2->emailAddr && subjectEntry2->emailAddr[0] && - PORT_Strcmp(subjectEntry1->emailAddr, - subjectEntry2->emailAddr) == 0) { - /* Found a subject using the same email address. */ - subjectsForEmail[ns++] = i; - } - } - - /* Find the S/MIME entry for this email address. */ - for (i=0; i<smime.numEntries; i++) { - smimeEntry = (certDBEntrySMime*)&smime.entries[i]; - if (smimeEntry->common.arena == NULL) - continue; - if (smimeEntry->emailAddr && smimeEntry->emailAddr[0] && - PORT_Strcmp(subjectEntry1->emailAddr, smimeEntry->emailAddr) == 0) { - /* Find which of the subjects uses this S/MIME entry. */ - for (j=0; j<ns && *subjectWithSMime < 0; j++) { - sNum = subjectsForEmail[j]; - subjectEntry2 = (certDBEntrySubject*)&subjects.entries[sNum]; - if (SECITEM_ItemsAreEqual(&smimeEntry->subjectName, - &subjectEntry2->derSubject)) { - /* Found the subject corresponding to the S/MIME entry. */ - *subjectWithSMime = sNum; - *smimeForSubject = i; - } - } - SEC_DestroyDBEntry((certDBEntry*)smimeEntry); - PORT_Memset(smimeEntry, 0, sizeof(certDBEntry)); - break; - } - } - - if (ns <= 1) - return subjectNum; - - if (userCert) - return *subjectWithSMime; - - /* Now find which of the subjects has the newest cert. */ - certs = (CERTCertificate**)PORT_Alloc(ns*sizeof(CERTCertificate*)); - certNums = (int*)PORT_Alloc((ns+1)*sizeof(int)); - certNums[0] = 0; - for (i=0; i<ns; i++) { - sNum = subjectsForEmail[i]; - subjectEntry1 = (certDBEntrySubject*)&subjects.entries[sNum]; - certs[i] = CERT_FindCertByKey(handle, &subjectEntry1->certKeys[0]); - certNums[i+1] = i; - } - /* Sort the array by validity. */ - qsort(certs, ns, sizeof(CERTCertificate*), - (int (*)(const void *, const void *))certIsOlder); - newestSubject = -1; - for (i=0; i<ns; i++) { - sNum = subjectsForEmail[i]; - subjectEntry1 = (certDBEntrySubject*)&subjects.entries[sNum]; - if (SECITEM_ItemsAreEqual(&subjectEntry1->derSubject, - &certs[0]->derSubject)) - newestSubject = sNum; - else - SEC_DestroyDBEntry((certDBEntry*)subjectEntry1); - } - if (info && userSaysDeleteCert(certs, ns, dbOlderCert, info, certNums)) { - for (i=1; i<ns+1; i++) { - if (certNums[i] >= 0 && certNums[i] != certNums[0]) { - deleteAllEntriesForCert(handle, certs[certNums[i]], info->out); - info->dbErrors[dbOlderCert]++; - } - } - } - CERT_DestroyCertArray(certs, ns); - return newestSubject; -} - -CERTCertDBHandle * -DBCK_ReconstructDBFromCerts(CERTCertDBHandle *oldhandle, char *newdbname, - PRFileDesc *outfile, PRBool removeExpired, - PRBool requireProfile, PRBool singleEntry, - PRBool promptUser) -{ - SECStatus rv; - dbRestoreInfo info; - certDBEntryContentVersion *oldContentVersion; - certDBArray dbArray; - int i; - - PORT_Memset(&dbArray, 0, sizeof(dbArray)); - PORT_Memset(&info, 0, sizeof(info)); - info.verbose = (outfile) ? PR_TRUE : PR_FALSE; - info.out = (outfile) ? outfile : PR_STDOUT; - info.removeType[dbInvalidCert] = removeExpired; - info.removeType[dbNoSMimeProfile] = requireProfile; - info.removeType[dbOlderCert] = singleEntry; - info.promptUser[dbInvalidCert] = promptUser; - info.promptUser[dbNoSMimeProfile] = promptUser; - info.promptUser[dbOlderCert] = promptUser; - - /* Allocate a handle to fill with CERT_OpenCertDB below. */ - info.handle = (CERTCertDBHandle *)PORT_ZAlloc(sizeof(CERTCertDBHandle)); - if (!info.handle) { - fprintf(stderr, "unable to get database handle"); - return NULL; - } - - /* Create a certdb with the most recent set of roots. */ - rv = CERT_OpenCertDBFilename(info.handle, newdbname, PR_FALSE); - - if (rv) { - fprintf(stderr, "could not open certificate database"); - goto loser; - } - - /* Create certificate, subject, nickname, and email records. - * mcom_db seems to have a sequential access bug. Though reads and writes - * should be allowed during traversal, they seem to screw up the sequence. - * So, stuff all the cert entries into an array, and loop over the array - * doing read/writes in the db. - */ - fillDBEntryArray(oldhandle, certDBEntryTypeCert, &dbArray.certs); - for (elem = PR_LIST_HEAD(&dbArray->certs.link); - elem != &dbArray->certs.link; elem = PR_NEXT_LINK(elem)) { - node = LISTNODE_CAST(elem); - addCertToDB((certDBEntryCert*)&node->entry, &info, oldhandle); - /* entries get destroyed in addCertToDB */ - } -#if 0 - rv = SEC_TraverseDBEntries(oldhandle, certDBEntryTypeSMimeProfile, - copyDBEntry, info.handle); -#endif - - /* Fix up the pointers between (nickname|S/MIME) --> (subject). - * Create S/MIME entries for S/MIME certs. - * Have the S/MIME entry point to the last-expiring cert using - * an email address. - */ -#if 0 - CERT_RedoHandlesForSubjects(info.handle, singleEntry, &info); -#endif - - freeDBEntryList(&dbArray.certs.link); - - /* Copy over the version record. */ - /* XXX Already exists - and _must_ be correct... */ - /* - versionEntry = ReadDBVersionEntry(oldhandle); - rv = WriteDBVersionEntry(info.handle, versionEntry); - */ - - /* Copy over the content version record. */ - /* XXX Can probably get useful info from old content version? - * Was this db created before/after this tool? etc. - */ -#if 0 - oldContentVersion = ReadDBContentVersionEntry(oldhandle); - CERT_SetDBContentVersion(oldContentVersion->contentVersion, info.handle); -#endif - -#if 0 - /* Copy over the CRL & KRL records. */ - rv = SEC_TraverseDBEntries(oldhandle, certDBEntryTypeRevocation, - copyDBEntry, info.handle); - /* XXX Only one KRL, just do db->get? */ - rv = SEC_TraverseDBEntries(oldhandle, certDBEntryTypeKeyRevocation, - copyDBEntry, info.handle); -#endif - - PR_fprintf(info.out, "Database had %d certificates.\n", info.nOldCerts); - - PR_fprintf(info.out, "Reconstructed %d certificates.\n", info.nCerts); - PR_fprintf(info.out, "(ax) Rejected %d expired certificates.\n", - info.dbErrors[dbInvalidCert]); - PR_fprintf(info.out, "(as) Rejected %d S/MIME certificates missing a profile.\n", - info.dbErrors[dbNoSMimeProfile]); - PR_fprintf(info.out, "(ar) Rejected %d certificates for which a newer certificate was found.\n", - info.dbErrors[dbOlderCert]); - PR_fprintf(info.out, " Rejected %d corrupt certificates.\n", - info.dbErrors[dbBadCertificate]); - PR_fprintf(info.out, " Rejected %d certificates which did not write to the DB.\n", - info.dbErrors[dbCertNotWrittenToDB]); - - if (rv) - goto loser; - - return info.handle; - -loser: - if (info.handle) - PORT_Free(info.handle); - return NULL; -} -#endif /* DORECOVER */ - -enum { - cmd_Debug = 0, - cmd_LongUsage, - cmd_Recover -}; - -enum { - opt_KeepAll = 0, - opt_CertDir, - opt_Dumpfile, - opt_InputDB, - opt_OutputDB, - opt_Mailfile, - opt_Prompt, - opt_KeepRedundant, - opt_KeepNoSMimeProfile, - opt_Verbose, - opt_KeepExpired -}; - -static secuCommandFlag dbck_commands[] = -{ - { /* cmd_Debug, */ 'D', PR_FALSE, 0, PR_FALSE }, - { /* cmd_LongUsage,*/ 'H', PR_FALSE, 0, PR_FALSE }, - { /* cmd_Recover, */ 'R', PR_FALSE, 0, PR_FALSE } -}; - -static secuCommandFlag dbck_options[] = -{ - { /* opt_KeepAll, */ 'a', PR_FALSE, 0, PR_FALSE }, - { /* opt_CertDir, */ 'd', PR_TRUE, 0, PR_FALSE }, - { /* opt_Dumpfile, */ 'f', PR_TRUE, 0, PR_FALSE }, - { /* opt_InputDB, */ 'i', PR_TRUE, 0, PR_FALSE }, - { /* opt_OutputDB, */ 'o', PR_TRUE, 0, PR_FALSE }, - { /* opt_Mailfile, */ 'm', PR_FALSE, 0, PR_FALSE }, - { /* opt_Prompt, */ 'p', PR_FALSE, 0, PR_FALSE }, - { /* opt_KeepRedundant, */ 'r', PR_FALSE, 0, PR_FALSE }, - { /* opt_KeepNoSMimeProfile,*/ 's', PR_FALSE, 0, PR_FALSE }, - { /* opt_Verbose, */ 'v', PR_FALSE, 0, PR_FALSE }, - { /* opt_KeepExpired, */ 'x', PR_FALSE, 0, PR_FALSE } -}; - -int -main(int argc, char **argv) -{ - CERTCertDBHandle *certHandle; - - PRFileInfo fileInfo; - PRFileDesc *mailfile = NULL; - PRFileDesc *dumpfile = NULL; - - char * pathname = 0; - char * fullname = 0; - char * newdbname = 0; - - PRBool removeExpired, requireProfile, singleEntry; - - SECStatus rv; - - secuCommand dbck; - dbck.numCommands = sizeof(dbck_commands) / sizeof(secuCommandFlag); - dbck.numOptions = sizeof(dbck_options) / sizeof(secuCommandFlag); - dbck.commands = dbck_commands; - dbck.options = dbck_options; - - progName = strrchr(argv[0], '/'); - progName = progName ? progName+1 : argv[0]; - - rv = SECU_ParseCommandLine(argc, argv, progName, &dbck); - - if (rv != SECSuccess) - Usage(progName); - - if (dbck.commands[cmd_LongUsage].activated) - LongUsage(progName); - - if (!dbck.commands[cmd_Debug].activated && - !dbck.commands[cmd_Recover].activated) { - PR_fprintf(PR_STDERR, "Please specify -D or -R.\n"); - Usage(progName); - } - - removeExpired = !(dbck.options[opt_KeepAll].activated || - dbck.options[opt_KeepExpired].activated); - - requireProfile = !(dbck.options[opt_KeepAll].activated || - dbck.options[opt_KeepNoSMimeProfile].activated); - - singleEntry = !(dbck.options[opt_KeepAll].activated || - dbck.options[opt_KeepRedundant].activated); - - if (dbck.options[opt_OutputDB].activated) { - newdbname = PL_strdup(dbck.options[opt_OutputDB].arg); - } else { - newdbname = PL_strdup("new_cert7.db"); - } - - /* Create a generic graph of the database. */ - if (dbck.options[opt_Mailfile].activated) { - mailfile = PR_Open("./mailfile", PR_RDWR | PR_CREATE_FILE, 00660); - if (!mailfile) { - fprintf(stderr, "Unable to create mailfile.\n"); - return -1; - } - } - - /* Dump all debugging info while running. */ - if (dbck.options[opt_Verbose].activated) { - if (dbck.options[opt_Dumpfile].activated) { - dumpfile = PR_Open(dbck.options[opt_Dumpfile].arg, - PR_RDWR | PR_CREATE_FILE, 00660); - } - if (!dumpfile) { - fprintf(stderr, "Unable to create dumpfile.\n"); - return -1; - } - } - - /* Set the cert database directory. */ - if (dbck.options[opt_CertDir].activated) { - SECU_ConfigDirectory(dbck.options[opt_CertDir].arg); - } - - PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1); - SEC_Init(); - - certHandle = (CERTCertDBHandle *)PORT_ZAlloc(sizeof(CERTCertDBHandle)); - if (!certHandle) { - SECU_PrintError(progName, "unable to get database handle"); - return -1; - } - - /* Open the possibly corrupt database. */ - if (dbck.options[opt_InputDB].activated) { - pathname = SECU_ConfigDirectory(NULL); - fullname = PR_smprintf("%s/%s", pathname, - dbck.options[opt_InputDB].arg); - if (PR_GetFileInfo(fullname, &fileInfo) != PR_SUCCESS) { - fprintf(stderr, "Unable to read file \"%s\".\n", fullname); - return -1; - } - rv = CERT_OpenCertDBFilename(certHandle, fullname, PR_TRUE); - } else { - /* Use the default. */ - fullname = SECU_CertDBNameCallback(NULL, CERT_DB_FILE_VERSION); - if (PR_GetFileInfo(fullname, &fileInfo) != PR_SUCCESS) { - fprintf(stderr, "Unable to read file \"%s\".\n", fullname); - return -1; - } - rv = CERT_OpenCertDB(certHandle, PR_TRUE, - SECU_CertDBNameCallback, NULL); - } - - if (rv) { - SECU_PrintError(progName, "unable to open cert database"); - return -1; - } - - if (dbck.commands[cmd_Debug].activated) { - DBCK_DebugDB(certHandle, dumpfile, mailfile); - return 0; - } - -#ifdef DORECOVER - if (dbck.commands[cmd_Recover].activated) { - DBCK_ReconstructDBFromCerts(certHandle, newdbname, - dumpfile, removeExpired, - requireProfile, singleEntry, - dbck.options[opt_Prompt].activated); - return 0; - } -#endif - - if (mailfile) - PR_Close(mailfile); - if (dumpfile) - PR_Close(dumpfile); - if (certHandle) { - CERT_ClosePermCertDB(certHandle); - PORT_Free(certHandle); - } - return -1; -} diff --git a/security/nss/cmd/dbck/manifest.mn b/security/nss/cmd/dbck/manifest.mn deleted file mode 100644 index 74e66c49e..000000000 --- a/security/nss/cmd/dbck/manifest.mn +++ /dev/null @@ -1,49 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -CORE_DEPTH = ../../.. - -DEFINES += -DNSPR20 - -# MODULE public and private header directories are implicitly REQUIRED. -MODULE = nss - -CSRCS = \ - dbck.c \ - $(NULL) - -# The MODULE is always implicitly required. -# Listing it here in REQUIRES makes it appear twice in the cc command line. -REQUIRES = dbm seccmd - -PROGRAM = dbck diff --git a/security/nss/cmd/dbtest/Makefile b/security/nss/cmd/dbtest/Makefile deleted file mode 100644 index 0ff13ae43..000000000 --- a/security/nss/cmd/dbtest/Makefile +++ /dev/null @@ -1,88 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - -include ../platlibs.mk - -ifdef XP_OS2_VACPP -CFLAGS += -I../modutil -endif - -ifeq (,$(filter-out WINNT WIN95 WIN16,$(OS_TARGET))) # omits WINCE -ifndef BUILD_OPT -ifndef NS_USE_GCC -LDFLAGS += /subsystem:console /profile /debug /machine:I386 /incremental:no -endif -OS_CFLAGS += -D_CONSOLE -endif -endif - - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - -#include ../platlibs.mk - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - -include ../platrules.mk - diff --git a/security/nss/cmd/dbtest/dbtest.c b/security/nss/cmd/dbtest/dbtest.c deleted file mode 100644 index 39f659522..000000000 --- a/security/nss/cmd/dbtest/dbtest.c +++ /dev/null @@ -1,181 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * Sonja Mirtitsch Sun Microsystems - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -/* -** dbtest.c -** -** QA test for cert and key databases, especially to open -** database readonly (NSS_INIT_READONLY) and force initializations -** even if the databases cannot be opened (NSS_INIT_FORCEOPEN) -** -*/ -#include <stdio.h> -#include <string.h> - -#if defined(WIN32) -#include "fcntl.h" -#include "io.h" -#endif - -#include "secutil.h" - -#if defined(XP_UNIX) -#include <unistd.h> -#endif - -#include "nspr.h" -#include "prtypes.h" -#include "certdb.h" -#include "nss.h" -#include "../modutil/modutil.h" - -#include "plgetopt.h" - -static char *progName; - -char *dbDir = NULL; - -static char *dbName[]={"secmod.db", "cert8.db", "key3.db"}; -static char* dbprefix = ""; -static char* secmodName = "secmod.db"; -PRBool verbose; - - -static void Usage(const char *progName) -{ - printf("Usage: %s [-r] [-f] [-d dbdir ] \n", - progName); - printf("%-20s open database readonly (NSS_INIT_READONLY)\n", "-r"); - printf("%-20s Continue to force initializations even if the\n", "-f"); - printf("%-20s databases cannot be opened (NSS_INIT_FORCEOPEN)\n", " "); - printf("%-20s Directory with cert database (default is .\n", - "-d certdir"); - exit(1); -} - -int main(int argc, char **argv) -{ - PLOptState *optstate; - PLOptStatus optstatus; - - PRUint32 flags = 0; - PRBool useCommandLinePassword = PR_FALSE; - Error ret; - SECStatus rv; - char * dbString = NULL; - int i; - - progName = strrchr(argv[0], '/'); - if (!progName) - progName = strrchr(argv[0], '\\'); - progName = progName ? progName+1 : argv[0]; - - optstate = PL_CreateOptState(argc, argv, "rfd:h"); - - while ((optstatus = PL_GetNextOpt(optstate)) == PL_OPT_OK) { - switch (optstate->option) { - case 'h': - default : Usage(progName); break; - - case 'r': flags |= NSS_INIT_READONLY; break; - - case 'f': flags |= NSS_INIT_FORCEOPEN; break; - - case 'd': - dbDir = PORT_Strdup(optstate->value); - break; - - } - } - if (optstatus == PL_OPT_BAD) - Usage(progName); - - if (!dbDir) { - dbDir = SECU_DefaultSSLDir(); /* Look in $SSL_DIR */ - } - dbDir = SECU_ConfigDirectory(dbDir); - PR_fprintf(PR_STDERR, "dbdir selected is %s\n\n", dbDir); - - if( dbDir[0] == '\0') { - PR_fprintf(PR_STDERR, errStrings[DIR_DOESNT_EXIST_ERR], dbDir); - ret= DIR_DOESNT_EXIST_ERR; - goto loser; - } - - - PR_Init( PR_USER_THREAD, PR_PRIORITY_NORMAL, 0); - - /* get the status of the directory and databases and output message */ - if(PR_Access(dbDir, PR_ACCESS_EXISTS) != PR_SUCCESS) { - PR_fprintf(PR_STDERR, errStrings[DIR_DOESNT_EXIST_ERR], dbDir); - } else if(PR_Access(dbDir, PR_ACCESS_READ_OK) != PR_SUCCESS) { - PR_fprintf(PR_STDERR, errStrings[DIR_NOT_READABLE_ERR], dbDir); - } else { - if( !( flags & NSS_INIT_READONLY ) && - PR_Access(dbDir, PR_ACCESS_WRITE_OK) != PR_SUCCESS) { - PR_fprintf(PR_STDERR, errStrings[DIR_NOT_WRITEABLE_ERR], dbDir); - } - for (i=0;i<3;i++) { - dbString=PR_smprintf("%s/%s",dbDir,dbName[i]); - PR_fprintf(PR_STDOUT, "database checked is %s\n",dbString); - if(PR_Access(dbString, PR_ACCESS_EXISTS) != PR_SUCCESS) { - PR_fprintf(PR_STDERR, errStrings[FILE_DOESNT_EXIST_ERR], - dbString); - } else if(PR_Access(dbString, PR_ACCESS_READ_OK) != PR_SUCCESS) { - PR_fprintf(PR_STDERR, errStrings[FILE_NOT_READABLE_ERR], - dbString); - } else if( !( flags & NSS_INIT_READONLY ) && - PR_Access(dbString, PR_ACCESS_WRITE_OK) != PR_SUCCESS) { - PR_fprintf(PR_STDERR, errStrings[FILE_NOT_WRITEABLE_ERR], - dbString); - } - } - } - - rv = NSS_Initialize(SECU_ConfigDirectory(dbDir), dbprefix, dbprefix, - secmodName, flags); - if (rv != SECSuccess) { - SECU_PrintPRandOSError(progName); - ret=NSS_INITIALIZE_FAILED_ERR; - } else { - if (NSS_Shutdown() != SECSuccess) { - exit(1); - } - ret=SUCCESS; - } - -loser: - return ret; -} - diff --git a/security/nss/cmd/dbtest/makefile.win b/security/nss/cmd/dbtest/makefile.win deleted file mode 100644 index 5a60fd0af..000000000 --- a/security/nss/cmd/dbtest/makefile.win +++ /dev/null @@ -1,130 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -VERBOSE = 1 -include <manifest.mn> - -#cannot define PROGRAM in manifest compatibly with NT and UNIX -PROGRAM = dbtest -PROGRAM = ./$(OBJDIR)/$(PROGRAM).exe -include <$(DEPTH)\config\config.mak> - -# let manifest generate C_OBJS, it will prepend ./$(OBJDIR)/ -# rules.mak will append C_OBJS onto OBJS. -# OBJS = $(CSRCS:.c=.obj) - -# include files are looked for in $LINCS and $INCS. -# $LINCS is in manifest.mnw, computed from REQUIRES= -INCS = $(INCS) \ - -I$(DEPTH)/security/lib/cert \ - -I../include \ - $(NULL) - -IGNORE_ME = \ - -I$(DEPTH)/security/lib/key \ - -I$(DEPTH)/security/lib/util \ - $(NULL) - - -WINFE = $(DEPTH)/cmd/winfe/mkfiles$(MOZ_BITS)/x86Dbg - -# these files are the content of libdbm -DBM_LIB = \ - $(WINFE)/DB.obj \ - $(WINFE)/HASH.obj \ - $(WINFE)/H_BIGKEY.obj \ - $(WINFE)/H_PAGE.obj \ - $(WINFE)/H_LOG2.obj \ - $(WINFE)/H_FUNC.obj \ - $(WINFE)/HASH_BUF.obj \ - $(NULL) - -MOZ_LIBS = \ - $(WINFE)/ALLXPSTR.obj \ - $(WINFE)/XP_ERROR.obj \ - $(WINFE)/XPASSERT.obj \ - $(WINFE)/XP_REG.obj \ - $(WINFE)/XP_TRACE.obj \ - $(DBM_LIB) \ - $(WINFE)/XP_STR.obj \ - $(WINFE)/MKTEMP.obj \ - $(NULL) - -SEC_LIBS = \ - $(DIST)/lib/cert$(MOZ_BITS).lib \ - $(DIST)/lib/crypto$(MOZ_BITS).lib \ - $(DIST)/lib/hash$(MOZ_BITS).lib \ - $(DIST)/lib/key$(MOZ_BITS).lib \ - $(DIST)/lib/pkcs7$(MOZ_BITS).lib \ - $(DIST)/lib/secmod$(MOZ_BITS).lib \ - $(DIST)/lib/secutl$(MOZ_BITS).lib \ - $(DIST)/lib/ssl$(MOZ_BITS).lib \ - $(NULL) - -LLFLAGS = $(LLFLAGS) \ - ../lib/$(OBJDIR)/sectool$(MOZ_BITS).lib \ - $(SEC_LIBS) \ - $(MOZ_LIBS) \ - $(DEPTH)/nspr/src/$(OBJDIR)/getopt.obj \ - $(LIBNSPR) \ - $(NULL) - - -include <$(DEPTH)\config\rules.mak> - -INSTALL = $(MAKE_INSTALL) - -objs: $(OBJS) - -$(PROGRAM):: - $(INSTALL) $(DIST)/bin/pr3240.dll ./$(OBJDIR) - -programs: $(PROGRAM) - -install:: $(TARGETS) - $(INSTALL) $(TARGETS) $(DIST)/bin - - -symbols: - @echo "CSRCS = $(CSRCS)" - @echo "INCS = $(INCS)" - @echo "OBJS = $(OBJS)" - @echo "LIBRARY = $(LIBRARY)" - @echo "PROGRAM = $(PROGRAM)" - @echo "TARGETS = $(TARGETS)" - @echo "DIST = $(DIST)" - @echo "VERSION_NUMBER = $(VERSION_NUMBER)" - @echo "WINFE = $(WINFE)" - @echo "DBM_LIB = $(DBM_LIB)" - @echo "INSTALL = $(INSTALL)" - diff --git a/security/nss/cmd/dbtest/manifest.mn b/security/nss/cmd/dbtest/manifest.mn deleted file mode 100644 index 0f6888088..000000000 --- a/security/nss/cmd/dbtest/manifest.mn +++ /dev/null @@ -1,50 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -CORE_DEPTH = ../../.. - -# MODULE public and private header directories are implicitly REQUIRED. -MODULE = nss - -# This next line is used by .mk files -# and gets translated into $LINCS in manifest.mnw -# The MODULE is always implicitly required. -# Listing it here in REQUIRES makes it appear twice in the cc command line. -REQUIRES = seccmd dbm - -# DIRS = - -CSRCS = dbtest.c - -PROGRAM = dbtest - diff --git a/security/nss/cmd/derdump/Makefile b/security/nss/cmd/derdump/Makefile deleted file mode 100644 index 573c12cac..000000000 --- a/security/nss/cmd/derdump/Makefile +++ /dev/null @@ -1,76 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - -include ../platlibs.mk - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - - - -include ../platrules.mk - diff --git a/security/nss/cmd/derdump/derdump.c b/security/nss/cmd/derdump/derdump.c deleted file mode 100644 index 603d5f772..000000000 --- a/security/nss/cmd/derdump/derdump.c +++ /dev/null @@ -1,135 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -#include "secutil.h" -#include "nss.h" -#include <errno.h> - -#if defined(XP_WIN) || (defined(__sun) && !defined(SVR4)) -#if !defined(WIN32) -extern int fprintf(FILE *, char *, ...); -#endif -#endif -#include "plgetopt.h" - -static void Usage(char *progName) -{ - fprintf(stderr, - "Usage: %s [-r] [-i input] [-o output]\n", - progName); - fprintf(stderr, "%-20s For formatted items, dump raw bytes as well\n", - "-r"); - fprintf(stderr, "%-20s Define an input file to use (default is stdin)\n", - "-i input"); - fprintf(stderr, "%-20s Define an output file to use (default is stdout)\n", - "-o output"); - exit(-1); -} - -int main(int argc, char **argv) -{ - char *progName; - int option; - FILE *outFile; - PRFileDesc *inFile; - SECItem der; - SECStatus rv; - int16 xp_error; - PRBool raw = PR_FALSE; - PLOptState *optstate; - PLOptStatus status; - - progName = strrchr(argv[0], '/'); - progName = progName ? progName+1 : argv[0]; - - /* Parse command line arguments */ - inFile = 0; - outFile = 0; - optstate = PL_CreateOptState(argc, argv, "i:o:r"); - while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) { - switch (optstate->option) { - case 'i': - inFile = PR_Open(optstate->value, PR_RDONLY, 0); - if (!inFile) { - fprintf(stderr, "%s: unable to open \"%s\" for reading\n", - progName, optstate->value); - return -1; - } - break; - - case 'o': - outFile = fopen(optstate->value, "w"); - if (!outFile) { - fprintf(stderr, "%s: unable to open \"%s\" for writing\n", - progName, optstate->value); - return -1; - } - break; - - case 'r': - raw = PR_TRUE; - break; - - default: - Usage(progName); - break; - } - } - if (status == PL_OPT_BAD) - Usage(progName); - - if (!inFile) inFile = PR_STDIN; - if (!outFile) outFile = stdout; - - rv = NSS_NoDB_Init(NULL); /* XXX */ - if (rv != SECSuccess) { - SECU_PrintPRandOSError(progName); - return -1; - } - - rv = SECU_ReadDERFromFile(&der, inFile, PR_FALSE); - if (rv == SECSuccess) { - rv = DER_PrettyPrint(outFile, &der, raw); - if (rv == SECSuccess) - return 0; - } - - xp_error = PORT_GetError(); - if (xp_error) { - SECU_PrintError(progName, "error %d", xp_error); - } - if (errno) { - SECU_PrintSystemError(progName, "errno=%d", errno); - } - return 1; -} diff --git a/security/nss/cmd/derdump/makefile.win b/security/nss/cmd/derdump/makefile.win deleted file mode 100644 index 9a9d4edef..000000000 --- a/security/nss/cmd/derdump/makefile.win +++ /dev/null @@ -1,130 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -VERBOSE = 1 -include <manifest.mn> - -#cannot define PROGRAM in manifest compatibly with NT and UNIX -PROGRAM = derdump -PROGRAM = ./$(OBJDIR)/$(PROGRAM).exe -include <$(DEPTH)\config\config.mak> - -# let manifest generate C_OBJS, it will prepend ./$(OBJDIR)/ -# rules.mak will append C_OBJS onto OBJS. -# OBJS = $(CSRCS:.c=.obj) - -# include files are looked for in $LINCS and $INCS. -# $LINCS is in manifest.mnw, computed from REQUIRES= -INCS = $(INCS) \ - -I$(DEPTH)/security/lib/cert \ - -I../include \ - $(NULL) - -IGNORE_ME = \ - -I$(DEPTH)/security/lib/key \ - -I$(DEPTH)/security/lib/util \ - $(NULL) - - -WINFE = $(DEPTH)/cmd/winfe/mkfiles$(MOZ_BITS)/x86Dbg - -# these files are the content of libdbm -DBM_LIB = \ - $(WINFE)/DB.obj \ - $(WINFE)/HASH.obj \ - $(WINFE)/H_BIGKEY.obj \ - $(WINFE)/H_PAGE.obj \ - $(WINFE)/H_LOG2.obj \ - $(WINFE)/H_FUNC.obj \ - $(WINFE)/HASH_BUF.obj \ - $(NULL) - -MOZ_LIBS = \ - $(WINFE)/ALLXPSTR.obj \ - $(WINFE)/XP_ERROR.obj \ - $(WINFE)/XPASSERT.obj \ - $(WINFE)/XP_REG.obj \ - $(WINFE)/XP_TRACE.obj \ - $(DBM_LIB) \ - $(WINFE)/XP_STR.obj \ - $(WINFE)/MKTEMP.obj \ - $(NULL) - -SEC_LIBS = \ - $(DIST)/lib/cert$(MOZ_BITS).lib \ - $(DIST)/lib/crypto$(MOZ_BITS).lib \ - $(DIST)/lib/hash$(MOZ_BITS).lib \ - $(DIST)/lib/key$(MOZ_BITS).lib \ - $(DIST)/lib/pkcs7$(MOZ_BITS).lib \ - $(DIST)/lib/secmod$(MOZ_BITS).lib \ - $(DIST)/lib/secutl$(MOZ_BITS).lib \ - $(DIST)/lib/ssl$(MOZ_BITS).lib \ - $(NULL) - -LLFLAGS = $(LLFLAGS) \ - ../lib/$(OBJDIR)/sectool$(MOZ_BITS).lib \ - $(SEC_LIBS) \ - $(MOZ_LIBS) \ - $(DEPTH)/nspr/src/$(OBJDIR)/getopt.obj \ - $(LIBNSPR) \ - $(NULL) - - -include <$(DEPTH)\config\rules.mak> - -INSTALL = $(MAKE_INSTALL) - -objs: $(OBJS) - -$(PROGRAM):: - $(INSTALL) $(DIST)/bin/pr3240.dll ./$(OBJDIR) - -programs: $(PROGRAM) - -install:: $(TARGETS) - $(INSTALL) $(TARGETS) $(DIST)/bin - - -symbols: - @echo "CSRCS = $(CSRCS)" - @echo "INCS = $(INCS)" - @echo "OBJS = $(OBJS)" - @echo "LIBRARY = $(LIBRARY)" - @echo "PROGRAM = $(PROGRAM)" - @echo "TARGETS = $(TARGETS)" - @echo "DIST = $(DIST)" - @echo "VERSION_NUMBER = $(VERSION_NUMBER)" - @echo "WINFE = $(WINFE)" - @echo "DBM_LIB = $(DBM_LIB)" - @echo "INSTALL = $(INSTALL)" - diff --git a/security/nss/cmd/derdump/manifest.mn b/security/nss/cmd/derdump/manifest.mn deleted file mode 100644 index d9252cd0d..000000000 --- a/security/nss/cmd/derdump/manifest.mn +++ /dev/null @@ -1,49 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -CORE_DEPTH = ../../.. - -# MODULE public and private header directories are implicitly REQUIRED. -MODULE = nss - -# This next line is used by .mk files -# and gets translated into $LINCS in manifest.mnw -# The MODULE is always implicitly required. -# Listing it here in REQUIRES makes it appear twice in the cc command line. -REQUIRES = seccmd dbm - -DEFINES = -DNSPR20 - -CSRCS = derdump.c - -PROGRAM = derdump diff --git a/security/nss/cmd/digest/Makefile b/security/nss/cmd/digest/Makefile deleted file mode 100644 index 573c12cac..000000000 --- a/security/nss/cmd/digest/Makefile +++ /dev/null @@ -1,76 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - -include ../platlibs.mk - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - - - -include ../platrules.mk - diff --git a/security/nss/cmd/digest/digest.c b/security/nss/cmd/digest/digest.c deleted file mode 100644 index 5405b1a3e..000000000 --- a/security/nss/cmd/digest/digest.c +++ /dev/null @@ -1,254 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -#include "secutil.h" -#include "pk11func.h" -#include "secoid.h" - -#if defined(XP_WIN) || (defined(__sun) && !defined(SVR4)) -#if !defined(WIN32) -extern int fread(char *, size_t, size_t, FILE*); -extern int fwrite(char *, size_t, size_t, FILE*); -extern int fprintf(FILE *, char *, ...); -#endif -#endif - -#include "plgetopt.h" - -static SECOidData * -HashTypeToOID(HASH_HashType hashtype) -{ - SECOidTag hashtag; - - if (hashtype <= HASH_AlgNULL || hashtype >= HASH_AlgTOTAL) - return NULL; - - switch (hashtype) { - case HASH_AlgMD2: - hashtag = SEC_OID_MD2; - break; - case HASH_AlgMD5: - hashtag = SEC_OID_MD5; - break; - case HASH_AlgSHA1: - hashtag = SEC_OID_SHA1; - break; - default: - fprintf(stderr, "A new hash type has been added to HASH_HashType.\n"); - fprintf(stderr, "This program needs to be updated!\n"); - return NULL; - } - - return SECOID_FindOIDByTag(hashtag); -} - -static SECOidData * -HashNameToOID(const char *hashName) -{ - HASH_HashType htype; - SECOidData *hashOID; - - for (htype = HASH_AlgNULL + 1; htype < HASH_AlgTOTAL; htype++) { - hashOID = HashTypeToOID(htype); - if (PORT_Strcasecmp(hashName, hashOID->desc) == 0) - break; - } - - if (htype == HASH_AlgTOTAL) - return NULL; - - return hashOID; -} - -static void -Usage(char *progName) -{ - HASH_HashType htype; - - fprintf(stderr, - "Usage: %s -t type [-i input] [-o output]\n", - progName); - fprintf(stderr, "%-20s Specify the digest method (must be one of\n", - "-t type"); - fprintf(stderr, "%-20s ", ""); - for (htype = HASH_AlgNULL + 1; htype < HASH_AlgTOTAL; htype++) { - fprintf(stderr, HashTypeToOID(htype)->desc); - if (htype == (HASH_AlgTOTAL - 2)) - fprintf(stderr, " or "); - else if (htype != (HASH_AlgTOTAL - 1)) - fprintf(stderr, ", "); - } - fprintf(stderr, " (case ignored))\n"); - fprintf(stderr, "%-20s Define an input file to use (default is stdin)\n", - "-i input"); - fprintf(stderr, "%-20s Define an output file to use (default is stdout)\n", - "-o output"); - exit(-1); -} - -static int -DigestFile(FILE *outFile, FILE *inFile, SECOidData *hashOID) -{ - int nb; - unsigned char ibuf[4096], digest[32]; - PK11Context *hashcx; - unsigned int len; - SECStatus rv; - - hashcx = PK11_CreateDigestContext(hashOID->offset); - if (hashcx == NULL) { - return -1; - } - PK11_DigestBegin(hashcx); - - - for (;;) { - if (feof(inFile)) break; - nb = fread(ibuf, 1, sizeof(ibuf), inFile); - if (nb != sizeof(ibuf)) { - if (nb == 0) { - if (ferror(inFile)) { - PORT_SetError(SEC_ERROR_IO); - PK11_DestroyContext(hashcx,PR_TRUE); - return -1; - } - /* eof */ - break; - } - } - rv = PK11_DigestOp(hashcx, ibuf, nb); - if (rv != SECSuccess) { - PK11_DestroyContext(hashcx, PR_TRUE); - return -1; - } - } - - rv = PK11_DigestFinal(hashcx, digest, &len, 32); - PK11_DestroyContext(hashcx, PR_TRUE); - - if (rv != SECSuccess) return -1; - - nb = fwrite(digest, 1, len, outFile); - if (nb != len) { - PORT_SetError(SEC_ERROR_IO); - return -1; - } - - return 0; -} - -#include "nss.h" - -int -main(int argc, char **argv) -{ - char *progName; - int opt; - FILE *inFile, *outFile; - char *hashName; - SECOidData *hashOID; - PLOptState *optstate; - PLOptStatus status; - SECStatus rv; - - progName = strrchr(argv[0], '/'); - progName = progName ? progName+1 : argv[0]; - - inFile = NULL; - outFile = NULL; - hashName = NULL; - - rv = NSS_Init("/tmp"); - if (rv != SECSuccess) { - fprintf(stderr, "%s: NSS_Init failed in directory %s\n", - progName, "/tmp"); - return -1; - } - - /* - * Parse command line arguments - */ - optstate = PL_CreateOptState(argc, argv, "t:i:o:"); - while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) { - switch (optstate->option) { - case '?': - Usage(progName); - break; - - case 'i': - inFile = fopen(optstate->value, "r"); - if (!inFile) { - fprintf(stderr, "%s: unable to open \"%s\" for reading\n", - progName, optstate->value); - return -1; - } - break; - - case 'o': - outFile = fopen(optstate->value, "w"); - if (!outFile) { - fprintf(stderr, "%s: unable to open \"%s\" for writing\n", - progName, optstate->value); - return -1; - } - break; - - case 't': - hashName = strdup(optstate->value); - break; - } - } - - if (!hashName) Usage(progName); - - if (!inFile) inFile = stdin; - if (!outFile) outFile = stdout; - - hashOID = HashNameToOID(hashName); - if (hashOID == NULL) { - fprintf(stderr, "%s: invalid digest type\n", progName); - Usage(progName); - } - - if (DigestFile(outFile, inFile, hashOID)) { - fprintf(stderr, "%s: problem digesting data (%s)\n", - progName, SECU_Strerror(PORT_GetError())); - return -1; - } - - if (NSS_Shutdown() != SECSuccess) { - exit(1); - } - - return 0; -} diff --git a/security/nss/cmd/digest/makefile.win b/security/nss/cmd/digest/makefile.win deleted file mode 100644 index e8ec27ca2..000000000 --- a/security/nss/cmd/digest/makefile.win +++ /dev/null @@ -1,130 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -VERBOSE = 1 -include <manifest.mn> - -#cannot define PROGRAM in manifest compatibly with NT and UNIX -PROGRAM = digest -PROGRAM = ./$(OBJDIR)/$(PROGRAM).exe -include <$(DEPTH)\config\config.mak> - -# let manifest generate C_OBJS, it will prepend ./$(OBJDIR)/ -# rules.mak will append C_OBJS onto OBJS. -# OBJS = $(CSRCS:.c=.obj) - -# include files are looked for in $LINCS and $INCS. -# $LINCS is in manifest.mnw, computed from REQUIRES= -INCS = $(INCS) \ - -I$(DEPTH)/security/lib/cert \ - -I../include \ - $(NULL) - -IGNORE_ME = \ - -I$(DEPTH)/security/lib/key \ - -I$(DEPTH)/security/lib/util \ - $(NULL) - - -WINFE = $(DEPTH)/cmd/winfe/mkfiles$(MOZ_BITS)/x86Dbg - -# these files are the content of libdbm -DBM_LIB = \ - $(WINFE)/DB.obj \ - $(WINFE)/HASH.obj \ - $(WINFE)/H_BIGKEY.obj \ - $(WINFE)/H_PAGE.obj \ - $(WINFE)/H_LOG2.obj \ - $(WINFE)/H_FUNC.obj \ - $(WINFE)/HASH_BUF.obj \ - $(NULL) - -MOZ_LIBS = \ - $(WINFE)/ALLXPSTR.obj \ - $(WINFE)/XP_ERROR.obj \ - $(WINFE)/XPASSERT.obj \ - $(WINFE)/XP_REG.obj \ - $(WINFE)/XP_TRACE.obj \ - $(DBM_LIB) \ - $(WINFE)/XP_STR.obj \ - $(WINFE)/MKTEMP.obj \ - $(NULL) - -SEC_LIBS = \ - $(DIST)/lib/cert$(MOZ_BITS).lib \ - $(DIST)/lib/crypto$(MOZ_BITS).lib \ - $(DIST)/lib/hash$(MOZ_BITS).lib \ - $(DIST)/lib/key$(MOZ_BITS).lib \ - $(DIST)/lib/pkcs7$(MOZ_BITS).lib \ - $(DIST)/lib/secmod$(MOZ_BITS).lib \ - $(DIST)/lib/secutl$(MOZ_BITS).lib \ - $(DIST)/lib/ssl$(MOZ_BITS).lib \ - $(NULL) - -LLFLAGS = $(LLFLAGS) \ - ../lib/$(OBJDIR)/sectool$(MOZ_BITS).lib \ - $(SEC_LIBS) \ - $(MOZ_LIBS) \ - $(DEPTH)/nspr/src/$(OBJDIR)/getopt.obj \ - $(LIBNSPR) \ - $(NULL) - - -include <$(DEPTH)\config\rules.mak> - -INSTALL = $(MAKE_INSTALL) - -objs: $(OBJS) - -$(PROGRAM):: - $(INSTALL) $(DIST)/bin/pr3240.dll ./$(OBJDIR) - -programs: $(PROGRAM) - -install:: $(TARGETS) - $(INSTALL) $(TARGETS) $(DIST)/bin - - -symbols: - @echo "CSRCS = $(CSRCS)" - @echo "INCS = $(INCS)" - @echo "OBJS = $(OBJS)" - @echo "LIBRARY = $(LIBRARY)" - @echo "PROGRAM = $(PROGRAM)" - @echo "TARGETS = $(TARGETS)" - @echo "DIST = $(DIST)" - @echo "VERSION_NUMBER = $(VERSION_NUMBER)" - @echo "WINFE = $(WINFE)" - @echo "DBM_LIB = $(DBM_LIB)" - @echo "INSTALL = $(INSTALL)" - diff --git a/security/nss/cmd/digest/manifest.mn b/security/nss/cmd/digest/manifest.mn deleted file mode 100644 index c84152d01..000000000 --- a/security/nss/cmd/digest/manifest.mn +++ /dev/null @@ -1,50 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -CORE_DEPTH = ../../.. - -# MODULE public and private header directories are implicitly REQUIRED. -MODULE = nss - -# This next line is used by .mk files -# and gets translated into $LINCS in manifest.mnw -# The MODULE is always implicitly required. -# Listing it here in REQUIRES makes it appear twice in the cc command line. -REQUIRES = seccmd dbm - -DEFINES = -DNSPR20 - -CSRCS = digest.c - -PROGRAM = digest - diff --git a/security/nss/cmd/ilock/Makefile b/security/nss/cmd/ilock/Makefile deleted file mode 100644 index 4e39ffc3f..000000000 --- a/security/nss/cmd/ilock/Makefile +++ /dev/null @@ -1,75 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - -include ../platlibs.mk - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - - -include ../platrules.mk - diff --git a/security/nss/cmd/ilock/ilock.c b/security/nss/cmd/ilock/ilock.c deleted file mode 100644 index 3e2390b8d..000000000 --- a/security/nss/cmd/ilock/ilock.c +++ /dev/null @@ -1,199 +0,0 @@ -/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape Portable Runtime (NSPR). - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1998-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -/* -** File: ilock.c -** Description: ilock.c is a unit test for nssilock. ilock.c -** tests the basic operation of nssilock. It should not be -** considered a complete test suite. -** -** To check that logging works, before running this test, -** define the following environment variables: -** -** -** -** -** -*/ - -#include <stdio.h> -#include <stdlib.h> -#include <plgetopt.h> -#include <nspr.h> -#include <nssilock.h> - - -/* -** Test harness infrastructure -*/ -PRLogModuleInfo *lm; -PRLogModuleLevel msgLevel = PR_LOG_NONE; -PRIntn debug = 0; -PRUint32 failed_already = 0; -/* end Test harness infrastructure */ - -PRIntn optIterations = 1; /* default iterations */ - -PRIntn main(PRIntn argc, char *argv[]) -{ - PRIntn i; - { - /* - ** Get command line options - */ - PLOptStatus os; - PLOptState *opt = PL_CreateOptState(argc, argv, "hdvi:"); - - while (PL_OPT_EOL != (os = PL_GetNextOpt(opt))) - { - if (PL_OPT_BAD == os) continue; - switch (opt->option) - { - case 'd': /* debug */ - debug = 1; - msgLevel = PR_LOG_ERROR; - break; - case 'v': /* verbose mode */ - msgLevel = PR_LOG_DEBUG; - break; - case 'i': /* number of iterations */ - optIterations = atol( opt->value ); - if ( 0 == optIterations ) optIterations = 1; /* coerce default on zero */ - break; - default: - break; - } - } - PL_DestroyOptState(opt); - } - - for ( i = 0 ; i < optIterations ; i++ ) { - /* First, test Lock */ - { - PZLock *pl; - PZMonitor *pm; - PZCondVar *cv; - PRStatus rc; - - pl = PZ_NewLock( nssILockOther ); - if ( NULL == pl ) { - failed_already = PR_TRUE; - goto Finished; - } - PZ_Lock( pl ); - - rc = PZ_Unlock( pl ); - if ( PR_FAILURE == rc ) { - failed_already = PR_TRUE; - goto Finished; - } - PZ_DestroyLock( pl ); - - /* now, test CVar */ - /* re-create the lock we just destroyed */ - pl = PZ_NewLock( nssILockOther ); - if ( NULL == pl ) { - failed_already = PR_TRUE; - goto Finished; - } - - cv = PZ_NewCondVar( pl ); - if ( NULL == cv ) { - failed_already = PR_TRUE; - goto Finished; - } - - PZ_Lock( pl ); - rc = PZ_NotifyCondVar( cv ); - if ( PR_FAILURE == rc ) { - failed_already = PR_TRUE; - goto Finished; - } - - rc = PZ_NotifyAllCondVar( cv ); - if ( PR_FAILURE == rc ) { - failed_already = PR_TRUE; - goto Finished; - } - - rc = PZ_WaitCondVar( cv, PR_SecondsToInterval(1)); - if ( PR_FAILURE == rc ) { - if ( PR_UNKNOWN_ERROR != PR_GetError()) { - failed_already = PR_TRUE; - goto Finished; - } - } - PZ_Unlock( pl ); - PZ_DestroyCondVar( cv ); - - /* Now, test Monitor */ - pm = PZ_NewMonitor( nssILockOther ); - if ( NULL == pm ) { - failed_already = PR_TRUE; - goto Finished; - } - - PZ_EnterMonitor( pm ); - - rc = PZ_Notify( pm ); - if ( PR_FAILURE == rc ) { - failed_already = PR_TRUE; - goto Finished; - } - rc = PZ_NotifyAll( pm ); - if ( PR_FAILURE == rc ) { - failed_already = PR_TRUE; - goto Finished; - } - rc = PZ_Wait( pm, PR_INTERVAL_NO_WAIT ); - if ( PR_FAILURE == rc ) { - failed_already = PR_TRUE; - goto Finished; - } - rc = PZ_ExitMonitor( pm ); - if ( PR_FAILURE == rc ) { - failed_already = PR_TRUE; - goto Finished; - } - PZ_DestroyMonitor( pm ); - } - } /* --- end for() --- */ - - -Finished: - if (debug) printf("%s\n", (failed_already)? "FAIL" : "PASS"); - return( (failed_already == PR_TRUE )? 1 : 0 ); -} /* main() */ -/* end ilock.c */ - diff --git a/security/nss/cmd/ilock/manifest.mn b/security/nss/cmd/ilock/manifest.mn deleted file mode 100644 index 4a8f7988c..000000000 --- a/security/nss/cmd/ilock/manifest.mn +++ /dev/null @@ -1,44 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# -CORE_DEPTH = ../../.. - -DEFINES += -DNSPR20 - -# MODULE public and private header directories are implicitly REQUIRED. -MODULE = nss - -CSRCS = ilock.c - -PROGRAM = ilock -# PROGRAM = ./$(OBJDIR)/ilock.exe - diff --git a/security/nss/cmd/include/secnew.h b/security/nss/cmd/include/secnew.h deleted file mode 100644 index eb4c30acd..000000000 --- a/security/nss/cmd/include/secnew.h +++ /dev/null @@ -1,163 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ -#ifndef __secnew_h_ -#define __secnew_h_ - -#include <stdio.h> - -typedef struct BERTemplateStr BERTemplate; -typedef struct BERParseStr BERParse; -typedef struct SECArbStr SECArb; - -/* - * An array of these structures define an encoding for an object using - * DER. The array is terminated with an entry where kind == 0. - */ -struct BERTemplateStr { - /* Kind of item to decode/encode */ - unsigned long kind; - - /* - * Offset from base of structure to SECItem that will hold - * decoded/encoded value. - */ - unsigned short offset; - - /* - * Used with DER_SET or DER_SEQUENCE. If not zero then points to a - * sub-template. The sub-template is filled in and completed before - * continuing on. - */ - BERTemplate *sub; - - /* - * Argument value, dependent on kind. Size of structure to allocate - * when kind==DER_POINTER For Context-Specific Implicit types its the - * underlying type to use. - */ - unsigned long arg; -}; - -/* - * an arbitrary object - */ -struct SECArbStr { - unsigned long tag; /* NOTE: does not support high tag form */ - unsigned long length; /* as reported in stream */ - union { - SECItem item; - struct { - int numSubs; - SECArb **subs; - } cons; - } body; -}; - -/* - * Decode a piece of der encoded data. - * "dest" points to a structure that will be filled in with the - * decoding results. - * "t" is a template structure which defines the shape of the - * expected data. - * "src" is the ber encoded data. - */ - -extern SECStatus BER_Decode(PRArenaPool * arena, void *dest, BERTemplate *t, - SECArb *arb); - - -/* - * Encode a data structure into DER. - * "dest" will be filled in (and memory allocated) to hold the der - * encoded structure in "src" - * "t" is a template structure which defines the shape of the - * stored data - * "src" is a pointer to the structure that will be encoded - */ - -extern SECStatus BER_Encode(PRArenaPool *arena, SECItem *dest, BERTemplate *t, - void *src); - -/* - * Client provided function that will get called with all the bytes - * passing through the parser - */ -typedef void (*BERFilterProc)(void *instance, unsigned char *buf, int length); - -/* - * Client provided function that can will be called after the tag and - * length information has been collected. It can be set up to be called - * either before or after the data has been colleced. - */ -typedef void (*BERNotifyProc)( - void *instance, SECArb *arb, int depth, PRBool before); - -extern BERParse *BER_ParseInit(PRArenaPool *arena, PRBool forceDER); -extern SECArb *BER_ParseFini(BERParse *h); -extern SECStatus BER_ParseSome(BERParse *h, unsigned char *buf, int len); - -extern void BER_SetFilter(BERParse *h, BERFilterProc proc, void *instance); -extern void BER_SetLeafStorage(BERParse *h, PRBool keep); -extern void BER_SetNotifyProc(BERParse *h, BERNotifyProc proc, void *instance, - PRBool beforeData); - -/* - * A BERUnparseProc is used as a callback to put the encoded SECArb tree - * tree to some stream. It returns PR_TRUE if the unparsing is to be - * aborted. - */ -typedef SECStatus (*BERUnparseProc)( - void *instance, unsigned char *data, int length, SECArb* arb); - -/* - * BER_Unparse walks the SECArb tree calling the BERUnparseProc with - * various pieces. It returns SECFailure if there was an error during that - * tree walk. - */ -extern SECStatus BER_Unparse(SECArb *arb, BERUnparseProc proc, void *instance); - -/* - * BER_ResolveLengths does a recursive walk through the tree generating - * non-zero entries for the length field of each node. It will fail if it - * discoveres a non-constructed node with a unknown length data field. - * Leaves are supposed to be of known length. - */ -extern SECStatus BER_ResolveLengths(SECArb *arb); - -/* - * BER_PRettyPrintArb will write an ASCII version of the tree to the FILE - * out. - */ -extern SECStatus BER_PrettyPrintArb(FILE *out, SECArb* a); - -#endif /* __secnew_h_ */ diff --git a/security/nss/cmd/keyutil/Makefile b/security/nss/cmd/keyutil/Makefile deleted file mode 100644 index a2ed814be..000000000 --- a/security/nss/cmd/keyutil/Makefile +++ /dev/null @@ -1,73 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - -include ../platlibs.mk - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - -include ../platrules.mk diff --git a/security/nss/cmd/keyutil/keyutil.c b/security/nss/cmd/keyutil/keyutil.c deleted file mode 100644 index 65e6ad8b0..000000000 --- a/security/nss/cmd/keyutil/keyutil.c +++ /dev/null @@ -1,340 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -#include <stdio.h> -#include <string.h> -#include "secutil.h" - -#if defined(XP_UNIX) -#include <unistd.h> -#include <sys/time.h> -#include <termios.h> -#endif - -#include "secopt.h" - -#if defined(XP_WIN) -#include <time.h> -#include <conio.h> -#endif - -#if defined(__sun) && !defined(SVR4) -extern int fclose(FILE*); -extern int fprintf(FILE *, char *, ...); -extern int getopt(int, char**, char*); -extern int isatty(int); -extern char *optarg; -extern char *sys_errlist[]; -#define strerror(errno) sys_errlist[errno] -#endif - -#include "nspr.h" -#include "prtypes.h" -#include "prtime.h" -#include "prlong.h" - -static char *progName; - -static SECStatus -ListKeys(SECKEYKeyDBHandle *handle, FILE *out) -{ - int rt; - - rt = SECU_PrintKeyNames(handle, out); - if (rt) { - SECU_PrintError(progName, "unable to list nicknames"); - return SECFailure; - } - return SECSuccess; -} - -static SECStatus -DumpPublicKey(SECKEYKeyDBHandle *handle, char *nickname, FILE *out) -{ - SECKEYLowPrivateKey *privKey; - SECKEYLowPublicKey *publicKey; - - /* check if key actually exists */ - if (SECU_CheckKeyNameExists(handle, nickname) == PR_FALSE) { - SECU_PrintError(progName, "the key \"%s\" does not exist", nickname); - return SECFailure; - } - - /* Read in key */ - privKey = SECU_GetPrivateKey(handle, nickname); - if (!privKey) { - return SECFailure; - } - - publicKey = SECKEY_LowConvertToPublicKey(privKey); - - /* Output public key (in the clear) */ - switch(publicKey->keyType) { - case rsaKey: - fprintf(out, "RSA Public-Key:\n"); - SECU_PrintInteger(out, &publicKey->u.rsa.modulus, "modulus", 1); - SECU_PrintInteger(out, &publicKey->u.rsa.publicExponent, - "publicExponent", 1); - break; - case dsaKey: - fprintf(out, "DSA Public-Key:\n"); - SECU_PrintInteger(out, &publicKey->u.dsa.params.prime, "prime", 1); - SECU_PrintInteger(out, &publicKey->u.dsa.params.subPrime, - "subPrime", 1); - SECU_PrintInteger(out, &publicKey->u.dsa.params.base, "base", 1); - SECU_PrintInteger(out, &publicKey->u.dsa.publicValue, "publicValue", 1); - break; - default: - fprintf(out, "unknown key type\n"); - break; - } - return SECSuccess; -} - -static SECStatus -DumpPrivateKey(SECKEYKeyDBHandle *handle, char *nickname, FILE *out) -{ - SECKEYLowPrivateKey *key; - - /* check if key actually exists */ - if (SECU_CheckKeyNameExists(handle, nickname) == PR_FALSE) { - SECU_PrintError(progName, "the key \"%s\" does not exist", nickname); - return SECFailure; - } - - /* Read in key */ - key = SECU_GetPrivateKey(handle, nickname); - if (!key) { - SECU_PrintError(progName, "error retrieving key"); - return SECFailure; - } - - switch(key->keyType) { - case rsaKey: - fprintf(out, "RSA Private-Key:\n"); - SECU_PrintInteger(out, &key->u.rsa.modulus, "modulus", 1); - SECU_PrintInteger(out, &key->u.rsa.publicExponent, "publicExponent", 1); - SECU_PrintInteger(out, &key->u.rsa.privateExponent, - "privateExponent", 1); - SECU_PrintInteger(out, &key->u.rsa.prime1, "prime1", 1); - SECU_PrintInteger(out, &key->u.rsa.prime2, "prime2", 1); - SECU_PrintInteger(out, &key->u.rsa.exponent1, "exponent1", 1); - SECU_PrintInteger(out, &key->u.rsa.exponent2, "exponent2", 1); - SECU_PrintInteger(out, &key->u.rsa.coefficient, "coefficient", 1); - break; - case dsaKey: - fprintf(out, "DSA Private-Key:\n"); - SECU_PrintInteger(out, &key->u.dsa.params.prime, "prime", 1); - SECU_PrintInteger(out, &key->u.dsa.params.subPrime, "subPrime", 1); - SECU_PrintInteger(out, &key->u.dsa.params.base, "base", 1); - SECU_PrintInteger(out, &key->u.dsa.publicValue, "publicValue", 1); - SECU_PrintInteger(out, &key->u.dsa.privateValue, "privateValue", 1); - break; - default: - fprintf(out, "unknown key type\n"); - break; - } - return SECSuccess; -} - -static SECStatus -ChangePassword(SECKEYKeyDBHandle *handle) -{ - SECStatus rv; - - /* Write out database with a new password */ - rv = SECU_ChangeKeyDBPassword(handle, NULL); - if (rv) { - SECU_PrintError(progName, "unable to change key password"); - } - return rv; -} - -static SECStatus -DeletePrivateKey (SECKEYKeyDBHandle *keyHandle, char *nickName) -{ - SECStatus rv; - - rv = SECU_DeleteKeyByName (keyHandle, nickName); - if (rv != SECSuccess) - fprintf(stderr, "%s: problem deleting private key (%s)\n", - progName, SECU_Strerror(PR_GetError())); - return (rv); - -} - - -static void -Usage(const char *progName) -{ - fprintf(stderr, - "Usage: %s -p name [-d keydir]\n", progName); - fprintf(stderr, - " %s -P name [-d keydir]\n", progName); - fprintf(stderr, - " %s -D name [-d keydir]\n", progName); - fprintf(stderr, - " %s -l [-d keydir]\n", progName); - fprintf(stderr, - " %s -c [-d keydir]\n", progName); - - fprintf(stderr, "%-20s Pretty print public key info for named key\n", - "-p nickname"); - fprintf(stderr, "%-20s Pretty print private key info for named key\n", - "-P nickname"); - fprintf(stderr, "%-20s Delete named private key from the key database\n", - "-D nickname"); - fprintf(stderr, "%-20s List the nicknames for the keys in a database\n", - "-l"); - fprintf(stderr, "%-20s Change the key database password\n", - "-c"); - fprintf(stderr, "\n"); - fprintf(stderr, "%-20s Key database directory (default is ~/.netscape)\n", - "-d keydir"); - - exit(-1); -} - -int main(int argc, char **argv) -{ - int o, changePassword, deleteKey, dumpPublicKey, dumpPrivateKey, list; - char *nickname; - SECStatus rv; - SECKEYKeyDBHandle *keyHandle; - - progName = strrchr(argv[0], '/'); - progName = progName ? progName+1 : argv[0]; - - /* Parse command line arguments */ - changePassword = deleteKey = dumpPublicKey = dumpPrivateKey = list = 0; - nickname = NULL; - - while ((o = getopt(argc, argv, "ADP:cd:glp:")) != -1) { - switch (o) { - case '?': - Usage(progName); - break; - - case 'A': - fprintf(stderr, "%s: Can no longer add a key.", progName); - fprintf(stderr, " Use pkcs12 to import a key.\n\n"); - Usage(progName); - break; - - case 'D': - deleteKey = 1; - nickname = optarg; - break; - - case 'P': - dumpPrivateKey = 1; - nickname = optarg; - break; - - case 'c': - changePassword = 1; - break; - - case 'd': - SECU_ConfigDirectory(optarg); - break; - - case 'g': - fprintf(stderr, "%s: Can no longer generate a key.", progName); - fprintf(stderr, " Use certutil to generate a cert request.\n\n"); - Usage(progName); - break; - - case 'l': - list = 1; - break; - - case 'p': - dumpPublicKey = 1; - nickname = optarg; - break; - } - } - - if (dumpPublicKey+changePassword+dumpPrivateKey+list+deleteKey != 1) - Usage(progName); - - if ((list || changePassword) && nickname) - Usage(progName); - - if ((dumpPublicKey || dumpPrivateKey || deleteKey) && !nickname) - Usage(progName); - - - /* Call the libsec initialization routines */ - PR_Init( PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1); - SEC_Init(); - - /* - * XXX Note that the following opens the key database writable. - * If dumpPublicKey or dumpPrivateKey or list, though, we only want - * to open it read-only. There needs to be a better interface - * to the initialization routines so that we can specify which way - * to open it. - */ - rv = SECU_PKCS11Init(); - if (rv != SECSuccess) { - SECU_PrintError(progName, "SECU_PKCS11Init failed"); - return -1; - } - - keyHandle = SECKEY_GetDefaultKeyDB(); - if (keyHandle == NULL) { - SECU_PrintError(progName, "could not open key database"); - return -1; - } - - if (dumpPublicKey) { - rv = DumpPublicKey(keyHandle, nickname, stdout); - } else - if (changePassword) { - rv = ChangePassword(keyHandle); - } else - if (dumpPrivateKey) { - rv = DumpPrivateKey(keyHandle, nickname, stdout); - } else - if (list) { - rv = ListKeys(keyHandle, stdout); - } else - if (deleteKey) { - rv = DeletePrivateKey(keyHandle, nickname); - } - - - return rv ? -1 : 0; -} diff --git a/security/nss/cmd/keyutil/manifest.mn b/security/nss/cmd/keyutil/manifest.mn deleted file mode 100644 index e20a3d330..000000000 --- a/security/nss/cmd/keyutil/manifest.mn +++ /dev/null @@ -1,50 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -CORE_DEPTH = ../../.. - -DEFINES += -DNSPR20 - -# MODULE public and private header directories are implicitly REQUIRED. -MODULE = nss - -CSRCS = \ - keyutil.c \ - $(NULL) - -# The MODULE is always implicitly required. -# Listing it here in REQUIRES makes it appear twice in the cc command line. -REQUIRES = seccmd dbm - - -PROGRAM = keyutil diff --git a/security/nss/cmd/lib/Makefile b/security/nss/cmd/lib/Makefile deleted file mode 100644 index 217e25668..000000000 --- a/security/nss/cmd/lib/Makefile +++ /dev/null @@ -1,76 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - -include config.mk - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - -$(OBJDIR)/secerror$(OBJ_SUFFIX): NSPRerrs.h SECerrs.h SSLerrs.h - diff --git a/security/nss/cmd/lib/NSPRerrs.h b/security/nss/cmd/lib/NSPRerrs.h deleted file mode 100644 index 5e2cd793e..000000000 --- a/security/nss/cmd/lib/NSPRerrs.h +++ /dev/null @@ -1,150 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ -/* General NSPR 2.0 errors */ -/* Caller must #include "prerror.h" */ - -ER2( PR_OUT_OF_MEMORY_ERROR, "Memory allocation attempt failed." ) -ER2( PR_BAD_DESCRIPTOR_ERROR, "Invalid file descriptor." ) -ER2( PR_WOULD_BLOCK_ERROR, "The operation would have blocked." ) -ER2( PR_ACCESS_FAULT_ERROR, "Invalid memory address argument." ) -ER2( PR_INVALID_METHOD_ERROR, "Invalid function for file type." ) -ER2( PR_ILLEGAL_ACCESS_ERROR, "Invalid memory address argument." ) -ER2( PR_UNKNOWN_ERROR, "Some unknown error has occurred." ) -ER2( PR_PENDING_INTERRUPT_ERROR,"Operation interrupted by another thread." ) -ER2( PR_NOT_IMPLEMENTED_ERROR, "function not implemented." ) -ER2( PR_IO_ERROR, "I/O function error." ) -ER2( PR_IO_TIMEOUT_ERROR, "I/O operation timed out." ) -ER2( PR_IO_PENDING_ERROR, "I/O operation on busy file descriptor." ) -ER2( PR_DIRECTORY_OPEN_ERROR, "The directory could not be opened." ) -ER2( PR_INVALID_ARGUMENT_ERROR, "Invalid function argument." ) -ER2( PR_ADDRESS_NOT_AVAILABLE_ERROR, "Network address not available (in use?)." ) -ER2( PR_ADDRESS_NOT_SUPPORTED_ERROR, "Network address type not supported." ) -ER2( PR_IS_CONNECTED_ERROR, "Already connected." ) -ER2( PR_BAD_ADDRESS_ERROR, "Network address is invalid." ) -ER2( PR_ADDRESS_IN_USE_ERROR, "Local Network address is in use." ) -ER2( PR_CONNECT_REFUSED_ERROR, "Connection refused by peer." ) -ER2( PR_NETWORK_UNREACHABLE_ERROR, "Network address is presently unreachable." ) -ER2( PR_CONNECT_TIMEOUT_ERROR, "Connection attempt timed out." ) -ER2( PR_NOT_CONNECTED_ERROR, "Network file descriptor is not connected." ) -ER2( PR_LOAD_LIBRARY_ERROR, "Failure to load dynamic library." ) -ER2( PR_UNLOAD_LIBRARY_ERROR, "Failure to unload dynamic library." ) -ER2( PR_FIND_SYMBOL_ERROR, -"Symbol not found in any of the loaded dynamic libraries." ) -ER2( PR_INSUFFICIENT_RESOURCES_ERROR, "Insufficient system resources." ) -ER2( PR_DIRECTORY_LOOKUP_ERROR, -"A directory lookup on a network address has failed." ) -ER2( PR_TPD_RANGE_ERROR, -"Attempt to access a TPD key that is out of range." ) -ER2( PR_PROC_DESC_TABLE_FULL_ERROR, "Process open FD table is full." ) -ER2( PR_SYS_DESC_TABLE_FULL_ERROR, "System open FD table is full." ) -ER2( PR_NOT_SOCKET_ERROR, -"Network operation attempted on non-network file descriptor." ) -ER2( PR_NOT_TCP_SOCKET_ERROR, -"TCP-specific function attempted on a non-TCP file descriptor." ) -ER2( PR_SOCKET_ADDRESS_IS_BOUND_ERROR, "TCP file descriptor is already bound." ) -ER2( PR_NO_ACCESS_RIGHTS_ERROR, "Access Denied." ) -ER2( PR_OPERATION_NOT_SUPPORTED_ERROR, -"The requested operation is not supported by the platform." ) -ER2( PR_PROTOCOL_NOT_SUPPORTED_ERROR, -"The host operating system does not support the protocol requested." ) -ER2( PR_REMOTE_FILE_ERROR, "Access to the remote file has been severed." ) -ER2( PR_BUFFER_OVERFLOW_ERROR, -"The value requested is too large to be stored in the data buffer provided." ) -ER2( PR_CONNECT_RESET_ERROR, "TCP connection reset by peer." ) -ER2( PR_RANGE_ERROR, "Unused." ) -ER2( PR_DEADLOCK_ERROR, "The operation would have deadlocked." ) -ER2( PR_FILE_IS_LOCKED_ERROR, "The file is already locked." ) -ER2( PR_FILE_TOO_BIG_ERROR, -"Write would result in file larger than the system allows." ) -ER2( PR_NO_DEVICE_SPACE_ERROR, "The device for storing the file is full." ) -ER2( PR_PIPE_ERROR, "Unused." ) -ER2( PR_NO_SEEK_DEVICE_ERROR, "Unused." ) -ER2( PR_IS_DIRECTORY_ERROR, -"Cannot perform a normal file operation on a directory." ) -ER2( PR_LOOP_ERROR, "Symbolic link loop." ) -ER2( PR_NAME_TOO_LONG_ERROR, "File name is too long." ) -ER2( PR_FILE_NOT_FOUND_ERROR, "File not found." ) -ER2( PR_NOT_DIRECTORY_ERROR, -"Cannot perform directory operation on a normal file." ) -ER2( PR_READ_ONLY_FILESYSTEM_ERROR, -"Cannot write to a read-only file system." ) -ER2( PR_DIRECTORY_NOT_EMPTY_ERROR, -"Cannot delete a directory that is not empty." ) -ER2( PR_FILESYSTEM_MOUNTED_ERROR, -"Cannot delete or rename a file object while the file system is busy." ) -ER2( PR_NOT_SAME_DEVICE_ERROR, -"Cannot rename a file to a file system on another device." ) -ER2( PR_DIRECTORY_CORRUPTED_ERROR, -"The directory object in the file system is corrupted." ) -ER2( PR_FILE_EXISTS_ERROR, -"Cannot create or rename a filename that already exists." ) -ER2( PR_MAX_DIRECTORY_ENTRIES_ERROR, -"Directory is full. No additional filenames may be added." ) -ER2( PR_INVALID_DEVICE_STATE_ERROR, -"The required device was in an invalid state." ) -ER2( PR_DEVICE_IS_LOCKED_ERROR, "The device is locked." ) -ER2( PR_NO_MORE_FILES_ERROR, "No more entries in the directory." ) -ER2( PR_END_OF_FILE_ERROR, "Encountered end of file." ) -ER2( PR_FILE_SEEK_ERROR, "Seek error." ) -ER2( PR_FILE_IS_BUSY_ERROR, "The file is busy." ) -ER2( PR_IN_PROGRESS_ERROR, -"Operation is still in progress (probably a non-blocking connect)." ) -ER2( PR_ALREADY_INITIATED_ERROR, -"Operation has already been initiated (probably a non-blocking connect)." ) - -#ifdef PR_GROUP_EMPTY_ERROR -ER2( PR_GROUP_EMPTY_ERROR, "The wait group is empty." ) -#endif - -#ifdef PR_INVALID_STATE_ERROR -ER2( PR_INVALID_STATE_ERROR, "Object state improper for request." ) -#endif - -#ifdef PR_NETWORK_DOWN_ERROR -ER2( PR_NETWORK_DOWN_ERROR, "Network is down." ) -#endif - -#ifdef PR_SOCKET_SHUTDOWN_ERROR -ER2( PR_SOCKET_SHUTDOWN_ERROR, "The socket was previously shut down." ) -#endif - -#ifdef PR_CONNECT_ABORTED_ERROR -ER2( PR_CONNECT_ABORTED_ERROR, "TCP Connection aborted." ) -#endif - -#ifdef PR_HOST_UNREACHABLE_ERROR -ER2( PR_HOST_UNREACHABLE_ERROR, "Host is unreachable." ) -#endif - -/* always last */ -ER2( PR_MAX_ERROR, "Placeholder for the end of the list" ) diff --git a/security/nss/cmd/lib/SECerrs.h b/security/nss/cmd/lib/SECerrs.h deleted file mode 100644 index 218d43be1..000000000 --- a/security/nss/cmd/lib/SECerrs.h +++ /dev/null @@ -1,479 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -/* General security error codes */ -/* Caller must #include "secerr.h" */ - -ER3(SEC_ERROR_IO, SEC_ERROR_BASE + 0, -"An I/O error occurred during security authorization.") - -ER3(SEC_ERROR_LIBRARY_FAILURE, SEC_ERROR_BASE + 1, -"security library failure.") - -ER3(SEC_ERROR_BAD_DATA, SEC_ERROR_BASE + 2, -"security library: received bad data.") - -ER3(SEC_ERROR_OUTPUT_LEN, SEC_ERROR_BASE + 3, -"security library: output length error.") - -ER3(SEC_ERROR_INPUT_LEN, SEC_ERROR_BASE + 4, -"security library has experienced an input length error.") - -ER3(SEC_ERROR_INVALID_ARGS, SEC_ERROR_BASE + 5, -"security library: invalid arguments.") - -ER3(SEC_ERROR_INVALID_ALGORITHM, SEC_ERROR_BASE + 6, -"security library: invalid algorithm.") - -ER3(SEC_ERROR_INVALID_AVA, SEC_ERROR_BASE + 7, -"security library: invalid AVA.") - -ER3(SEC_ERROR_INVALID_TIME, SEC_ERROR_BASE + 8, -"Improperly formatted time string.") - -ER3(SEC_ERROR_BAD_DER, SEC_ERROR_BASE + 9, -"security library: improperly formatted DER-encoded message.") - -ER3(SEC_ERROR_BAD_SIGNATURE, SEC_ERROR_BASE + 10, -"Peer's certificate has an invalid signature.") - -ER3(SEC_ERROR_EXPIRED_CERTIFICATE, SEC_ERROR_BASE + 11, -"Peer's Certificate has expired.") - -ER3(SEC_ERROR_REVOKED_CERTIFICATE, SEC_ERROR_BASE + 12, -"Peer's Certificate has been revoked.") - -ER3(SEC_ERROR_UNKNOWN_ISSUER, SEC_ERROR_BASE + 13, -"Peer's Certificate issuer is not recognized.") - -ER3(SEC_ERROR_BAD_KEY, SEC_ERROR_BASE + 14, -"Peer's public key is invalid.") - -ER3(SEC_ERROR_BAD_PASSWORD, SEC_ERROR_BASE + 15, -"The security password entered is incorrect.") - -ER3(SEC_ERROR_RETRY_PASSWORD, SEC_ERROR_BASE + 16, -"New password entered incorrectly. Please try again.") - -ER3(SEC_ERROR_NO_NODELOCK, SEC_ERROR_BASE + 17, -"security library: no nodelock.") - -ER3(SEC_ERROR_BAD_DATABASE, SEC_ERROR_BASE + 18, -"security library: bad database.") - -ER3(SEC_ERROR_NO_MEMORY, SEC_ERROR_BASE + 19, -"security library: memory allocation failure.") - -ER3(SEC_ERROR_UNTRUSTED_ISSUER, SEC_ERROR_BASE + 20, -"Peer's certificate issuer has been marked as not trusted by the user.") - -ER3(SEC_ERROR_UNTRUSTED_CERT, SEC_ERROR_BASE + 21, -"Peer's certificate has been marked as not trusted by the user.") - -ER3(SEC_ERROR_DUPLICATE_CERT, (SEC_ERROR_BASE + 22), -"Certificate already exists in your database.") - -ER3(SEC_ERROR_DUPLICATE_CERT_NAME, (SEC_ERROR_BASE + 23), -"Downloaded certificate's name duplicates one already in your database.") - -ER3(SEC_ERROR_ADDING_CERT, (SEC_ERROR_BASE + 24), -"Error adding certificate to database.") - -ER3(SEC_ERROR_FILING_KEY, (SEC_ERROR_BASE + 25), -"Error refiling the key for this certificate.") - -ER3(SEC_ERROR_NO_KEY, (SEC_ERROR_BASE + 26), -"The private key for this certificate cannot be found in key database") - -ER3(SEC_ERROR_CERT_VALID, (SEC_ERROR_BASE + 27), -"This certificate is valid.") - -ER3(SEC_ERROR_CERT_NOT_VALID, (SEC_ERROR_BASE + 28), -"This certificate is not valid.") - -ER3(SEC_ERROR_CERT_NO_RESPONSE, (SEC_ERROR_BASE + 29), -"Cert Library: No Response") - -ER3(SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE, (SEC_ERROR_BASE + 30), -"The certificate issuer's certificate has expired. Check your system date and time.") - -ER3(SEC_ERROR_CRL_EXPIRED, (SEC_ERROR_BASE + 31), -"The CRL for the certificate's issuer has expired. Update it or check your system data and time.") - -ER3(SEC_ERROR_CRL_BAD_SIGNATURE, (SEC_ERROR_BASE + 32), -"The CRL for the certificate's issuer has an invalid signature.") - -ER3(SEC_ERROR_CRL_INVALID, (SEC_ERROR_BASE + 33), -"New CRL has an invalid format.") - -ER3(SEC_ERROR_EXTENSION_VALUE_INVALID, (SEC_ERROR_BASE + 34), -"Certificate extension value is invalid.") - -ER3(SEC_ERROR_EXTENSION_NOT_FOUND, (SEC_ERROR_BASE + 35), -"Certificate extension not found.") - -ER3(SEC_ERROR_CA_CERT_INVALID, (SEC_ERROR_BASE + 36), -"Issuer certificate is invalid.") - -ER3(SEC_ERROR_PATH_LEN_CONSTRAINT_INVALID, (SEC_ERROR_BASE + 37), -"Certificate path length constraint is invalid.") - -ER3(SEC_ERROR_CERT_USAGES_INVALID, (SEC_ERROR_BASE + 38), -"Certificate usages field is invalid.") - -ER3(SEC_INTERNAL_ONLY, (SEC_ERROR_BASE + 39), -"**Internal ONLY module**") - -ER3(SEC_ERROR_INVALID_KEY, (SEC_ERROR_BASE + 40), -"The key does not support the requested operation.") - -ER3(SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION, (SEC_ERROR_BASE + 41), -"Certificate contains unknown critical extension.") - -ER3(SEC_ERROR_OLD_CRL, (SEC_ERROR_BASE + 42), -"New CRL is not later than the current one.") - -ER3(SEC_ERROR_NO_EMAIL_CERT, (SEC_ERROR_BASE + 43), -"Not encrypted or signed: you do not yet have an email certificate.") - -ER3(SEC_ERROR_NO_RECIPIENT_CERTS_QUERY, (SEC_ERROR_BASE + 44), -"Not encrypted: you do not have certificates for each of the recipients.") - -ER3(SEC_ERROR_NOT_A_RECIPIENT, (SEC_ERROR_BASE + 45), -"Cannot decrypt: you are not a recipient, or matching certificate and \ -private key not found.") - -ER3(SEC_ERROR_PKCS7_KEYALG_MISMATCH, (SEC_ERROR_BASE + 46), -"Cannot decrypt: key encryption algorithm does not match your certificate.") - -ER3(SEC_ERROR_PKCS7_BAD_SIGNATURE, (SEC_ERROR_BASE + 47), -"Signature verification failed: no signer found, too many signers found, \ -or improper or corrupted data.") - -ER3(SEC_ERROR_UNSUPPORTED_KEYALG, (SEC_ERROR_BASE + 48), -"Unsupported or unknown key algorithm.") - -ER3(SEC_ERROR_DECRYPTION_DISALLOWED, (SEC_ERROR_BASE + 49), -"Cannot decrypt: encrypted using a disallowed algorithm or key size.") - - -/* Fortezza Alerts */ -ER3(XP_SEC_FORTEZZA_BAD_CARD, (SEC_ERROR_BASE + 50), -"Fortezza card has not been properly initialized. \ -Please remove it and return it to your issuer.") - -ER3(XP_SEC_FORTEZZA_NO_CARD, (SEC_ERROR_BASE + 51), -"No Fortezza cards Found") - -ER3(XP_SEC_FORTEZZA_NONE_SELECTED, (SEC_ERROR_BASE + 52), -"No Fortezza card selected") - -ER3(XP_SEC_FORTEZZA_MORE_INFO, (SEC_ERROR_BASE + 53), -"Please select a personality to get more info on") - -ER3(XP_SEC_FORTEZZA_PERSON_NOT_FOUND, (SEC_ERROR_BASE + 54), -"Personality not found") - -ER3(XP_SEC_FORTEZZA_NO_MORE_INFO, (SEC_ERROR_BASE + 55), -"No more information on that Personality") - -ER3(XP_SEC_FORTEZZA_BAD_PIN, (SEC_ERROR_BASE + 56), -"Invalid Pin") - -ER3(XP_SEC_FORTEZZA_PERSON_ERROR, (SEC_ERROR_BASE + 57), -"Couldn't initialize Fortezza personalities.") -/* end fortezza alerts. */ - -ER3(SEC_ERROR_NO_KRL, (SEC_ERROR_BASE + 58), -"No KRL for this site's certificate has been found.") - -ER3(SEC_ERROR_KRL_EXPIRED, (SEC_ERROR_BASE + 59), -"The KRL for this site's certificate has expired.") - -ER3(SEC_ERROR_KRL_BAD_SIGNATURE, (SEC_ERROR_BASE + 60), -"The KRL for this site's certificate has an invalid signature.") - -ER3(SEC_ERROR_REVOKED_KEY, (SEC_ERROR_BASE + 61), -"The key for this site's certificate has been revoked.") - -ER3(SEC_ERROR_KRL_INVALID, (SEC_ERROR_BASE + 62), -"New KRL has an invalid format.") - -ER3(SEC_ERROR_NEED_RANDOM, (SEC_ERROR_BASE + 63), -"security library: need random data.") - -ER3(SEC_ERROR_NO_MODULE, (SEC_ERROR_BASE + 64), -"security library: no security module can perform the requested operation.") - -ER3(SEC_ERROR_NO_TOKEN, (SEC_ERROR_BASE + 65), -"The security card or token does not exist, needs to be initialized, or has been removed.") - -ER3(SEC_ERROR_READ_ONLY, (SEC_ERROR_BASE + 66), -"security library: read-only database.") - -ER3(SEC_ERROR_NO_SLOT_SELECTED, (SEC_ERROR_BASE + 67), -"No slot or token was selected.") - -ER3(SEC_ERROR_CERT_NICKNAME_COLLISION, (SEC_ERROR_BASE + 68), -"A certificate with the same nickname already exists.") - -ER3(SEC_ERROR_KEY_NICKNAME_COLLISION, (SEC_ERROR_BASE + 69), -"A key with the same nickname already exists.") - -ER3(SEC_ERROR_SAFE_NOT_CREATED, (SEC_ERROR_BASE + 70), -"error while creating safe object") - -ER3(SEC_ERROR_BAGGAGE_NOT_CREATED, (SEC_ERROR_BASE + 71), -"error while creating baggage object") - -ER3(XP_JAVA_REMOVE_PRINCIPAL_ERROR, (SEC_ERROR_BASE + 72), -"Couldn't remove the principal") - -ER3(XP_JAVA_DELETE_PRIVILEGE_ERROR, (SEC_ERROR_BASE + 73), -"Couldn't delete the privilege") - -ER3(XP_JAVA_CERT_NOT_EXISTS_ERROR, (SEC_ERROR_BASE + 74), -"This principal doesn't have a certificate") - -ER3(SEC_ERROR_BAD_EXPORT_ALGORITHM, (SEC_ERROR_BASE + 75), -"Required algorithm is not allowed.") - -ER3(SEC_ERROR_EXPORTING_CERTIFICATES, (SEC_ERROR_BASE + 76), -"Error attempting to export certificates.") - -ER3(SEC_ERROR_IMPORTING_CERTIFICATES, (SEC_ERROR_BASE + 77), -"Error attempting to import certificates.") - -ER3(SEC_ERROR_PKCS12_DECODING_PFX, (SEC_ERROR_BASE + 78), -"Unable to import. Decoding error. File not valid.") - -ER3(SEC_ERROR_PKCS12_INVALID_MAC, (SEC_ERROR_BASE + 79), -"Unable to import. Invalid MAC. Incorrect password or corrupt file.") - -ER3(SEC_ERROR_PKCS12_UNSUPPORTED_MAC_ALGORITHM, (SEC_ERROR_BASE + 80), -"Unable to import. MAC algorithm not supported.") - -ER3(SEC_ERROR_PKCS12_UNSUPPORTED_TRANSPORT_MODE,(SEC_ERROR_BASE + 81), -"Unable to import. Only password integrity and privacy modes supported.") - -ER3(SEC_ERROR_PKCS12_CORRUPT_PFX_STRUCTURE, (SEC_ERROR_BASE + 82), -"Unable to import. File structure is corrupt.") - -ER3(SEC_ERROR_PKCS12_UNSUPPORTED_PBE_ALGORITHM, (SEC_ERROR_BASE + 83), -"Unable to import. Encryption algorithm not supported.") - -ER3(SEC_ERROR_PKCS12_UNSUPPORTED_VERSION, (SEC_ERROR_BASE + 84), -"Unable to import. File version not supported.") - -ER3(SEC_ERROR_PKCS12_PRIVACY_PASSWORD_INCORRECT,(SEC_ERROR_BASE + 85), -"Unable to import. Incorrect privacy password.") - -ER3(SEC_ERROR_PKCS12_CERT_COLLISION, (SEC_ERROR_BASE + 86), -"Unable to import. Same nickname already exists in database.") - -ER3(SEC_ERROR_USER_CANCELLED, (SEC_ERROR_BASE + 87), -"The user pressed cancel.") - -ER3(SEC_ERROR_PKCS12_DUPLICATE_DATA, (SEC_ERROR_BASE + 88), -"Not imported, already in database.") - -ER3(SEC_ERROR_MESSAGE_SEND_ABORTED, (SEC_ERROR_BASE + 89), -"Message not sent.") - -ER3(SEC_ERROR_INADEQUATE_KEY_USAGE, (SEC_ERROR_BASE + 90), -"Certificate key usage inadequate for attempted operation.") - -ER3(SEC_ERROR_INADEQUATE_CERT_TYPE, (SEC_ERROR_BASE + 91), -"Certificate type not approved for application.") - -ER3(SEC_ERROR_CERT_ADDR_MISMATCH, (SEC_ERROR_BASE + 92), -"Address in signing certificate does not match address in message headers.") - -ER3(SEC_ERROR_PKCS12_UNABLE_TO_IMPORT_KEY, (SEC_ERROR_BASE + 93), -"Unable to import. Error attempting to import private key.") - -ER3(SEC_ERROR_PKCS12_IMPORTING_CERT_CHAIN, (SEC_ERROR_BASE + 94), -"Unable to import. Error attempting to import certificate chain.") - -ER3(SEC_ERROR_PKCS12_UNABLE_TO_LOCATE_OBJECT_BY_NAME, (SEC_ERROR_BASE + 95), -"Unable to export. Unable to locate certificate or key by nickname.") - -ER3(SEC_ERROR_PKCS12_UNABLE_TO_EXPORT_KEY, (SEC_ERROR_BASE + 96), -"Unable to export. Private Key could not be located and exported.") - -ER3(SEC_ERROR_PKCS12_UNABLE_TO_WRITE, (SEC_ERROR_BASE + 97), -"Unable to export. Unable to write the export file.") - -ER3(SEC_ERROR_PKCS12_UNABLE_TO_READ, (SEC_ERROR_BASE + 98), -"Unable to import. Unable to read the import file.") - -ER3(SEC_ERROR_PKCS12_KEY_DATABASE_NOT_INITIALIZED, (SEC_ERROR_BASE + 99), -"Unable to export. Key database corrupt or deleted.") - -ER3(SEC_ERROR_KEYGEN_FAIL, (SEC_ERROR_BASE + 100), -"Unable to generate public/private key pair.") - -ER3(SEC_ERROR_INVALID_PASSWORD, (SEC_ERROR_BASE + 101), -"Password entered is invalid. Please pick a different one.") - -ER3(SEC_ERROR_RETRY_OLD_PASSWORD, (SEC_ERROR_BASE + 102), -"Old password entered incorrectly. Please try again.") - -ER3(SEC_ERROR_BAD_NICKNAME, (SEC_ERROR_BASE + 103), -"Certificate nickname already in use.") - -ER3(SEC_ERROR_NOT_FORTEZZA_ISSUER, (SEC_ERROR_BASE + 104), -"Peer FORTEZZA chain has a non-FORTEZZA Certificate.") - -ER3(SEC_ERROR_CANNOT_MOVE_SENSITIVE_KEY, (SEC_ERROR_BASE + 105), -"A sensitive key cannot be moved to the slot where it is needed.") - -ER3(SEC_ERROR_JS_INVALID_MODULE_NAME, (SEC_ERROR_BASE + 106), -"Invalid module name.") - -ER3(SEC_ERROR_JS_INVALID_DLL, (SEC_ERROR_BASE + 107), -"Invalid module path/filename") - -ER3(SEC_ERROR_JS_ADD_MOD_FAILURE, (SEC_ERROR_BASE + 108), -"Unable to add module") - -ER3(SEC_ERROR_JS_DEL_MOD_FAILURE, (SEC_ERROR_BASE + 109), -"Unable to delete module") - -ER3(SEC_ERROR_OLD_KRL, (SEC_ERROR_BASE + 110), -"New KRL is not later than the current one.") - -ER3(SEC_ERROR_CKL_CONFLICT, (SEC_ERROR_BASE + 111), -"New CKL has different issuer than current CKL. Delete current CKL.") - -ER3(SEC_ERROR_CERT_NOT_IN_NAME_SPACE, (SEC_ERROR_BASE + 112), -"The Certifying Authority for this certificate is not permitted to issue a \ -certificate with this name.") - -ER3(SEC_ERROR_KRL_NOT_YET_VALID, (SEC_ERROR_BASE + 113), -"The key revocation list for this certificate is not yet valid.") - -ER3(SEC_ERROR_CRL_NOT_YET_VALID, (SEC_ERROR_BASE + 114), -"The certificate revocation list for this certificate is not yet valid.") - -ER3(SEC_ERROR_UNKNOWN_CERT, (SEC_ERROR_BASE + 115), -"The requested certificate could not be found.") - -ER3(SEC_ERROR_UNKNOWN_SIGNER, (SEC_ERROR_BASE + 116), -"The signer's certificate could not be found.") - -ER3(SEC_ERROR_CERT_BAD_ACCESS_LOCATION, (SEC_ERROR_BASE + 117), -"The location for the certificate status server has invalid format.") - -ER3(SEC_ERROR_OCSP_UNKNOWN_RESPONSE_TYPE, (SEC_ERROR_BASE + 118), -"The OCSP response cannot be fully decoded; it is of an unknown type.") - -ER3(SEC_ERROR_OCSP_BAD_HTTP_RESPONSE, (SEC_ERROR_BASE + 119), -"The OCSP server returned unexpected/invalid HTTP data.") - -ER3(SEC_ERROR_OCSP_MALFORMED_REQUEST, (SEC_ERROR_BASE + 120), -"The OCSP server found the request to be corrupted or improperly formed.") - -ER3(SEC_ERROR_OCSP_SERVER_ERROR, (SEC_ERROR_BASE + 121), -"The OCSP server experienced an internal error.") - -ER3(SEC_ERROR_OCSP_TRY_SERVER_LATER, (SEC_ERROR_BASE + 122), -"The OCSP server suggests trying again later.") - -ER3(SEC_ERROR_OCSP_REQUEST_NEEDS_SIG, (SEC_ERROR_BASE + 123), -"The OCSP server requires a signature on this request.") - -ER3(SEC_ERROR_OCSP_UNAUTHORIZED_REQUEST, (SEC_ERROR_BASE + 124), -"The OCSP server has refused this request as unauthorized.") - -ER3(SEC_ERROR_OCSP_UNKNOWN_RESPONSE_STATUS, (SEC_ERROR_BASE + 125), -"The OCSP server returned an unrecognizable status.") - -ER3(SEC_ERROR_OCSP_UNKNOWN_CERT, (SEC_ERROR_BASE + 126), -"The OCSP server has no status for the certificate.") - -ER3(SEC_ERROR_OCSP_NOT_ENABLED, (SEC_ERROR_BASE + 127), -"You must enable OCSP before performing this operation.") - -ER3(SEC_ERROR_OCSP_NO_DEFAULT_RESPONDER, (SEC_ERROR_BASE + 128), -"You must set the OCSP default responder before performing this operation.") - -ER3(SEC_ERROR_OCSP_MALFORMED_RESPONSE, (SEC_ERROR_BASE + 129), -"The response from the OCSP server was corrupted or improperly formed.") - -ER3(SEC_ERROR_OCSP_UNAUTHORIZED_RESPONSE, (SEC_ERROR_BASE + 130), -"The signer of the OCSP response is not authorized to give status for \ -this certificate.") - -ER3(SEC_ERROR_OCSP_FUTURE_RESPONSE, (SEC_ERROR_BASE + 131), -"The OCSP response is not yet valid (contains a date in the future).") - -ER3(SEC_ERROR_OCSP_OLD_RESPONSE, (SEC_ERROR_BASE + 132), -"The OCSP response contains out-of-date information.") - -ER3(SEC_ERROR_DIGEST_NOT_FOUND, (SEC_ERROR_BASE + 133), -"The CMS or PKCS #7 Digest was not found in signed message.") - -ER3(SEC_ERROR_UNSUPPORTED_MESSAGE_TYPE, (SEC_ERROR_BASE + 134), -"The CMS or PKCS #7 Message type is unsupported.") - -ER3(SEC_ERROR_MODULE_STUCK, (SEC_ERROR_BASE + 135), -"PKCS #11 module could not be removed because it is still in use.") - -ER3(SEC_ERROR_BAD_TEMPLATE, (SEC_ERROR_BASE + 136), -"Could not decode ASN.1 data. Specified template was invalid.") - -ER3(SEC_ERROR_CRL_NOT_FOUND, (SEC_ERROR_BASE + 137), -"No matching CRL was found.") - -ER3(SEC_ERROR_REUSED_ISSUER_AND_SERIAL, (SEC_ERROR_BASE + 138), -"You are attempting to import a cert with the same issuer/serial as \ -an existing cert, but that is not the same cert.") - -ER3(SEC_ERROR_BUSY, (SEC_ERROR_BASE + 139), -"NSS could not shutdown. Objects are still in use.") - -ER3(SEC_ERROR_EXTRA_INPUT, (SEC_ERROR_BASE + 140), -"DER-encoded message contained extra usused data.") - -ER3(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE, (SEC_ERROR_BASE + 141), -"Unsupported elliptic curve.") - -ER3(SEC_ERROR_UNSUPPORTED_EC_POINT_FORM, (SEC_ERROR_BASE + 142), -"Unsupported elliptic curve point form.") - -ER3(SEC_ERROR_UNRECOGNIZED_OID, (SEC_ERROR_BASE + 143), -"Unrecognized Object IDentifier.") - -ER3(SEC_ERROR_OCSP_INVALID_SIGNING_CERT, (SEC_ERROR_BASE + 144), -"Invalid OCSP signing certificate in OCSP response.") diff --git a/security/nss/cmd/lib/SSLerrs.h b/security/nss/cmd/lib/SSLerrs.h deleted file mode 100644 index 06803b849..000000000 --- a/security/nss/cmd/lib/SSLerrs.h +++ /dev/null @@ -1,366 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -/* SSL-specific security error codes */ -/* caller must include "sslerr.h" */ - -ER3(SSL_ERROR_EXPORT_ONLY_SERVER, SSL_ERROR_BASE + 0, -"Unable to communicate securely. Peer does not support high-grade encryption.") - -ER3(SSL_ERROR_US_ONLY_SERVER, SSL_ERROR_BASE + 1, -"Unable to communicate securely. Peer requires high-grade encryption which is not supported.") - -ER3(SSL_ERROR_NO_CYPHER_OVERLAP, SSL_ERROR_BASE + 2, -"Cannot communicate securely with peer: no common encryption algorithm(s).") - -ER3(SSL_ERROR_NO_CERTIFICATE, SSL_ERROR_BASE + 3, -"Unable to find the certificate or key necessary for authentication.") - -ER3(SSL_ERROR_BAD_CERTIFICATE, SSL_ERROR_BASE + 4, -"Unable to communicate securely with peer: peers's certificate was rejected.") - -/* unused (SSL_ERROR_BASE + 5),*/ - -ER3(SSL_ERROR_BAD_CLIENT, SSL_ERROR_BASE + 6, -"The server has encountered bad data from the client.") - -ER3(SSL_ERROR_BAD_SERVER, SSL_ERROR_BASE + 7, -"The client has encountered bad data from the server.") - -ER3(SSL_ERROR_UNSUPPORTED_CERTIFICATE_TYPE, SSL_ERROR_BASE + 8, -"Unsupported certificate type.") - -ER3(SSL_ERROR_UNSUPPORTED_VERSION, SSL_ERROR_BASE + 9, -"Peer using unsupported version of security protocol.") - -/* unused (SSL_ERROR_BASE + 10),*/ - -ER3(SSL_ERROR_WRONG_CERTIFICATE, SSL_ERROR_BASE + 11, -"Client authentication failed: private key in key database does not match public key in certificate database.") - -ER3(SSL_ERROR_BAD_CERT_DOMAIN, SSL_ERROR_BASE + 12, -"Unable to communicate securely with peer: requested domain name does not match the server's certificate.") - -/* SSL_ERROR_POST_WARNING (SSL_ERROR_BASE + 13), - defined in sslerr.h -*/ - -ER3(SSL_ERROR_SSL2_DISABLED, (SSL_ERROR_BASE + 14), -"Peer only supports SSL version 2, which is locally disabled.") - - -ER3(SSL_ERROR_BAD_MAC_READ, (SSL_ERROR_BASE + 15), -"SSL received a record with an incorrect Message Authentication Code.") - -ER3(SSL_ERROR_BAD_MAC_ALERT, (SSL_ERROR_BASE + 16), -"SSL peer reports incorrect Message Authentication Code.") - -ER3(SSL_ERROR_BAD_CERT_ALERT, (SSL_ERROR_BASE + 17), -"SSL peer cannot verify your certificate.") - -ER3(SSL_ERROR_REVOKED_CERT_ALERT, (SSL_ERROR_BASE + 18), -"SSL peer rejected your certificate as revoked.") - -ER3(SSL_ERROR_EXPIRED_CERT_ALERT, (SSL_ERROR_BASE + 19), -"SSL peer rejected your certificate as expired.") - -ER3(SSL_ERROR_SSL_DISABLED, (SSL_ERROR_BASE + 20), -"Cannot connect: SSL is disabled.") - -ER3(SSL_ERROR_FORTEZZA_PQG, (SSL_ERROR_BASE + 21), -"Cannot connect: SSL peer is in another FORTEZZA domain.") - - -ER3(SSL_ERROR_UNKNOWN_CIPHER_SUITE , (SSL_ERROR_BASE + 22), -"An unknown SSL cipher suite has been requested.") - -ER3(SSL_ERROR_NO_CIPHERS_SUPPORTED , (SSL_ERROR_BASE + 23), -"No cipher suites are present and enabled in this program.") - -ER3(SSL_ERROR_BAD_BLOCK_PADDING , (SSL_ERROR_BASE + 24), -"SSL received a record with bad block padding.") - -ER3(SSL_ERROR_RX_RECORD_TOO_LONG , (SSL_ERROR_BASE + 25), -"SSL received a record that exceeded the maximum permissible length.") - -ER3(SSL_ERROR_TX_RECORD_TOO_LONG , (SSL_ERROR_BASE + 26), -"SSL attempted to send a record that exceeded the maximum permissible length.") - -/* - * Received a malformed (too long or short or invalid content) SSL handshake. - */ -ER3(SSL_ERROR_RX_MALFORMED_HELLO_REQUEST , (SSL_ERROR_BASE + 27), -"SSL received a malformed Hello Request handshake message.") - -ER3(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO , (SSL_ERROR_BASE + 28), -"SSL received a malformed Client Hello handshake message.") - -ER3(SSL_ERROR_RX_MALFORMED_SERVER_HELLO , (SSL_ERROR_BASE + 29), -"SSL received a malformed Server Hello handshake message.") - -ER3(SSL_ERROR_RX_MALFORMED_CERTIFICATE , (SSL_ERROR_BASE + 30), -"SSL received a malformed Certificate handshake message.") - -ER3(SSL_ERROR_RX_MALFORMED_SERVER_KEY_EXCH , (SSL_ERROR_BASE + 31), -"SSL received a malformed Server Key Exchange handshake message.") - -ER3(SSL_ERROR_RX_MALFORMED_CERT_REQUEST , (SSL_ERROR_BASE + 32), -"SSL received a malformed Certificate Request handshake message.") - -ER3(SSL_ERROR_RX_MALFORMED_HELLO_DONE , (SSL_ERROR_BASE + 33), -"SSL received a malformed Server Hello Done handshake message.") - -ER3(SSL_ERROR_RX_MALFORMED_CERT_VERIFY , (SSL_ERROR_BASE + 34), -"SSL received a malformed Certificate Verify handshake message.") - -ER3(SSL_ERROR_RX_MALFORMED_CLIENT_KEY_EXCH , (SSL_ERROR_BASE + 35), -"SSL received a malformed Client Key Exchange handshake message.") - -ER3(SSL_ERROR_RX_MALFORMED_FINISHED , (SSL_ERROR_BASE + 36), -"SSL received a malformed Finished handshake message.") - -/* - * Received a malformed (too long or short) SSL record. - */ -ER3(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER , (SSL_ERROR_BASE + 37), -"SSL received a malformed Change Cipher Spec record.") - -ER3(SSL_ERROR_RX_MALFORMED_ALERT , (SSL_ERROR_BASE + 38), -"SSL received a malformed Alert record.") - -ER3(SSL_ERROR_RX_MALFORMED_HANDSHAKE , (SSL_ERROR_BASE + 39), -"SSL received a malformed Handshake record.") - -ER3(SSL_ERROR_RX_MALFORMED_APPLICATION_DATA , (SSL_ERROR_BASE + 40), -"SSL received a malformed Application Data record.") - -/* - * Received an SSL handshake that was inappropriate for the state we're in. - * E.g. Server received message from server, or wrong state in state machine. - */ -ER3(SSL_ERROR_RX_UNEXPECTED_HELLO_REQUEST , (SSL_ERROR_BASE + 41), -"SSL received an unexpected Hello Request handshake message.") - -ER3(SSL_ERROR_RX_UNEXPECTED_CLIENT_HELLO , (SSL_ERROR_BASE + 42), -"SSL received an unexpected Client Hello handshake message.") - -ER3(SSL_ERROR_RX_UNEXPECTED_SERVER_HELLO , (SSL_ERROR_BASE + 43), -"SSL received an unexpected Server Hello handshake message.") - -ER3(SSL_ERROR_RX_UNEXPECTED_CERTIFICATE , (SSL_ERROR_BASE + 44), -"SSL received an unexpected Certificate handshake message.") - -ER3(SSL_ERROR_RX_UNEXPECTED_SERVER_KEY_EXCH , (SSL_ERROR_BASE + 45), -"SSL received an unexpected Server Key Exchange handshake message.") - -ER3(SSL_ERROR_RX_UNEXPECTED_CERT_REQUEST , (SSL_ERROR_BASE + 46), -"SSL received an unexpected Certificate Request handshake message.") - -ER3(SSL_ERROR_RX_UNEXPECTED_HELLO_DONE , (SSL_ERROR_BASE + 47), -"SSL received an unexpected Server Hello Done handshake message.") - -ER3(SSL_ERROR_RX_UNEXPECTED_CERT_VERIFY , (SSL_ERROR_BASE + 48), -"SSL received an unexpected Certificate Verify handshake message.") - -ER3(SSL_ERROR_RX_UNEXPECTED_CLIENT_KEY_EXCH , (SSL_ERROR_BASE + 49), -"SSL received an unexpected Cllient Key Exchange handshake message.") - -ER3(SSL_ERROR_RX_UNEXPECTED_FINISHED , (SSL_ERROR_BASE + 50), -"SSL received an unexpected Finished handshake message.") - -/* - * Received an SSL record that was inappropriate for the state we're in. - */ -ER3(SSL_ERROR_RX_UNEXPECTED_CHANGE_CIPHER , (SSL_ERROR_BASE + 51), -"SSL received an unexpected Change Cipher Spec record.") - -ER3(SSL_ERROR_RX_UNEXPECTED_ALERT , (SSL_ERROR_BASE + 52), -"SSL received an unexpected Alert record.") - -ER3(SSL_ERROR_RX_UNEXPECTED_HANDSHAKE , (SSL_ERROR_BASE + 53), -"SSL received an unexpected Handshake record.") - -ER3(SSL_ERROR_RX_UNEXPECTED_APPLICATION_DATA, (SSL_ERROR_BASE + 54), -"SSL received an unexpected Application Data record.") - -/* - * Received record/message with unknown discriminant. - */ -ER3(SSL_ERROR_RX_UNKNOWN_RECORD_TYPE , (SSL_ERROR_BASE + 55), -"SSL received a record with an unknown content type.") - -ER3(SSL_ERROR_RX_UNKNOWN_HANDSHAKE , (SSL_ERROR_BASE + 56), -"SSL received a handshake message with an unknown message type.") - -ER3(SSL_ERROR_RX_UNKNOWN_ALERT , (SSL_ERROR_BASE + 57), -"SSL received an alert record with an unknown alert description.") - -/* - * Received an alert reporting what we did wrong. (more alerts above) - */ -ER3(SSL_ERROR_CLOSE_NOTIFY_ALERT , (SSL_ERROR_BASE + 58), -"SSL peer has closed this connection.") - -ER3(SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT , (SSL_ERROR_BASE + 59), -"SSL peer was not expecting a handshake message it received.") - -ER3(SSL_ERROR_DECOMPRESSION_FAILURE_ALERT , (SSL_ERROR_BASE + 60), -"SSL peer was unable to succesfully decompress an SSL record it received.") - -ER3(SSL_ERROR_HANDSHAKE_FAILURE_ALERT , (SSL_ERROR_BASE + 61), -"SSL peer was unable to negotiate an acceptable set of security parameters.") - -ER3(SSL_ERROR_ILLEGAL_PARAMETER_ALERT , (SSL_ERROR_BASE + 62), -"SSL peer rejected a handshake message for unacceptable content.") - -ER3(SSL_ERROR_UNSUPPORTED_CERT_ALERT , (SSL_ERROR_BASE + 63), -"SSL peer does not support certificates of the type it received.") - -ER3(SSL_ERROR_CERTIFICATE_UNKNOWN_ALERT , (SSL_ERROR_BASE + 64), -"SSL peer had some unspecified issue with the certificate it received.") - - -ER3(SSL_ERROR_GENERATE_RANDOM_FAILURE , (SSL_ERROR_BASE + 65), -"SSL experienced a failure of its random number generator.") - -ER3(SSL_ERROR_SIGN_HASHES_FAILURE , (SSL_ERROR_BASE + 66), -"Unable to digitally sign data required to verify your certificate.") - -ER3(SSL_ERROR_EXTRACT_PUBLIC_KEY_FAILURE , (SSL_ERROR_BASE + 67), -"SSL was unable to extract the public key from the peer's certificate.") - -ER3(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE , (SSL_ERROR_BASE + 68), -"Unspecified failure while processing SSL Server Key Exchange handshake.") - -ER3(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE , (SSL_ERROR_BASE + 69), -"Unspecified failure while processing SSL Client Key Exchange handshake.") - -ER3(SSL_ERROR_ENCRYPTION_FAILURE , (SSL_ERROR_BASE + 70), -"Bulk data encryption algorithm failed in selected cipher suite.") - -ER3(SSL_ERROR_DECRYPTION_FAILURE , (SSL_ERROR_BASE + 71), -"Bulk data decryption algorithm failed in selected cipher suite.") - -ER3(SSL_ERROR_SOCKET_WRITE_FAILURE , (SSL_ERROR_BASE + 72), -"Attempt to write encrypted data to underlying socket failed.") - -ER3(SSL_ERROR_MD5_DIGEST_FAILURE , (SSL_ERROR_BASE + 73), -"MD5 digest function failed.") - -ER3(SSL_ERROR_SHA_DIGEST_FAILURE , (SSL_ERROR_BASE + 74), -"SHA-1 digest function failed.") - -ER3(SSL_ERROR_MAC_COMPUTATION_FAILURE , (SSL_ERROR_BASE + 75), -"MAC computation failed.") - -ER3(SSL_ERROR_SYM_KEY_CONTEXT_FAILURE , (SSL_ERROR_BASE + 76), -"Failure to create Symmetric Key context.") - -ER3(SSL_ERROR_SYM_KEY_UNWRAP_FAILURE , (SSL_ERROR_BASE + 77), -"Failure to unwrap the Symmetric key in Client Key Exchange message.") - -ER3(SSL_ERROR_PUB_KEY_SIZE_LIMIT_EXCEEDED , (SSL_ERROR_BASE + 78), -"SSL Server attempted to use domestic-grade public key with export cipher suite.") - -ER3(SSL_ERROR_IV_PARAM_FAILURE , (SSL_ERROR_BASE + 79), -"PKCS11 code failed to translate an IV into a param.") - -ER3(SSL_ERROR_INIT_CIPHER_SUITE_FAILURE , (SSL_ERROR_BASE + 80), -"Failed to initialize the selected cipher suite.") - -ER3(SSL_ERROR_SESSION_KEY_GEN_FAILURE , (SSL_ERROR_BASE + 81), -"Client failed to generate session keys for SSL session.") - -ER3(SSL_ERROR_NO_SERVER_KEY_FOR_ALG , (SSL_ERROR_BASE + 82), -"Server has no key for the attempted key exchange algorithm.") - -ER3(SSL_ERROR_TOKEN_INSERTION_REMOVAL , (SSL_ERROR_BASE + 83), -"PKCS#11 token was inserted or removed while operation was in progress.") - -ER3(SSL_ERROR_TOKEN_SLOT_NOT_FOUND , (SSL_ERROR_BASE + 84), -"No PKCS#11 token could be found to do a required operation.") - -ER3(SSL_ERROR_NO_COMPRESSION_OVERLAP , (SSL_ERROR_BASE + 85), -"Cannot communicate securely with peer: no common compression algorithm(s).") - -ER3(SSL_ERROR_HANDSHAKE_NOT_COMPLETED , (SSL_ERROR_BASE + 86), -"Cannot initiate another SSL handshake until current handshake is complete.") - -ER3(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE , (SSL_ERROR_BASE + 87), -"Received incorrect handshakes hash values from peer.") - -ER3(SSL_ERROR_CERT_KEA_MISMATCH , (SSL_ERROR_BASE + 88), -"The certificate provided cannot be used with the selected key exchange algorithm.") - -ER3(SSL_ERROR_NO_TRUSTED_SSL_CLIENT_CA , (SSL_ERROR_BASE + 89), -"No certificate authority is trusted for SSL client authentication.") - -ER3(SSL_ERROR_SESSION_NOT_FOUND , (SSL_ERROR_BASE + 90), -"Client's SSL session ID not found in server's session cache.") - -ER3(SSL_ERROR_DECRYPTION_FAILED_ALERT , (SSL_ERROR_BASE + 91), -"Peer was unable to decrypt an SSL record it received.") - -ER3(SSL_ERROR_RECORD_OVERFLOW_ALERT , (SSL_ERROR_BASE + 92), -"Peer received an SSL record that was longer than is permitted.") - -ER3(SSL_ERROR_UNKNOWN_CA_ALERT , (SSL_ERROR_BASE + 93), -"Peer does not recognize and trust the CA that issued your certificate.") - -ER3(SSL_ERROR_ACCESS_DENIED_ALERT , (SSL_ERROR_BASE + 94), -"Peer received a valid certificate, but access was denied.") - -ER3(SSL_ERROR_DECODE_ERROR_ALERT , (SSL_ERROR_BASE + 95), -"Peer could not decode an SSL handshake message.") - -ER3(SSL_ERROR_DECRYPT_ERROR_ALERT , (SSL_ERROR_BASE + 96), -"Peer reports failure of signature verification or key exchange.") - -ER3(SSL_ERROR_EXPORT_RESTRICTION_ALERT , (SSL_ERROR_BASE + 97), -"Peer reports negotiation not in compliance with export regulations.") - -ER3(SSL_ERROR_PROTOCOL_VERSION_ALERT , (SSL_ERROR_BASE + 98), -"Peer reports incompatible or unsupported protocol version.") - -ER3(SSL_ERROR_INSUFFICIENT_SECURITY_ALERT , (SSL_ERROR_BASE + 99), -"Server requires ciphers more secure than those supported by client.") - -ER3(SSL_ERROR_INTERNAL_ERROR_ALERT , (SSL_ERROR_BASE + 100), -"Peer reports it experienced an internal error.") - -ER3(SSL_ERROR_USER_CANCELED_ALERT , (SSL_ERROR_BASE + 101), -"Peer user canceled handshake.") - -ER3(SSL_ERROR_NO_RENEGOTIATION_ALERT , (SSL_ERROR_BASE + 102), -"Peer does not permit renegotiation of SSL security parameters.") - diff --git a/security/nss/cmd/lib/berparse.c b/security/nss/cmd/lib/berparse.c deleted file mode 100644 index c040ab2b1..000000000 --- a/security/nss/cmd/lib/berparse.c +++ /dev/null @@ -1,404 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ -#include "secutil.h" - -typedef enum { - tagDone, lengthDone, leafDone, compositeDone, - notDone, - parseError, parseComplete -} ParseState; - -typedef unsigned char Byte; -typedef void (*ParseProc)(BERParse *h, unsigned char **buf, int *len); -typedef struct { - SECArb arb; - int pos; /* length from global start to item start */ - SECArb *parent; -} ParseStackElem; - -struct BERParseStr { - PRArenaPool *his; - PRArenaPool *mine; - ParseProc proc; - int stackDepth; - ParseStackElem *stackPtr; - ParseStackElem *stack; - int pending; /* bytes remaining to complete this part */ - int pos; /* running length of consumed characters */ - ParseState state; - PRBool keepLeaves; - PRBool derOnly; - BERFilterProc filter; - void *filterArg; - BERNotifyProc before; - void *beforeArg; - BERNotifyProc after; - void *afterArg; -}; - -#define UNKNOWN -1 - -static unsigned char NextChar(BERParse *h, unsigned char **buf, int *len) -{ - unsigned char c = *(*buf)++; - (*len)--; - h->pos++; - if (h->filter) - (*h->filter)(h->filterArg, &c, 1); - return c; -} - -static void ParseTag(BERParse *h, unsigned char **buf, int *len) -{ - SECArb* arb = &(h->stackPtr->arb); - arb->tag = NextChar(h, buf, len); - - PORT_Assert(h->state == notDone); - - /* - * NOTE: This does not handle the high-tag-number form - */ - if ((arb->tag & DER_HIGH_TAG_NUMBER) == DER_HIGH_TAG_NUMBER) { - PORT_SetError(SEC_ERROR_BAD_DER); - h->state = parseError; - return; - } - - h->pending = UNKNOWN; - arb->length = UNKNOWN; - if (arb->tag & DER_CONSTRUCTED) { - arb->body.cons.numSubs = 0; - arb->body.cons.subs = NULL; - } else { - arb->body.item.len = UNKNOWN; - arb->body.item.data = NULL; - } - - h->state = tagDone; -} - -static void ParseLength(BERParse *h, unsigned char **buf, int *len) -{ - Byte b; - SECArb *arb = &(h->stackPtr->arb); - - PORT_Assert(h->state == notDone); - - if (h->pending == UNKNOWN) { - b = NextChar(h, buf, len); - if ((b & 0x80) == 0) { /* short form */ - arb->length = b; - /* - * if the tag and the length are both zero bytes, then this - * should be the marker showing end of list for the - * indefinite length composite - */ - if (arb->length == 0 && arb->tag == 0) - h->state = compositeDone; - else - h->state = lengthDone; - return; - } - - h->pending = b & 0x7f; - /* 0 implies this is an indefinite length */ - if (h->pending > 4) { - PORT_SetError(SEC_ERROR_BAD_DER); - h->state = parseError; - return; - } - arb->length = 0; - } - - while ((*len > 0) && (h->pending > 0)) { - b = NextChar(h, buf, len); - arb->length = (arb->length << 8) + b; - h->pending--; - } - if (h->pending == 0) { - if (h->derOnly && (arb->length == 0)) - h->state = parseError; - else - h->state = lengthDone; - } - return; -} - -static void ParseLeaf(BERParse *h, unsigned char **buf, int *len) -{ - int count; - SECArb *arb = &(h->stackPtr->arb); - - PORT_Assert(h->state == notDone); - PORT_Assert(h->pending >= 0); - - if (*len < h->pending) - count = *len; - else - count = h->pending; - - if (h->keepLeaves) - memcpy(arb->body.item.data + arb->body.item.len, *buf, count); - if (h->filter) - (*h->filter)(h->filterArg, *buf, count); - *buf += count; - *len -= count; - arb->body.item.len += count; - h->pending -= count; - h->pos += count; - if (h->pending == 0) { - h->state = leafDone; - } - return; -} - -static void CreateArbNode(BERParse *h) -{ - SECArb *arb = PORT_ArenaAlloc(h->his, sizeof(SECArb)); - - *arb = h->stackPtr->arb; - - /* - * Special case closing the root - */ - if (h->stackPtr == h->stack) { - PORT_Assert(arb->tag & DER_CONSTRUCTED); - h->state = parseComplete; - } else { - SECArb *parent = h->stackPtr->parent; - parent->body.cons.subs = DS_ArenaGrow( - h->his, parent->body.cons.subs, - (parent->body.cons.numSubs) * sizeof(SECArb*), - (parent->body.cons.numSubs + 1) * sizeof(SECArb*)); - parent->body.cons.subs[parent->body.cons.numSubs] = arb; - parent->body.cons.numSubs++; - h->proc = ParseTag; - h->state = notDone; - h->pending = UNKNOWN; - } - if (h->after) - (*h->after)(h->afterArg, arb, h->stackPtr - h->stack, PR_FALSE); -} - -SECStatus BER_ParseSome(BERParse *h, unsigned char *buf, int len) -{ - if (h->state == parseError) return PR_TRUE; - - while (len) { - (*h->proc)(h, &buf, &len); - if (h->state == parseComplete) { - PORT_SetError(SEC_ERROR_BAD_DER); - h->state = parseError; - return PR_TRUE; - } - if (h->state == parseError) return PR_TRUE; - PORT_Assert(h->state != parseComplete); - - if (h->state <= compositeDone) { - if (h->proc == ParseTag) { - PORT_Assert(h->state == tagDone); - h->proc = ParseLength; - h->state = notDone; - } else if (h->proc == ParseLength) { - SECArb *arb = &(h->stackPtr->arb); - PORT_Assert(h->state == lengthDone || h->state == compositeDone); - - if (h->before) - (*h->before)(h->beforeArg, arb, - h->stackPtr - h->stack, PR_TRUE); - - /* - * Check to see if this is the end of an indefinite - * length composite - */ - if (h->state == compositeDone) { - SECArb *parent = h->stackPtr->parent; - PORT_Assert(parent); - PORT_Assert(parent->tag & DER_CONSTRUCTED); - if (parent->length != 0) { - PORT_SetError(SEC_ERROR_BAD_DER); - h->state = parseError; - return PR_TRUE; - } - /* - * NOTE: This does not check for an indefinite length - * composite being contained inside a definite length - * composite. It is not clear that is legal. - */ - h->stackPtr--; - CreateArbNode(h); - } else { - h->stackPtr->pos = h->pos; - - - if (arb->tag & DER_CONSTRUCTED) { - SECArb *parent; - /* - * Make sure there is room on the stack before we - * stick anything else there. - */ - PORT_Assert(h->stackPtr - h->stack < h->stackDepth); - if (h->stackPtr - h->stack == h->stackDepth - 1) { - int newDepth = h->stackDepth * 2; - h->stack = DS_ArenaGrow(h->mine, h->stack, - sizeof(ParseStackElem) * h->stackDepth, - sizeof(ParseStackElem) * newDepth); - h->stackPtr = h->stack + h->stackDepth + 1; - h->stackDepth = newDepth; - } - parent = &(h->stackPtr->arb); - h->stackPtr++; - h->stackPtr->parent = parent; - h->proc = ParseTag; - h->state = notDone; - h->pending = UNKNOWN; - } else { - if (arb->length < 0) { - PORT_SetError(SEC_ERROR_BAD_DER); - h->state = parseError; - return PR_TRUE; - } - arb->body.item.len = 0; - if (arb->length > 0 && h->keepLeaves) { - arb->body.item.data = - PORT_ArenaAlloc(h->his, arb->length); - } else { - arb->body.item.data = NULL; - } - h->proc = ParseLeaf; - h->state = notDone; - h->pending = arb->length; - } - } - } else { - ParseStackElem *parent; - PORT_Assert(h->state = leafDone); - PORT_Assert(h->proc == ParseLeaf); - - for (;;) { - CreateArbNode(h); - if (h->stackPtr == h->stack) - break; - parent = (h->stackPtr - 1); - PORT_Assert(parent->arb.tag & DER_CONSTRUCTED); - if (parent->arb.length == 0) /* need explicit end */ - break; - if (parent->pos + parent->arb.length > h->pos) - break; - if (parent->pos + parent->arb.length < h->pos) { - PORT_SetError(SEC_ERROR_BAD_DER); - h->state = parseError; - return PR_TRUE; - } - h->stackPtr = parent; - } - } - - } - } - return PR_FALSE; -} -BERParse *BER_ParseInit(PRArenaPool *arena, PRBool derOnly) -{ - BERParse *h; - PRArenaPool *temp = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if (temp == NULL) { - PORT_SetError(SEC_ERROR_NO_MEMORY); - return NULL; - } - h = PORT_ArenaAlloc(temp, sizeof(BERParse)); - if (h == NULL) { - PORT_FreeArena(temp, PR_FALSE); - PORT_SetError(SEC_ERROR_NO_MEMORY); - return NULL; - } - h->his = arena; - h->mine = temp; - h->proc = ParseTag; - h->stackDepth = 20; - h->stack = PORT_ArenaZAlloc(h->mine, - sizeof(ParseStackElem) * h->stackDepth); - h->stackPtr = h->stack; - h->state = notDone; - h->pos = 0; - h->keepLeaves = PR_TRUE; - h->before = NULL; - h->after = NULL; - h->filter = NULL; - h->derOnly = derOnly; - return h; -} - -SECArb *BER_ParseFini(BERParse *h) -{ - PRArenaPool *myArena = h->mine; - SECArb *arb; - - if (h->state != parseComplete) { - arb = NULL; - } else { - arb = PORT_ArenaAlloc(h->his, sizeof(SECArb)); - *arb = h->stackPtr->arb; - } - - PORT_FreeArena(myArena, PR_FALSE); - - return arb; -} - - -void BER_SetFilter(BERParse *h, BERFilterProc proc, void *instance) -{ - h->filter = proc; - h->filterArg = instance; -} - -void BER_SetLeafStorage(BERParse *h, PRBool keep) -{ - h->keepLeaves = keep; -} - -void BER_SetNotifyProc(BERParse *h, BERNotifyProc proc, void *instance, - PRBool beforeData) -{ - if (beforeData) { - h->before = proc; - h->beforeArg = instance; - } else { - h->after = proc; - h->afterArg = instance; - } -} - - - diff --git a/security/nss/cmd/lib/config.mk b/security/nss/cmd/lib/config.mk deleted file mode 100644 index 0a00dc61e..000000000 --- a/security/nss/cmd/lib/config.mk +++ /dev/null @@ -1,43 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -# -# Override TARGETS variable so that only static libraries -# are specifed as dependencies within rules.mk. -# - -TARGETS = $(LIBRARY) -SHARED_LIBRARY = -IMPORT_LIBRARY = -PROGRAM = - diff --git a/security/nss/cmd/lib/derprint.c b/security/nss/cmd/lib/derprint.c deleted file mode 100644 index 7f699dec4..000000000 --- a/security/nss/cmd/lib/derprint.c +++ /dev/null @@ -1,619 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ -#include "secutil.h" -#include "secoid.h" - -#ifdef __sun -extern int fprintf(FILE *strm, const char *format, .../* args */); -extern int fflush(FILE *stream); -#endif - -#define RIGHT_MARGIN 24 -/*#define RAW_BYTES 1 */ - -static int prettyColumn = 0; - -static int -getInteger256(unsigned char *data, unsigned int nb) -{ - int val; - - switch (nb) { - case 1: - val = data[0]; - break; - case 2: - val = (data[0] << 8) | data[1]; - break; - case 3: - val = (data[0] << 16) | (data[1] << 8) | data[2]; - break; - case 4: - val = (data[0] << 24) | (data[1] << 16) | (data[2] << 8) | data[3]; - break; - default: - PORT_SetError(SEC_ERROR_BAD_DER); - return -1; - } - - return val; -} - -static int -prettyNewline(FILE *out) -{ - int rv; - - if (prettyColumn != -1) { - rv = fprintf(out, "\n"); - prettyColumn = -1; - if (rv < 0) { - PORT_SetError(SEC_ERROR_IO); - return rv; - } - } - return 0; -} - -static int -prettyIndent(FILE *out, unsigned level) -{ - unsigned int i; - int rv; - - if (prettyColumn == -1) { - prettyColumn = level; - for (i = 0; i < level; i++) { - rv = fprintf(out, " "); - if (rv < 0) { - PORT_SetError(SEC_ERROR_IO); - return rv; - } - } - } - - return 0; -} - -static int -prettyPrintByte(FILE *out, unsigned char item, unsigned int level) -{ - int rv; - - rv = prettyIndent(out, level); - if (rv < 0) - return rv; - - rv = fprintf(out, "%02x ", item); - if (rv < 0) { - PORT_SetError(SEC_ERROR_IO); - return rv; - } - - prettyColumn++; - if (prettyColumn >= RIGHT_MARGIN) { - return prettyNewline(out); - } - - return 0; -} - -static int -prettyPrintLeaf(FILE *out, unsigned char *data, - unsigned int len, unsigned int lv) -{ - unsigned int i; - int rv; - - for (i = 0; i < len; i++) { - rv = prettyPrintByte(out, *data++, lv); - if (rv < 0) - return rv; - } - return prettyNewline(out); -} - -static int -prettyPrintStringStart(FILE *out, unsigned char *str, - unsigned int len, unsigned int level) -{ -#define BUF_SIZE 100 - unsigned char buf[BUF_SIZE]; - int rv; - - if (len >= BUF_SIZE) - len = BUF_SIZE - 1; - - rv = prettyNewline(out); - if (rv < 0) - return rv; - - rv = prettyIndent(out, level); - if (rv < 0) - return rv; - - memcpy(buf, str, len); - buf[len] = '\000'; - - rv = fprintf(out, "\"%s\"", buf); - if (rv < 0) { - PORT_SetError(SEC_ERROR_IO); - return rv; - } - - return 0; -#undef BUF_SIZE -} - -static int -prettyPrintString(FILE *out, unsigned char *str, - unsigned int len, unsigned int level, PRBool raw) -{ - int rv; - - rv = prettyPrintStringStart(out, str, len, level); - if (rv < 0) - return rv; - - rv = prettyNewline(out); - if (rv < 0) - return rv; - - if (raw) { - rv = prettyPrintLeaf(out, str, len, level); - if (rv < 0) - return rv; - } - - return 0; -} - -static int -prettyPrintTime(FILE *out, unsigned char *str, - unsigned int len, unsigned int level, PRBool raw, PRBool utc) -{ - SECItem time_item; - int rv; - - rv = prettyPrintStringStart(out, str, len, level); - if (rv < 0) - return rv; - - time_item.data = str; - time_item.len = len; - - rv = fprintf(out, " ("); - if (rv < 0) { - PORT_SetError(SEC_ERROR_IO); - return rv; - } - - if (utc) - SECU_PrintUTCTime(out, &time_item, NULL, 0); - else - SECU_PrintGeneralizedTime(out, &time_item, NULL, 0); - - rv = fprintf(out, ")"); - if (rv < 0) { - PORT_SetError(SEC_ERROR_IO); - return rv; - } - - rv = prettyNewline(out); - if (rv < 0) - return rv; - - if (raw) { - rv = prettyPrintLeaf(out, str, len, level); - if (rv < 0) - return rv; - } - - return 0; -} - -static int -prettyPrintObjectID(FILE *out, unsigned char *data, - unsigned int len, unsigned int level, PRBool raw) -{ - SECOidData *oiddata; - SECItem oiditem; - unsigned int i; - unsigned long val; - int rv; - - - /* - * First print the Object Id in numeric format - */ - - rv = prettyIndent(out, level); - if (rv < 0) - return rv; - - val = data[0]; - i = val % 40; - val = val / 40; - rv = fprintf(out, "%lu %u ", val, i); - if (rv < 0) { - PORT_SetError(SEC_ERROR_IO); - return rv; - } - - val = 0; - for (i = 1; i < len; ++i) { - unsigned long j; - - j = data[i]; - val = (val << 7) | (j & 0x7f); - if (j & 0x80) - continue; - rv = fprintf(out, "%lu ", val); - if (rv < 0) { - PORT_SetError(SEC_ERROR_IO); - return rv; - } - val = 0; - } - - /* - * Now try to look it up and print a symbolic version. - */ - oiditem.data = data; - oiditem.len = len; - oiddata = SECOID_FindOID(&oiditem); - if (oiddata != NULL) { - i = PORT_Strlen(oiddata->desc); - if ((prettyColumn + 1 + (i / 3)) > RIGHT_MARGIN) { - rv = prettyNewline(out); - if (rv < 0) - return rv; - } - - rv = prettyIndent(out, level); - if (rv < 0) - return rv; - - rv = fprintf(out, "(%s)", oiddata->desc); - if (rv < 0) { - PORT_SetError(SEC_ERROR_IO); - return rv; - } - } - - /* - * Finally, on a new line, print the raw bytes (if requested). - */ - if (raw) { - rv = prettyNewline(out); - if (rv < 0) { - PORT_SetError(SEC_ERROR_IO); - return rv; - } - - for (i = 0; i < len; i++) { - rv = prettyPrintByte(out, *data++, level); - if (rv < 0) - return rv; - } - } - - return prettyNewline(out); -} - -static char *prettyTagType [32] = { - "End of Contents", - "Boolean", - "Integer", - "Bit String", - "Octet String", - "NULL", - "Object Identifier", - "0x07", - "0x08", - "0x09", - "Enumerated", - "0x0B", - "UTF8 String", - "0x0D", - "0x0E", - "0x0F", - "Sequence", - "Set", - "0x12", - "Printable String", - "T61 String", - "0x15", - "IA5 String", - "UTC Time", - "Generalized Time", - "0x19", - "Visible String", - "0x1B", - "Universal String", - "0x1D", - "BMP String", - "High-Tag-Number" -}; - -static int -prettyPrintTag(FILE *out, unsigned char *src, unsigned char *end, - unsigned char *codep, unsigned int level, PRBool raw) -{ - int rv; - unsigned char code, tagnum; - - if (src >= end) { - PORT_SetError(SEC_ERROR_BAD_DER); - return -1; - } - - code = *src; - tagnum = code & SEC_ASN1_TAGNUM_MASK; - - /* - * NOTE: This code does not (yet) handle the high-tag-number form! - */ - if (tagnum == SEC_ASN1_HIGH_TAG_NUMBER) { - PORT_SetError(SEC_ERROR_BAD_DER); - return -1; - } - - if (raw) - rv = prettyPrintByte(out, code, level); - else - rv = prettyIndent(out, level); - - if (rv < 0) - return rv; - - if (code & SEC_ASN1_CONSTRUCTED) { - rv = fprintf(out, "C-"); - if (rv < 0) { - PORT_SetError(SEC_ERROR_IO); - return rv; - } - } - - switch (code & SEC_ASN1_CLASS_MASK) { - case SEC_ASN1_UNIVERSAL: - rv = fprintf(out, "%s ", prettyTagType[tagnum]); - break; - case SEC_ASN1_APPLICATION: - rv = fprintf(out, "Application: %d ", tagnum); - break; - case SEC_ASN1_CONTEXT_SPECIFIC: - rv = fprintf(out, "[%d] ", tagnum); - break; - case SEC_ASN1_PRIVATE: - rv = fprintf(out, "Private: %d ", tagnum); - break; - } - - if (rv < 0) { - PORT_SetError(SEC_ERROR_IO); - return rv; - } - - *codep = code; - - return 1; -} - -static int -prettyPrintLength(FILE *out, unsigned char *data, unsigned char *end, - int *lenp, PRBool *indefinitep, unsigned int lv, PRBool raw) -{ - unsigned char lbyte; - int lenLen; - int rv; - - if (data >= end) { - PORT_SetError(SEC_ERROR_BAD_DER); - return -1; - } - - rv = fprintf(out, " "); - if (rv < 0) { - PORT_SetError(SEC_ERROR_IO); - return rv; - } - - *indefinitep = PR_FALSE; - - lbyte = *data++; - if (lbyte >= 0x80) { - /* Multibyte length */ - unsigned nb = (unsigned) (lbyte & 0x7f); - if (nb > 4) { - PORT_SetError(SEC_ERROR_BAD_DER); - return -1; - } - if (nb > 0) { - int il; - - if ((data + nb) > end) { - PORT_SetError(SEC_ERROR_BAD_DER); - return -1; - } - il = getInteger256(data, nb); - if (il < 0) return -1; - *lenp = (unsigned) il; - } else { - *lenp = 0; - *indefinitep = PR_TRUE; - } - lenLen = nb + 1; - if (raw) { - int i; - - rv = prettyPrintByte(out, lbyte, lv); - if (rv < 0) - return rv; - for (i = 0; i < nb; i++) { - rv = prettyPrintByte(out, data[i], lv); - if (rv < 0) - return rv; - } - } - } else { - *lenp = lbyte; - lenLen = 1; - if (raw) { - rv = prettyPrintByte(out, lbyte, lv); - if (rv < 0) - return rv; - } - } - if (*indefinitep) - rv = fprintf(out, "(indefinite)\n"); - else - rv = fprintf(out, "(%d)\n", *lenp); - if (rv < 0) { - PORT_SetError(SEC_ERROR_IO); - return rv; - } - - prettyColumn = -1; - return lenLen; -} - -static int -prettyPrintItem(FILE *out, unsigned char *data, unsigned char *end, - unsigned int lv, PRBool raw) -{ - int slen; - int lenLen; - unsigned char *orig = data; - int rv; - - while (data < end) { - unsigned char code; - PRBool indefinite; - - slen = prettyPrintTag(out, data, end, &code, lv, raw); - if (slen < 0) - return slen; - data += slen; - - lenLen = prettyPrintLength(out, data, end, &slen, &indefinite, lv, raw); - if (lenLen < 0) - return lenLen; - data += lenLen; - - /* - * Just quit now if slen more bytes puts us off the end. - */ - if ((data + slen) > end) { - PORT_SetError(SEC_ERROR_BAD_DER); - return -1; - } - - if (code & SEC_ASN1_CONSTRUCTED) { - if (slen > 0 || indefinite) { - slen = prettyPrintItem(out, data, - slen == 0 ? end : data + slen, - lv+1, raw); - if (slen < 0) - return slen; - data += slen; - } - } else if (code == 0) { - if (slen != 0 || lenLen != 1) { - PORT_SetError(SEC_ERROR_BAD_DER); - return -1; - } - break; - } else { - switch (code) { - case SEC_ASN1_PRINTABLE_STRING: - case SEC_ASN1_IA5_STRING: - case SEC_ASN1_VISIBLE_STRING: - rv = prettyPrintString(out, data, slen, lv+1, raw); - if (rv < 0) - return rv; - break; - case SEC_ASN1_UTC_TIME: - rv = prettyPrintTime(out, data, slen, lv+1, raw, PR_TRUE); - if (rv < 0) - return rv; - break; - case SEC_ASN1_GENERALIZED_TIME: - rv = prettyPrintTime(out, data, slen, lv+1, raw, PR_FALSE); - if (rv < 0) - return rv; - break; - case SEC_ASN1_OBJECT_ID: - rv = prettyPrintObjectID(out, data, slen, lv+1, raw); - if (rv < 0) - return rv; - break; - case SEC_ASN1_BOOLEAN: /* could do nicer job */ - case SEC_ASN1_INTEGER: /* could do nicer job */ - case SEC_ASN1_BIT_STRING: /* could do nicer job */ - case SEC_ASN1_OCTET_STRING: - case SEC_ASN1_NULL: - case SEC_ASN1_ENUMERATED: /* could do nicer job, as INTEGER */ - case SEC_ASN1_UTF8_STRING: - case SEC_ASN1_T61_STRING: /* print as printable string? */ - case SEC_ASN1_UNIVERSAL_STRING: - case SEC_ASN1_BMP_STRING: - default: - rv = prettyPrintLeaf(out, data, slen, lv+1); - if (rv < 0) - return rv; - break; - } - data += slen; - } - } - - rv = prettyNewline(out); - if (rv < 0) - return rv; - - return data - orig; -} - -SECStatus -DER_PrettyPrint(FILE *out, SECItem *it, PRBool raw) -{ - int rv; - - prettyColumn = -1; - - rv = prettyPrintItem(out, it->data, it->data + it->len, 0, raw); - if (rv < 0) - return SECFailure; - return SECSuccess; -} diff --git a/security/nss/cmd/lib/ffs.c b/security/nss/cmd/lib/ffs.c deleted file mode 100644 index 3fce2c7c2..000000000 --- a/security/nss/cmd/lib/ffs.c +++ /dev/null @@ -1,48 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ -#ifdef XP_PC - -int ffs( unsigned int i) -{ - int rv = 1; - - if (!i) return 0; - - while (!(i & 1)) { - i >>= 1; - ++rv; - } - - return rv; -} -#endif diff --git a/security/nss/cmd/lib/makefile.win b/security/nss/cmd/lib/makefile.win deleted file mode 100644 index 92081a2f8..000000000 --- a/security/nss/cmd/lib/makefile.win +++ /dev/null @@ -1,66 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -include <manifest.mn> - -include <$(DEPTH)\config\config.mak> - -# include files are aought in LINCS and INCS. -# LINCS are generated from REQUIRES in manigest.mn -INCS = $(INCS) \ - -I..\include \ - -I..\..\lib\cert \ - $(NULL) - -IGNORE_ME = \ - -I$(DEPTH)\dist\public\security \ - -I$(DEPTH)\dist\public\nspr \ - -I$(DEPTH)\cmd\winfe \ - $(NULL) - -LCFLAGS = -DUSE_SSL -DEXPORT_VERSION - -PDBFILE = $(LIBNAME).pdb - -# work around a bug in rules.mak -LIBRARY_SUFFIX = $(MOZ_BITS) - -include <$(DEPTH)\config\rules.mak> - -install:: $(LIBRARY) -# $(MAKE_INSTALL) $(LIBRARY) $(DIST)\lib - - -symbols:: - @echo "LIBRARY_NAME is $(LIBRARY_NAME)" - @echo "LIBRARY is $(LIBRARY)" diff --git a/security/nss/cmd/lib/manifest.mn b/security/nss/cmd/lib/manifest.mn deleted file mode 100644 index 9df34a5df..000000000 --- a/security/nss/cmd/lib/manifest.mn +++ /dev/null @@ -1,57 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# -CORE_DEPTH = ../../.. - -LIBRARY_NAME = sectool - -# MODULE public and private header directories are implicitly REQUIRED. -MODULE = seccmd - -DEFINES = -DNSPR20 - -EXPORTS = secutil.h \ - $(NULL) - -CSRCS = secutil.c \ - secpwd.c \ - derprint.c \ - secerror.c \ - ffs.c \ - $(NULL) - -REQUIRES = nss nspr dbm - -ifdef NSS_ENABLE_ECC -DEFINES += -DNSS_ENABLE_ECC -endif - diff --git a/security/nss/cmd/lib/secerror.c b/security/nss/cmd/lib/secerror.c deleted file mode 100644 index 857704b79..000000000 --- a/security/nss/cmd/lib/secerror.c +++ /dev/null @@ -1,107 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ -#include "nspr.h" - -struct tuple_str { - PRErrorCode errNum; - const char * errString; -}; - -typedef struct tuple_str tuple_str; - -#define ER2(a,b) {a, b}, -#define ER3(a,b,c) {a, c}, - -#include "secerr.h" -#include "sslerr.h" - -const tuple_str errStrings[] = { - -/* keep this list in asceding order of error numbers */ -#include "SSLerrs.h" -#include "SECerrs.h" -#include "NSPRerrs.h" - -}; - -const PRInt32 numStrings = sizeof(errStrings) / sizeof(tuple_str); - -/* Returns a UTF-8 encoded constant error string for "errNum". - * Returns NULL of errNum is unknown. - */ -const char * -SECU_Strerror(PRErrorCode errNum) { - PRInt32 low = 0; - PRInt32 high = numStrings - 1; - PRInt32 i; - PRErrorCode num; - static int initDone; - - /* make sure table is in ascending order. - * binary search depends on it. - */ - if (!initDone) { - PRErrorCode lastNum = ((PRInt32)0x80000000); - for (i = low; i <= high; ++i) { - num = errStrings[i].errNum; - if (num <= lastNum) { - fprintf(stderr, -"sequence error in error strings at item %d\n" -"error %d (%s)\n" -"should come after \n" -"error %d (%s)\n", - i, lastNum, errStrings[i-1].errString, - num, errStrings[i].errString); - } - lastNum = num; - } - initDone = 1; - } - - /* Do binary search of table. */ - while (low + 1 < high) { - i = (low + high) / 2; - num = errStrings[i].errNum; - if (errNum == num) - return errStrings[i].errString; - if (errNum < num) - high = i; - else - low = i; - } - if (errNum == errStrings[low].errNum) - return errStrings[low].errString; - if (errNum == errStrings[high].errNum) - return errStrings[high].errString; - return NULL; -} diff --git a/security/nss/cmd/lib/secpwd.c b/security/nss/cmd/lib/secpwd.c deleted file mode 100644 index b4c182441..000000000 --- a/security/nss/cmd/lib/secpwd.c +++ /dev/null @@ -1,202 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ -#include "secutil.h" - -/* - * NOTE: The contents of this file are NOT used by the client. - * (They are part of the security library as a whole, but they are - * NOT USED BY THE CLIENT.) Do not change things on behalf of the - * client (like localizing strings), or add things that are only - * for the client (put them elsewhere). - */ - - -#ifdef XP_UNIX -#include <termios.h> -#endif - -#if defined(XP_UNIX) || defined(XP_BEOS) -#include <unistd.h> /* for isatty() */ -#endif - -#if( defined(_WINDOWS) && !defined(_WIN32_WCE)) || defined(XP_OS2_VACPP) -#include <conio.h> -#include <io.h> -#define QUIET_FGETS quiet_fgets -static char * quiet_fgets (char *buf, int length, FILE *input); -#else -#define QUIET_FGETS fgets -#endif - -static void echoOff(int fd) -{ -#if defined(XP_UNIX) && !defined(VMS) - if (isatty(fd)) { - struct termios tio; - tcgetattr(fd, &tio); - tio.c_lflag &= ~ECHO; - tcsetattr(fd, TCSAFLUSH, &tio); - } -#endif -} - -static void echoOn(int fd) -{ -#if defined(XP_UNIX) && !defined(VMS) - if (isatty(fd)) { - struct termios tio; - tcgetattr(fd, &tio); - tio.c_lflag |= ECHO; - tcsetattr(fd, TCSAFLUSH, &tio); - } -#endif -} - -char *SEC_GetPassword(FILE *input, FILE *output, char *prompt, - PRBool (*ok)(char *)) -{ -#if defined(_WINDOWS) - int isTTY = (input == stdin); -#define echoOn(x) -#define echoOff(x) -#else - int infd = fileno(input); - int isTTY = isatty(infd); -#endif - char phrase[200]; - - for (;;) { - /* Prompt for password */ - if (isTTY) { - fprintf(output, "%s", prompt); - fflush (output); - echoOff(infd); - } - - QUIET_FGETS ( phrase, sizeof(phrase), input); - - if (isTTY) { - fprintf(output, "\n"); - echoOn(infd); - } - - /* stomp on newline */ - phrase[PORT_Strlen(phrase)-1] = 0; - - /* Validate password */ - if (!(*ok)(phrase)) { - /* Not weird enough */ - if (!isTTY) return 0; - fprintf(output, "Password must be at least 8 characters long with one or more\n"); - fprintf(output, "non-alphabetic characters\n"); - continue; - } - return (char*) PORT_Strdup(phrase); - } -} - - - -PRBool SEC_CheckPassword(char *cp) -{ - int len; - char *end; - - len = PORT_Strlen(cp); - if (len < 8) { - return PR_FALSE; - } - end = cp + len; - while (cp < end) { - unsigned char ch = *cp++; - if (!((ch >= 'A') && (ch <= 'Z')) && - !((ch >= 'a') && (ch <= 'z'))) { - /* pass phrase has at least one non alphabetic in it */ - return PR_TRUE; - } - } - return PR_FALSE; -} - -PRBool SEC_BlindCheckPassword(char *cp) -{ - if (cp != NULL) { - return PR_TRUE; - } - return PR_FALSE; -} - -/* Get a password from the input terminal, without echoing */ - -#if defined(_WINDOWS) || defined(XP_OS2_VACPP) -static char * quiet_fgets (char *buf, int length, FILE *input) - { - int c; - char *end = buf; - - /* fflush (input); */ - memset (buf, 0, length); - -#ifndef XP_OS2_VACPP - if (input != stdin) { - return fgets(buf,length,input); - } -#else - if (!isatty(fileno(input))) { - return fgets(buf,length,input); - } -#endif - - while (1) - { -#if defined (_WIN32_WCE) - c = getchar(); /* gets a character from stdin */ -#else - c = getch(); /* getch gets a character from the console */ -#endif - if (c == '\b') - { - if (end > buf) - end--; - } - - else if (--length > 0) - *end++ = c; - - if (!c || c == '\n' || c == '\r') - break; - } - - return buf; - } -#endif diff --git a/security/nss/cmd/lib/secutil.c b/security/nss/cmd/lib/secutil.c deleted file mode 100644 index f27c1d067..000000000 --- a/security/nss/cmd/lib/secutil.c +++ /dev/null @@ -1,2885 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Portions created by Sun Microsystems, Inc. are Copyright (C) 2003 - * Sun Microsystems, Inc. All Rights Reserved. - * - * Contributor(s): - * Dr Vipul Gupta <vipul.gupta@sun.com>, Sun Microsystems Laboratories - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ -/* -** secutil.c - various functions used by security stuff -** -*/ - -#include "prtypes.h" -#include "prtime.h" -#include "prlong.h" -#include "prerror.h" -#include "prprf.h" -#include "plgetopt.h" -#include "prenv.h" - -#include "secutil.h" -#include "secpkcs7.h" -#include <stdarg.h> -#if !defined(_WIN32_WCE) -#include <sys/stat.h> -#include <errno.h> -#endif - -#ifdef XP_UNIX -#include <unistd.h> -#endif - -/* for SEC_TraverseNames */ -#include "cert.h" -#include "certt.h" -#include "certdb.h" - -/* #include "secmod.h" */ -#include "pk11func.h" -#include "secoid.h" - -static char consoleName[] = { -#ifdef XP_UNIX -#ifdef VMS - "TT" -#else - "/dev/tty" -#endif -#else -#ifdef XP_OS2 - "\\DEV\\CON" -#else - "CON:" -#endif -#endif -}; - - -char * -SECU_GetString(int16 error_number) -{ - - static char errString[80]; - sprintf(errString, "Unknown error string (%d)", error_number); - return errString; -} - -void -SECU_PrintError(char *progName, char *msg, ...) -{ - va_list args; - PRErrorCode err = PORT_GetError(); - const char * errString = SECU_Strerror(err); - - va_start(args, msg); - - fprintf(stderr, "%s: ", progName); - vfprintf(stderr, msg, args); - if (errString != NULL && PORT_Strlen(errString) > 0) - fprintf(stderr, ": %s\n", errString); - else - fprintf(stderr, ": error %d\n", (int)err); - - va_end(args); -} - -void -SECU_PrintSystemError(char *progName, char *msg, ...) -{ - va_list args; - - va_start(args, msg); - fprintf(stderr, "%s: ", progName); - vfprintf(stderr, msg, args); -#if defined(_WIN32_WCE) - fprintf(stderr, ": %d\n", PR_GetOSError()); -#else - fprintf(stderr, ": %s\n", strerror(errno)); -#endif - va_end(args); -} - -static void -secu_ClearPassword(char *p) -{ - if (p) { - PORT_Memset(p, 0, PORT_Strlen(p)); - PORT_Free(p); - } -} - -char * -SECU_GetPasswordString(void *arg, char *prompt) -{ -#ifndef _WINDOWS - char *p = NULL; - FILE *input, *output; - - /* open terminal */ - input = fopen(consoleName, "r"); - if (input == NULL) { - fprintf(stderr, "Error opening input terminal for read\n"); - return NULL; - } - - output = fopen(consoleName, "w"); - if (output == NULL) { - fprintf(stderr, "Error opening output terminal for write\n"); - return NULL; - } - - p = SEC_GetPassword (input, output, prompt, SEC_BlindCheckPassword); - - - fclose(input); - fclose(output); - - return p; - -#else - /* Win32 version of above. opening the console may fail - on windows95, and certainly isn't necessary.. */ - - char *p = NULL; - - p = SEC_GetPassword (stdin, stdout, prompt, SEC_BlindCheckPassword); - return p; - -#endif -} - - -/* - * p a s s w o r d _ h a r d c o d e - * - * A function to use the password passed in the -f(pwfile) argument - * of the command line. - * After use once, null it out otherwise PKCS11 calls us forever.? - * - */ -char * -SECU_FilePasswd(PK11SlotInfo *slot, PRBool retry, void *arg) -{ - unsigned char phrase[200]; - PRFileDesc *fd; - PRInt32 nb; - char *pwFile = arg; - int i; - - if (!pwFile) - return 0; - - if (retry) { - return 0; /* no good retrying - the files contents will be the same */ - } - - fd = PR_Open(pwFile, PR_RDONLY, 0); - if (!fd) { - fprintf(stderr, "No password file \"%s\" exists.\n", pwFile); - return NULL; - } - - nb = PR_Read(fd, phrase, sizeof(phrase)); - - PR_Close(fd); - /* handle the Windows EOL case */ - i = 0; - while (phrase[i] != '\r' && phrase[i] != '\n' && i < nb) i++; - phrase[i] = '\0'; - if (nb == 0) { - fprintf(stderr,"password file contains no data\n"); - return NULL; - } - return (char*) PORT_Strdup((char*)phrase); -} - -char * -SECU_GetModulePassword(PK11SlotInfo *slot, PRBool retry, void *arg) -{ - char prompt[255]; - secuPWData *pwdata = (secuPWData *)arg; - secuPWData pwnull = { PW_NONE, 0 }; - char *pw; - - if (pwdata == NULL) - pwdata = &pwnull; - - if (retry && pwdata->source != PW_NONE) { - PR_fprintf(PR_STDERR, "incorrect password entered at command line.\n"); - return NULL; - } - - switch (pwdata->source) { - case PW_NONE: - sprintf(prompt, "Enter Password or Pin for \"%s\":", - PK11_GetTokenName(slot)); - return SECU_GetPasswordString(NULL, prompt); - case PW_FROMFILE: - /* Instead of opening and closing the file every time, get the pw - * once, then keep it in memory (duh). - */ - pw = SECU_FilePasswd(slot, retry, pwdata->data); - pwdata->source = PW_PLAINTEXT; - pwdata->data = PL_strdup(pw); - /* it's already been dup'ed */ - return pw; - case PW_PLAINTEXT: - return PL_strdup(pwdata->data); - default: - break; - } - - PR_fprintf(PR_STDERR, "Password check failed: No password found.\n"); - return NULL; -} - -char * -secu_InitSlotPassword(PK11SlotInfo *slot, PRBool retry, void *arg) -{ - char *p0 = NULL; - char *p1 = NULL; - FILE *input, *output; - secuPWData *pwdata = arg; - - if (pwdata->source == PW_FROMFILE) { - return SECU_FilePasswd(slot, retry, pwdata->data); - } - if (pwdata->source == PW_PLAINTEXT) { - return PL_strdup(pwdata->data); - } - - /* PW_NONE - get it from tty */ - /* open terminal */ -#ifdef _WINDOWS - input = stdin; -#else - input = fopen(consoleName, "r"); -#endif - if (input == NULL) { - PR_fprintf(PR_STDERR, "Error opening input terminal for read\n"); - return NULL; - } - - /* we have no password, so initialize database with one */ - PR_fprintf(PR_STDERR, - "Enter a password which will be used to encrypt your keys.\n" - "The password should be at least 8 characters long,\n" - "and should contain at least one non-alphabetic character.\n\n"); - - output = fopen(consoleName, "w"); - if (output == NULL) { - PR_fprintf(PR_STDERR, "Error opening output terminal for write\n"); - return NULL; - } - - - for (;;) { - if (p0) - PORT_Free(p0); - p0 = SEC_GetPassword(input, output, "Enter new password: ", - SEC_BlindCheckPassword); - - if (p1) - PORT_Free(p1); - p1 = SEC_GetPassword(input, output, "Re-enter password: ", - SEC_BlindCheckPassword); - if (p0 && p1 && !PORT_Strcmp(p0, p1)) { - break; - } - PR_fprintf(PR_STDERR, "Passwords do not match. Try again.\n"); - } - - /* clear out the duplicate password string */ - secu_ClearPassword(p1); - - fclose(input); - fclose(output); - - return p0; -} - -SECStatus -SECU_ChangePW(PK11SlotInfo *slot, char *passwd, char *pwFile) -{ - SECStatus rv; - secuPWData pwdata, newpwdata; - char *oldpw = NULL, *newpw = NULL; - - if (passwd) { - pwdata.source = PW_PLAINTEXT; - pwdata.data = passwd; - } else if (pwFile) { - pwdata.source = PW_FROMFILE; - pwdata.data = pwFile; - } else { - pwdata.source = PW_NONE; - pwdata.data = NULL; - } - - if (PK11_NeedUserInit(slot)) { - newpw = secu_InitSlotPassword(slot, PR_FALSE, &pwdata); - rv = PK11_InitPin(slot, (char*)NULL, newpw); - goto done; - } - - for (;;) { - oldpw = SECU_GetModulePassword(slot, PR_FALSE, &pwdata); - - if (PK11_CheckUserPassword(slot, oldpw) != SECSuccess) { - if (pwdata.source == PW_NONE) { - PR_fprintf(PR_STDERR, "Invalid password. Try again.\n"); - } else { - PR_fprintf(PR_STDERR, "Invalid password.\n"); - PORT_Memset(oldpw, 0, PL_strlen(oldpw)); - PORT_Free(oldpw); - return SECFailure; - } - } else - break; - - PORT_Free(oldpw); - } - - newpwdata.source = PW_NONE; - newpwdata.data = NULL; - - newpw = secu_InitSlotPassword(slot, PR_FALSE, &newpwdata); - - if (PK11_ChangePW(slot, oldpw, newpw) != SECSuccess) { - PR_fprintf(PR_STDERR, "Failed to change password.\n"); - return SECFailure; - } - - PORT_Memset(oldpw, 0, PL_strlen(oldpw)); - PORT_Free(oldpw); - - PR_fprintf(PR_STDOUT, "Password changed successfully.\n"); - -done: - PORT_Memset(newpw, 0, PL_strlen(newpw)); - PORT_Free(newpw); - return SECSuccess; -} - -struct matchobj { - SECItem index; - char *nname; - PRBool found; -}; - -char * -SECU_DefaultSSLDir(void) -{ - char *dir; - static char sslDir[1000]; - - dir = PR_GetEnv("SSL_DIR"); - if (!dir) - return NULL; - - sprintf(sslDir, "%s", dir); - - if (sslDir[strlen(sslDir)-1] == '/') - sslDir[strlen(sslDir)-1] = 0; - - return sslDir; -} - -char * -SECU_AppendFilenameToDir(char *dir, char *filename) -{ - static char path[1000]; - - if (dir[strlen(dir)-1] == '/') - sprintf(path, "%s%s", dir, filename); - else - sprintf(path, "%s/%s", dir, filename); - return path; -} - -char * -SECU_ConfigDirectory(const char* base) -{ - static PRBool initted = PR_FALSE; - const char *dir = ".netscape"; - char *home; - static char buf[1000]; - - if (initted) return buf; - - - if (base == NULL || *base == 0) { - home = PR_GetEnv("HOME"); - if (!home) home = ""; - - if (*home && home[strlen(home) - 1] == '/') - sprintf (buf, "%.900s%s", home, dir); - else - sprintf (buf, "%.900s/%s", home, dir); - } else { - sprintf(buf, "%.900s", base); - if (buf[strlen(buf) - 1] == '/') - buf[strlen(buf) - 1] = 0; - } - - - initted = PR_TRUE; - return buf; -} - -/*Turn off SSL for now */ -/* This gets called by SSL when server wants our cert & key */ -int -SECU_GetClientAuthData(void *arg, PRFileDesc *fd, - struct CERTDistNamesStr *caNames, - struct CERTCertificateStr **pRetCert, - struct SECKEYPrivateKeyStr **pRetKey) -{ - SECKEYPrivateKey *key; - CERTCertificate *cert; - int errsave; - - if (arg == NULL) { - fprintf(stderr, "no key/cert name specified for client auth\n"); - return -1; - } - cert = PK11_FindCertFromNickname(arg, NULL); - errsave = PORT_GetError(); - if (!cert) { - if (errsave == SEC_ERROR_BAD_PASSWORD) - fprintf(stderr, "Bad password\n"); - else if (errsave > 0) - fprintf(stderr, "Unable to read cert (error %d)\n", errsave); - else if (errsave == SEC_ERROR_BAD_DATABASE) - fprintf(stderr, "Unable to get cert from database (%d)\n", errsave); - else - fprintf(stderr, "SECKEY_FindKeyByName: internal error %d\n", errsave); - return -1; - } - - key = PK11_FindKeyByAnyCert(arg,NULL); - if (!key) { - fprintf(stderr, "Unable to get key (%d)\n", PORT_GetError()); - return -1; - } - - - *pRetCert = cert; - *pRetKey = key; - - return 0; -} - -SECStatus -secu_StdinToItem(SECItem *dst) -{ - unsigned char buf[1000]; - PRInt32 numBytes; - PRBool notDone = PR_TRUE; - - dst->len = 0; - dst->data = NULL; - - while (notDone) { - numBytes = PR_Read(PR_STDIN, buf, sizeof(buf)); - - if (numBytes < 0) { - return SECFailure; - } - - if (numBytes == 0) - break; - - if (dst->data) { - /* XXX if PORT_Realloc fails, the old buffer is leaked. */ - dst->data = (unsigned char*)PORT_Realloc(dst->data, - dst->len + numBytes); - } else { - dst->data = (unsigned char*)PORT_Alloc(numBytes); - } - if (!dst->data) { - return SECFailure; - } - PORT_Memcpy(dst->data + dst->len, buf, numBytes); - dst->len += numBytes; - } - - return SECSuccess; -} - -SECStatus -SECU_FileToItem(SECItem *dst, PRFileDesc *src) -{ - PRFileInfo info; - PRInt32 numBytes; - PRStatus prStatus; - - if (src == PR_STDIN) - return secu_StdinToItem(dst); - - prStatus = PR_GetOpenFileInfo(src, &info); - - if (prStatus != PR_SUCCESS) { - PORT_SetError(SEC_ERROR_IO); - return SECFailure; - } - - /* XXX workaround for 3.1, not all utils zero dst before sending */ - dst->data = 0; - if (!SECITEM_AllocItem(NULL, dst, info.size)) - goto loser; - - numBytes = PR_Read(src, dst->data, info.size); - if (numBytes != info.size) { - PORT_SetError(SEC_ERROR_IO); - goto loser; - } - - return SECSuccess; -loser: - SECITEM_FreeItem(dst, PR_FALSE); - return SECFailure; -} - -SECStatus -SECU_TextFileToItem(SECItem *dst, PRFileDesc *src) -{ - PRFileInfo info; - PRInt32 numBytes; - PRStatus prStatus; - unsigned char *buf; - - if (src == PR_STDIN) - return secu_StdinToItem(dst); - - prStatus = PR_GetOpenFileInfo(src, &info); - - if (prStatus != PR_SUCCESS) { - PORT_SetError(SEC_ERROR_IO); - return SECFailure; - } - - buf = (unsigned char*)PORT_Alloc(info.size); - if (!buf) - return SECFailure; - - numBytes = PR_Read(src, buf, info.size); - if (numBytes != info.size) { - PORT_SetError(SEC_ERROR_IO); - goto loser; - } - - if (buf[numBytes-1] == '\n') numBytes--; -#ifdef _WINDOWS - if (buf[numBytes-1] == '\r') numBytes--; -#endif - - /* XXX workaround for 3.1, not all utils zero dst before sending */ - dst->data = 0; - if (!SECITEM_AllocItem(NULL, dst, numBytes)) - goto loser; - - memcpy(dst->data, buf, numBytes); - - PORT_Free(buf); - return SECSuccess; -loser: - PORT_Free(buf); - return SECFailure; -} - -SECStatus -SECU_ReadDERFromFile(SECItem *der, PRFileDesc *inFile, PRBool ascii) -{ - SECStatus rv; - char *asc, *body, *trailer; - if (ascii) { - /* First convert ascii to binary */ - SECItem filedata; - - /* Read in ascii data */ - rv = SECU_FileToItem(&filedata, inFile); - asc = (char *)filedata.data; - if (!asc) { - fprintf(stderr, "unable to read data from input file\n"); - return SECFailure; - } - - /* check for headers and trailers and remove them */ - if ((body = strstr(asc, "-----BEGIN")) != NULL) { - body = PORT_Strchr(body, '\n') + 1; - trailer = strstr(body, "-----END"); - if (trailer != NULL) { - *trailer = '\0'; - } else { - fprintf(stderr, "input has header but no trailer\n"); - PORT_Free(filedata.data); - return SECFailure; - } - } else { - body = asc; - } - - /* Convert to binary */ - rv = ATOB_ConvertAsciiToItem(der, body); - if (rv) { - fprintf(stderr, "error converting ascii to binary (%s)\n", - SECU_Strerror(PORT_GetError())); - PORT_Free(filedata.data); - return SECFailure; - } - PORT_Free(asc); - PORT_Free(filedata.data); - } else { - /* Read in binary der */ - rv = SECU_FileToItem(der, inFile); - if (rv) { - fprintf(stderr, "error converting der (%s)\n", - SECU_Strerror(PORT_GetError())); - return SECFailure; - } - } - return SECSuccess; -} - -#define INDENT_MULT 4 -void -SECU_Indent(FILE *out, int level) -{ - int i; - for (i = 0; i < level; i++) { - fprintf(out, " "); - } -} - -static void secu_Newline(FILE *out) -{ - fprintf(out, "\n"); -} - -void -SECU_PrintAsHex(FILE *out, SECItem *data, const char *m, int level) -{ - unsigned i; - int column; - PRBool isString = PR_TRUE; - unsigned int limit = 15; - - if ( m ) { - SECU_Indent(out, level); fprintf(out, "%s:\n", m); - level++; - } - - SECU_Indent(out, level); column = level*INDENT_MULT; - /* take a pass to see if it's all printable. */ - for (i = 0; i < data->len; i++) { - unsigned char val = data->data[i]; - if (!val || !isprint(val)) { - isString = PR_FALSE; - break; - } - } - - if (!isString) - for (i = 0; i < data->len; i++) { - if (i != data->len - 1) { - fprintf(out, "%02x:", data->data[i]); - column += 3; - } else { - fprintf(out, "%02x", data->data[i]); - column += 2; - break; - } - if (column > 76 || (i % 16 == limit)) { - secu_Newline(out); - SECU_Indent(out, level); - column = level*INDENT_MULT; - limit = i % 16; - } - } else { - for (i = 0; i < data->len; i++) { - unsigned char val = data->data[i]; - - if (val) { - fprintf(out,"%c",val); - column++; - } else { - column = 77; - } - if (column > 76) { - secu_Newline(out); - SECU_Indent(out, level); column = level*INDENT_MULT; - } - } - } - - if (column != level*INDENT_MULT) { - secu_Newline(out); - } -} - -static const char *hex = "0123456789abcdef"; - -static const char printable[257] = { - "................" /* 0x */ - "................" /* 1x */ - " !\"#$%&'()*+,-./" /* 2x */ - "0123456789:;<=>?" /* 3x */ - "@ABCDEFGHIJKLMNO" /* 4x */ - "PQRSTUVWXYZ[\\]^_" /* 5x */ - "`abcdefghijklmno" /* 6x */ - "pqrstuvwxyz{|}~." /* 7x */ - "................" /* 8x */ - "................" /* 9x */ - "................" /* ax */ - "................" /* bx */ - "................" /* cx */ - "................" /* dx */ - "................" /* ex */ - "................" /* fx */ -}; - -void -SECU_PrintBuf(FILE *out, const char *msg, const void *vp, int len) -{ - const unsigned char *cp = (const unsigned char *)vp; - char buf[80]; - char *bp; - char *ap; - - fprintf(out, "%s [Len: %d]\n", msg, len); - memset(buf, ' ', sizeof buf); - bp = buf; - ap = buf + 50; - while (--len >= 0) { - unsigned char ch = *cp++; - *bp++ = hex[(ch >> 4) & 0xf]; - *bp++ = hex[ch & 0xf]; - *bp++ = ' '; - *ap++ = printable[ch]; - if (ap - buf >= 66) { - *ap = 0; - fprintf(out, " %s\n", buf); - memset(buf, ' ', sizeof buf); - bp = buf; - ap = buf + 50; - } - } - if (bp > buf) { - *ap = 0; - fprintf(out, " %s\n", buf); - } -} - -SECStatus -SECU_StripTagAndLength(SECItem *i) -{ - unsigned int start; - - if (!i || !i->data || i->len < 2) { /* must be at least tag and length */ - return SECFailure; - } - start = ((i->data[1] & 0x80) ? (i->data[1] & 0x7f) + 2 : 2); - if (i->len < start) { - return SECFailure; - } - i->data += start; - i->len -= start; - return SECSuccess; -} - - -/* This expents i->data[0] to be the MSB of the integer. -** if you want to print a DER-encoded integer (with the tag and length) -** call SECU_PrintEncodedInteger(); -*/ -void -SECU_PrintInteger(FILE *out, SECItem *i, char *m, int level) -{ - int iv; - - if (!i || !i->len || !i->data) { - SECU_Indent(out, level); - if (m) { - fprintf(out, "%s: (null)\n", m); - } else { - fprintf(out, "(null)\n"); - } - } else if (i->len > 4) { - SECU_PrintAsHex(out, i, m, level); - } else { - iv = DER_GetInteger(i); - SECU_Indent(out, level); - if (m) { - fprintf(out, "%s: %d (0x%x)\n", m, iv, iv); - } else { - fprintf(out, "%d (0x%x)\n", iv, iv); - } - } -} - -static void -secu_PrintRawString(FILE *out, SECItem *si, char *m, int level) -{ - int column; - unsigned int i; - - if ( m ) { - SECU_Indent(out, level); fprintf(out, "%s:\n", m); - level++; - } - - SECU_Indent(out, level); column = level*INDENT_MULT; - fprintf(out, "\""); column++; - - for (i = 0; i < si->len; i++) { - unsigned char val = si->data[i]; - if (column > 76) { - secu_Newline(out); - SECU_Indent(out, level); column = level*INDENT_MULT; - } - - fprintf(out,"%c", printable[val]); column++; - } - - fprintf(out, "\""); column++; - if (column != level*INDENT_MULT || column > 76) { - secu_Newline(out); - } -} - -void -SECU_PrintString(FILE *out, SECItem *si, char *m, int level) -{ - SECItem my = *si; - - if (SECSuccess != SECU_StripTagAndLength(&my) || !my.len) - return; - secu_PrintRawString(out, &my, m, level); -} - -/* print an unencoded boolean */ -static void -secu_PrintBoolean(FILE *out, SECItem *i, const char *m, int level) -{ - int val = 0; - - if ( i->data && i->len ) { - val = i->data[0]; - } - - if (!m) { - m = "Boolean"; - } - SECU_Indent(out, level); - fprintf(out, "%s: %s\n", m, (val ? "True" : "False")); -} - -/* - * Format and print "time". If the tag message "m" is not NULL, - * do indent formatting based on "level" and add a newline afterward; - * otherwise just print the formatted time string only. - */ -static void -secu_PrintTime(FILE *out, int64 time, char *m, int level) -{ - PRExplodedTime printableTime; - char *timeString; - - /* Convert to local time */ - PR_ExplodeTime(time, PR_GMTParameters, &printableTime); - - timeString = PORT_Alloc(100); - if (timeString == NULL) - return; - - if (m != NULL) { - SECU_Indent(out, level); - fprintf(out, "%s: ", m); - } - - PR_FormatTime(timeString, 100, "%a %b %d %H:%M:%S %Y", &printableTime); - fprintf(out, timeString); - - if (m != NULL) - fprintf(out, "\n"); - - PORT_Free(timeString); -} - -/* - * Format and print the UTC Time "t". If the tag message "m" is not NULL, - * do indent formatting based on "level" and add a newline afterward; - * otherwise just print the formatted time string only. - */ -void -SECU_PrintUTCTime(FILE *out, SECItem *t, char *m, int level) -{ - int64 time; - SECStatus rv; - - rv = DER_UTCTimeToTime(&time, t); - if (rv != SECSuccess) - return; - - secu_PrintTime(out, time, m, level); -} - -/* - * Format and print the Generalized Time "t". If the tag message "m" - * is not NULL, * do indent formatting based on "level" and add a newline - * afterward; otherwise just print the formatted time string only. - */ -void -SECU_PrintGeneralizedTime(FILE *out, SECItem *t, char *m, int level) -{ - int64 time; - SECStatus rv; - - - rv = DER_GeneralizedTimeToTime(&time, t); - if (rv != SECSuccess) - return; - - secu_PrintTime(out, time, m, level); -} - -/* - * Format and print the UTC or Generalized Time "t". If the tag message - * "m" is not NULL, do indent formatting based on "level" and add a newline - * afterward; otherwise just print the formatted time string only. - */ -void -SECU_PrintTimeChoice(FILE *out, SECItem *t, char *m, int level) -{ - switch (t->type) { - case siUTCTime: - SECU_PrintUTCTime(out, t, m, level); - break; - - case siGeneralizedTime: - SECU_PrintGeneralizedTime(out, t, m, level); - break; - - default: - PORT_Assert(0); - break; - } -} - -static void secu_PrintAny(FILE *out, SECItem *i, char *m, int level); - -/* This prints a SET or SEQUENCE */ -void -SECU_PrintSet(FILE *out, SECItem *t, char *m, int level) -{ - int type = t->data[0] & SEC_ASN1_TAGNUM_MASK; - int constructed = t->data[0] & SEC_ASN1_CONSTRUCTED; - const char * label; - SECItem my = *t; - - if (!constructed) { - SECU_PrintAsHex(out, t, m, level); - return; - } - if (SECSuccess != SECU_StripTagAndLength(&my)) - return; - - SECU_Indent(out, level); - if (m) { - fprintf(out, "%s: ", m); - } - - if (type == SEC_ASN1_SET) - label = "Set "; - else if (type == SEC_ASN1_SEQUENCE) - label = "Sequence "; - else - label = ""; - fprintf(out,"%s{\n", label); /* } */ - - while (my.len >= 2) { - SECItem tmp = my; - - if (tmp.data[1] & 0x80) { - unsigned int i; - unsigned int lenlen = tmp.data[1] & 0x7f; - if (lenlen > sizeof tmp.len) - break; - tmp.len = 0; - for (i=0; i < lenlen; i++) { - tmp.len = (tmp.len << 8) | tmp.data[2+i]; - } - tmp.len += lenlen + 2; - } else { - tmp.len = tmp.data[1] + 2; - } - if (tmp.len > my.len) { - tmp.len = my.len; - } - my.data += tmp.len; - my.len -= tmp.len; - secu_PrintAny(out, &tmp, NULL, level + 1); - } - SECU_Indent(out, level); fprintf(out, /* { */ "}\n"); -} - -static void -secu_PrintContextSpecific(FILE *out, SECItem *i, char *m, int level) -{ - int type = i->data[0] & SEC_ASN1_TAGNUM_MASK; - int constructed = i->data[0] & SEC_ASN1_CONSTRUCTED; - SECItem tmp; - - if (constructed) { - char * m2; - if (!m) - m2 = PR_smprintf("[%d]", type); - else - m2 = PR_smprintf("%s: [%d]", m, type); - if (m2) { - SECU_PrintSet(out, i, m2, level); - PR_smprintf_free(m2); - } - return; - } - - SECU_Indent(out, level); - if (m) { - fprintf(out, "%s: ", m); - } - fprintf(out,"[%d]\n", type); - - tmp = *i; - if (SECSuccess == SECU_StripTagAndLength(&tmp)) - SECU_PrintAsHex(out, &tmp, m, level+1); -} - -static void -secu_PrintOctetString(FILE *out, SECItem *i, char *m, int level) -{ - SECItem tmp = *i; - if (SECSuccess == SECU_StripTagAndLength(&tmp)) - SECU_PrintAsHex(out, &tmp, m, level); -} - -static void -secu_PrintBitString(FILE *out, SECItem *i, char *m, int level) -{ - int unused_bits; - SECItem tmp = *i; - - if (SECSuccess != SECU_StripTagAndLength(&tmp) || tmp.len < 2) - return; - - unused_bits = *tmp.data++; - tmp.len--; - - SECU_PrintAsHex(out, &tmp, m, level); - if (unused_bits) { - SECU_Indent(out, level + 1); - fprintf(out, "(%d least significant bits unused)\n", unused_bits); - } -} - -/* Print a DER encoded Boolean */ -void -SECU_PrintEncodedBoolean(FILE *out, SECItem *i, char *m, int level) -{ - SECItem my = *i; - if (SECSuccess == SECU_StripTagAndLength(&my)) - secu_PrintBoolean(out, &my, m, level); -} - -/* Print a DER encoded integer */ -void -SECU_PrintEncodedInteger(FILE *out, SECItem *i, char *m, int level) -{ - SECItem my = *i; - if (SECSuccess == SECU_StripTagAndLength(&my)) - SECU_PrintInteger(out, &my, m, level); -} - -/* Print a DER encoded OID */ -void -SECU_PrintEncodedObjectID(FILE *out, SECItem *i, char *m, int level) -{ - SECItem my = *i; - if (SECSuccess == SECU_StripTagAndLength(&my)) - SECU_PrintObjectID(out, &my, m, level); -} - -static void -secu_PrintUniversal(FILE *out, SECItem *i, char *m, int level) -{ - switch (i->data[0] & SEC_ASN1_TAGNUM_MASK) { - case SEC_ASN1_ENUMERATED: - case SEC_ASN1_INTEGER: - SECU_PrintEncodedInteger(out, i, m, level); - break; - case SEC_ASN1_OBJECT_ID: - SECU_PrintEncodedObjectID(out, i, m, level); - break; - case SEC_ASN1_BOOLEAN: - SECU_PrintEncodedBoolean(out, i, m, level); - break; - case SEC_ASN1_UTF8_STRING: - case SEC_ASN1_PRINTABLE_STRING: - case SEC_ASN1_VISIBLE_STRING: - case SEC_ASN1_IA5_STRING: - case SEC_ASN1_T61_STRING: - SECU_PrintString(out, i, m, level); - break; - case SEC_ASN1_GENERALIZED_TIME: - SECU_PrintGeneralizedTime(out, i, m, level); - break; - case SEC_ASN1_UTC_TIME: - SECU_PrintUTCTime(out, i, m, level); - break; - case SEC_ASN1_NULL: - SECU_Indent(out, level); fprintf(out, "%s: NULL\n", m); - break; - case SEC_ASN1_SET: - case SEC_ASN1_SEQUENCE: - SECU_PrintSet(out, i, m, level); - break; - case SEC_ASN1_OCTET_STRING: - secu_PrintOctetString(out, i, m, level); - break; - case SEC_ASN1_BIT_STRING: - secu_PrintBitString(out, i, m, level); - break; - case SEC_ASN1_BMP_STRING: - case SEC_ASN1_UNIVERSAL_STRING: - default: - SECU_PrintAsHex(out, i, m, level); - break; - } -} - -static void -secu_PrintAny(FILE *out, SECItem *i, char *m, int level) -{ - if ( i && i->len && i->data ) { - switch (i->data[0] & SEC_ASN1_CLASS_MASK) { - case SEC_ASN1_CONTEXT_SPECIFIC: - secu_PrintContextSpecific(out, i, m, level); - break; - case SEC_ASN1_UNIVERSAL: - secu_PrintUniversal(out, i, m, level); - break; - default: - SECU_PrintAsHex(out, i, m, level); - break; - } - } -} - -static int -secu_PrintValidity(FILE *out, CERTValidity *v, char *m, int level) -{ - SECU_Indent(out, level); fprintf(out, "%s:\n", m); - SECU_PrintTimeChoice(out, &v->notBefore, "Not Before", level+1); - SECU_PrintTimeChoice(out, &v->notAfter, "Not After ", level+1); - return 0; -} - -/* This function does NOT expect a DER type and length. */ -void -SECU_PrintObjectID(FILE *out, SECItem *oid, char *m, int level) -{ - SECOidData *oiddata; - char * oidString = NULL; - - oiddata = SECOID_FindOID(oid); - if (oiddata != NULL) { - const char *name = oiddata->desc; - SECU_Indent(out, level); - if (m != NULL) - fprintf(out, "%s: ", m); - fprintf(out, "%s\n", name); - return; - } - oidString = CERT_GetOidString(oid); - if (oidString) { - SECU_Indent(out, level); - if (m != NULL) - fprintf(out, "%s: ", m); - fprintf(out, "%s\n", oidString); - PR_smprintf_free(oidString); - return; - } - SECU_PrintAsHex(out, oid, m, level); -} - - -/* This function does NOT expect a DER type and length. */ -void -SECU_PrintAlgorithmID(FILE *out, SECAlgorithmID *a, char *m, int level) -{ - SECU_PrintObjectID(out, &a->algorithm, m, level); - - if (a->parameters.len == 0 - || (a->parameters.len == 2 - && PORT_Memcmp(a->parameters.data, "\005\000", 2) == 0)) { - /* No arguments or NULL argument */ - } else { - /* Print args to algorithm */ - SECU_PrintAsHex(out, &a->parameters, "Args", level+1); - } -} - -static void -secu_PrintAttribute(FILE *out, SEC_PKCS7Attribute *attr, char *m, int level) -{ - SECItem *value; - int i; - char om[100]; - - if (m) { - SECU_Indent(out, level); fprintf(out, "%s:\n", m); - } - - /* - * Should make this smarter; look at the type field and then decode - * and print the value(s) appropriately! - */ - SECU_PrintObjectID(out, &(attr->type), "Type", level+1); - if (attr->values != NULL) { - i = 0; - while ((value = attr->values[i++]) != NULL) { - sprintf(om, "Value (%d)%s", i, attr->encoded ? " (encoded)" : ""); - if (attr->encoded || attr->typeTag == NULL) { - SECU_PrintAsHex(out, value, om, level+1); - } else { - switch (attr->typeTag->offset) { - default: - SECU_PrintAsHex(out, value, om, level+1); - break; - case SEC_OID_PKCS9_CONTENT_TYPE: - SECU_PrintObjectID(out, value, om, level+1); - break; - case SEC_OID_PKCS9_SIGNING_TIME: - SECU_PrintTimeChoice(out, value, om, level+1); - break; - } - } - } - } -} - -static void -secu_PrintRSAPublicKey(FILE *out, SECKEYPublicKey *pk, char *m, int level) -{ -#if 0 /* - * um, yeah, that might be nice, but if you look at the callers - * you will see that they do not *set* this, so this will not work! - * Instead, somebody needs to fix the callers to be smarter about - * public key stuff, if that is important. - */ - PORT_Assert(pk->keyType == rsaKey); -#endif - - SECU_Indent(out, level); fprintf(out, "%s:\n", m); - SECU_PrintInteger(out, &pk->u.rsa.modulus, "Modulus", level+1); - SECU_PrintInteger(out, &pk->u.rsa.publicExponent, "Exponent", level+1); -} - -static void -secu_PrintDSAPublicKey(FILE *out, SECKEYPublicKey *pk, char *m, int level) -{ - SECU_Indent(out, level); fprintf(out, "%s:\n", m); - SECU_PrintInteger(out, &pk->u.dsa.params.prime, "Prime", level+1); - SECU_PrintInteger(out, &pk->u.dsa.params.subPrime, "Subprime", level+1); - SECU_PrintInteger(out, &pk->u.dsa.params.base, "Base", level+1); - SECU_PrintInteger(out, &pk->u.dsa.publicValue, "PublicValue", level+1); -} - -#ifdef NSS_ENABLE_ECC -static void -secu_PrintECPublicKey(FILE *out, SECKEYPublicKey *pk, char *m, int level) -{ - SECItem curveOID = { siBuffer, NULL, 0}; - - SECU_Indent(out, level); fprintf(out, "%s:\n", m); - SECU_PrintInteger(out, &pk->u.ec.publicValue, "PublicValue", level+1); - /* For named curves, the DEREncodedParams field contains an - * ASN Object ID (0x06 is SEC_ASN1_OBJECT_ID). - */ - if ((pk->u.ec.DEREncodedParams.len > 2) && - (pk->u.ec.DEREncodedParams.data[0] == 0x06)) { - curveOID.len = pk->u.ec.DEREncodedParams.data[1]; - curveOID.data = pk->u.ec.DEREncodedParams.data + 2; - SECU_PrintObjectID(out, &curveOID, "Curve", level +1); - } -} -#endif /* NSS_ENABLE_ECC */ - -static int -secu_PrintSubjectPublicKeyInfo(FILE *out, PRArenaPool *arena, - CERTSubjectPublicKeyInfo *i, char *msg, int level) -{ - SECKEYPublicKey *pk; - - SECU_Indent(out, level); fprintf(out, "%s:\n", msg); - SECU_PrintAlgorithmID(out, &i->algorithm, "Public Key Algorithm", level+1); - - pk = SECKEY_ExtractPublicKey(i); - if (pk) { - switch (pk->keyType) { - case rsaKey: - secu_PrintRSAPublicKey(out, pk, "RSA Public Key", level +1); - break; - - case dsaKey: - secu_PrintDSAPublicKey(out, pk, "DSA Public Key", level +1); - break; - -#ifdef NSS_ENABLE_ECC - case ecKey: - secu_PrintECPublicKey(out, pk, "EC Public Key", level +1); - break; -#endif - - case dhKey: - case fortezzaKey: - case keaKey: - fprintf(out, "unable to format this SPKI algorithm type\n"); - break; - default: - fprintf(out, "unknown SPKI algorithm type\n"); - break; - } - PORT_FreeArena(pk->arena, PR_FALSE); - } else { - SECU_PrintError("Error", "Parsing public key"); - } - - return 0; -} - -static SECStatus -secu_PrintX509InvalidDate(FILE *out, SECItem *value, char *msg, int level) -{ - SECItem decodedValue; - SECStatus rv; - int64 invalidTime; - char *formattedTime = NULL; - - decodedValue.data = NULL; - rv = SEC_ASN1DecodeItem (NULL, &decodedValue, - SEC_ASN1_GET(SEC_GeneralizedTimeTemplate), - value); - if (rv == SECSuccess) { - rv = DER_GeneralizedTimeToTime(&invalidTime, &decodedValue); - if (rv == SECSuccess) { - formattedTime = CERT_GenTime2FormattedAscii - (invalidTime, "%a %b %d %H:%M:%S %Y"); - SECU_Indent(out, level +1); - fprintf (out, "%s: %s\n", msg, formattedTime); - PORT_Free (formattedTime); - } - } - PORT_Free (decodedValue.data); - return (rv); -} - -static SECStatus -PrintExtKeyUsageExten (FILE *out, SECItem *value, char *msg, int level) -{ - CERTOidSequence *os; - SECItem **op; - - SECU_Indent(out, level); fprintf(out, "Extended Key Usage Extension:\n"); - - os = CERT_DecodeOidSequence(value); - if( (CERTOidSequence *)NULL == os ) { - return SECFailure; - } - - for( op = os->oids; *op; op++ ) { - SECU_PrintObjectID(out, *op, msg, level + 1); - } - CERT_DestroyOidSequence(os); - return SECSuccess; -} - -char * -itemToString(SECItem *item) -{ - char *string; - - string = PORT_ZAlloc(item->len+1); - if (string == NULL) return NULL; - PORT_Memcpy(string,item->data,item->len); - string[item->len] = 0; - return string; -} - -static SECStatus -secu_PrintPolicyQualifier(FILE *out,CERTPolicyQualifier *policyQualifier,char *msg,int level) -{ - CERTUserNotice *userNotice; - SECItem **itemList = NULL; - char *string; - - SECU_PrintObjectID(out, &policyQualifier->qualifierID , - "Policy Qualifier Name", level); - - switch (policyQualifier->oid) { - case SEC_OID_PKIX_USER_NOTICE_QUALIFIER: - userNotice = CERT_DecodeUserNotice(&policyQualifier->qualifierValue); - if (userNotice) { - if (userNotice->noticeReference.organization.len != 0) { - string=itemToString(&userNotice->noticeReference.organization); - itemList = userNotice->noticeReference.noticeNumbers; - while (*itemList) { - SECU_PrintInteger(out,*itemList,string,level+1); - itemList++; - } - PORT_Free(string); - } - if (userNotice->displayText.len != 0) { - SECU_PrintString(out,&userNotice->displayText, - "Display Text", level+1); - } - break; - } - /* fall through on error */ - case SEC_OID_PKIX_CPS_POINTER_QUALIFIER: - default: - secu_PrintAny(out, &policyQualifier->qualifierValue, - "Policy Qualifier Data", level+1); - break; - } - - return SECSuccess; - -} - -static SECStatus -secu_PrintPolicyInfo(FILE *out,CERTPolicyInfo *policyInfo,char *msg,int level) -{ - CERTPolicyQualifier **policyQualifiers; - - policyQualifiers = policyInfo->policyQualifiers; - SECU_PrintObjectID(out, &policyInfo->policyID , "Policy Name", level); - - while (*policyQualifiers != NULL) { - secu_PrintPolicyQualifier(out,*policyQualifiers,"",level+1); - policyQualifiers++; - } - return SECSuccess; - -} - -static SECStatus -secu_PrintPolicy(FILE *out, SECItem *value, char *msg, int level) -{ - CERTCertificatePolicies *policies = NULL; - CERTPolicyInfo **policyInfos; - - if (msg) { - SECU_Indent(out, level); - fprintf(out,"%s: \n",msg); - level++; - } - policies = CERT_DecodeCertificatePoliciesExtension(value); - if (policies == NULL) { - SECU_PrintAsHex(out, value, "Invalid Policy Data", level); - return SECFailure; - } - - policyInfos = policies->policyInfos; - while (*policyInfos != NULL) { - secu_PrintPolicyInfo(out,*policyInfos,"",level); - policyInfos++; - } - - CERT_DestroyCertificatePoliciesExtension(policies); - return SECSuccess; -} - -char *nsTypeBits[] = { -"SSL Client","SSL Server","S/MIME","Object Signing","Reserved","SSL CA","S/MIME CA","ObjectSigning CA" }; - -static SECStatus -secu_PrintBasicConstraints(FILE *out, SECItem *value, char *msg, int level) { - CERTBasicConstraints constraints; - SECStatus rv; - - SECU_Indent(out, level); - if (msg) { - fprintf(out,"%s: ",msg); - } - rv = CERT_DecodeBasicConstraintValue(&constraints,value); - if (rv == SECSuccess && constraints.isCA) { - fprintf(out,"Is a CA with a maximum path length of %d.\n", - constraints.pathLenConstraint); - } else { - fprintf(out,"Is not a CA.\n"); - } - return SECSuccess; -} - -/* NSCertType is merely a bit string whose bits are displayed symbolically */ -static SECStatus -secu_PrintNSCertType(FILE *out, SECItem *value, char *msg, int level) -{ - int unused; - int NS_Type; - int i; - int found = 0; - SECItem my = *value; - - if ((my.data[0] != SEC_ASN1_BIT_STRING) || - SECSuccess != SECU_StripTagAndLength(&my)) { - secu_PrintAny(out, value, "Data", level); - return SECSuccess; - } - - unused = (my.len == 2) ? (my.data[0] & 0x0f) : 0; - NS_Type = my.data[1] & (0xff << unused); - - - SECU_Indent(out, level); - if (msg) { - fprintf(out,"%s: ",msg); - } else { - fprintf(out,"Netscape Certificate Type: "); - } - for (i=0; i < 8; i++) { - if ( (0x80 >> i) & NS_Type) { - fprintf(out, "%c%s", (found ? ',' : '<'), nsTypeBits[i]); - found = 1; - } - } - fprintf(out, (found ? ">\n" : "none\n")); - return SECSuccess; -} - -void -SECU_PrintExtensions(FILE *out, CERTCertExtension **extensions, - char *msg, int level) -{ - SECOidTag oidTag; - - if ( extensions ) { - SECU_Indent(out, level); fprintf(out, "%s:\n", msg); - - while ( *extensions ) { - SECItem *tmpitem; - - tmpitem = &(*extensions)->id; - SECU_PrintObjectID(out, tmpitem, "Name", level+1); - - tmpitem = &(*extensions)->critical; - if ( tmpitem->len ) { - secu_PrintBoolean(out, tmpitem, "Critical", level+1); - } - - oidTag = SECOID_FindOIDTag (&((*extensions)->id)); - tmpitem = &((*extensions)->value); - - switch (oidTag) { - case SEC_OID_X509_INVALID_DATE: - case SEC_OID_NS_CERT_EXT_CERT_RENEWAL_TIME: - secu_PrintX509InvalidDate(out, tmpitem, "Date", level + 1); - break; - case SEC_OID_X509_CERTIFICATE_POLICIES: - secu_PrintPolicy(out, tmpitem, "Data", level +1); - break; - case SEC_OID_NS_CERT_EXT_BASE_URL: - case SEC_OID_NS_CERT_EXT_REVOCATION_URL: - case SEC_OID_NS_CERT_EXT_CA_REVOCATION_URL: - case SEC_OID_NS_CERT_EXT_CA_CRL_URL: - case SEC_OID_NS_CERT_EXT_CA_CERT_URL: - case SEC_OID_NS_CERT_EXT_CERT_RENEWAL_URL: - case SEC_OID_NS_CERT_EXT_CA_POLICY_URL: - case SEC_OID_NS_CERT_EXT_HOMEPAGE_URL: - case SEC_OID_NS_CERT_EXT_LOST_PASSWORD_URL: - case SEC_OID_OCSP_RESPONDER: - SECU_PrintString(out,tmpitem, "URL", level+1); - break; - case SEC_OID_NS_CERT_EXT_COMMENT: - SECU_PrintString(out,tmpitem, "Comment", level+1); - break; - case SEC_OID_NS_CERT_EXT_SSL_SERVER_NAME: - SECU_PrintString(out,tmpitem, "ServerName", level+1); - break; - case SEC_OID_NS_CERT_EXT_CERT_TYPE: - secu_PrintNSCertType(out,tmpitem,"Data",level+1); - break; - case SEC_OID_X509_BASIC_CONSTRAINTS: - secu_PrintBasicConstraints(out,tmpitem,"Data",level+1); - break; - - case SEC_OID_X509_EXT_KEY_USAGE: - PrintExtKeyUsageExten(out, tmpitem, NULL, level+1); - break; - - case SEC_OID_X509_AUTH_INFO_ACCESS: - case SEC_OID_X509_CRL_NUMBER: - case SEC_OID_X509_REASON_CODE: - - /* PKIX OIDs */ - case SEC_OID_PKIX_OCSP: - case SEC_OID_PKIX_OCSP_BASIC_RESPONSE: - case SEC_OID_PKIX_OCSP_NONCE: - case SEC_OID_PKIX_OCSP_CRL: - case SEC_OID_PKIX_OCSP_RESPONSE: - case SEC_OID_PKIX_OCSP_NO_CHECK: - case SEC_OID_PKIX_OCSP_ARCHIVE_CUTOFF: - case SEC_OID_PKIX_OCSP_SERVICE_LOCATOR: - case SEC_OID_PKIX_REGCTRL_REGTOKEN: - case SEC_OID_PKIX_REGCTRL_AUTHENTICATOR: - case SEC_OID_PKIX_REGCTRL_PKIPUBINFO: - case SEC_OID_PKIX_REGCTRL_PKI_ARCH_OPTIONS: - case SEC_OID_PKIX_REGCTRL_OLD_CERT_ID: - case SEC_OID_PKIX_REGCTRL_PROTOCOL_ENC_KEY: - case SEC_OID_PKIX_REGINFO_UTF8_PAIRS: - case SEC_OID_PKIX_REGINFO_CERT_REQUEST: - case SEC_OID_EXT_KEY_USAGE_SERVER_AUTH: - case SEC_OID_EXT_KEY_USAGE_CLIENT_AUTH: - case SEC_OID_EXT_KEY_USAGE_CODE_SIGN: - case SEC_OID_EXT_KEY_USAGE_EMAIL_PROTECT: - case SEC_OID_EXT_KEY_USAGE_TIME_STAMP: - case SEC_OID_X509_SUBJECT_ALT_NAME: - case SEC_OID_X509_ISSUER_ALT_NAME: - /* - * We should add at least some of the more interesting cases - * here, but need to have subroutines to back them up. - */ - case SEC_OID_NS_CERT_EXT_NETSCAPE_OK: - case SEC_OID_NS_CERT_EXT_ISSUER_LOGO: - case SEC_OID_NS_CERT_EXT_SUBJECT_LOGO: - case SEC_OID_NS_CERT_EXT_ENTITY_LOGO: - case SEC_OID_NS_CERT_EXT_USER_PICTURE: - case SEC_OID_NS_KEY_USAGE_GOVT_APPROVED: - - /* x.509 v3 Extensions */ - case SEC_OID_X509_SUBJECT_DIRECTORY_ATTR: - case SEC_OID_X509_SUBJECT_KEY_ID: - case SEC_OID_X509_KEY_USAGE: - case SEC_OID_X509_PRIVATE_KEY_USAGE_PERIOD: - case SEC_OID_X509_NAME_CONSTRAINTS: - case SEC_OID_X509_CRL_DIST_POINTS: - case SEC_OID_X509_POLICY_MAPPINGS: - case SEC_OID_X509_POLICY_CONSTRAINTS: - case SEC_OID_X509_AUTH_KEY_ID: - - - default: - secu_PrintAny(out, tmpitem, "Data", level+1); - break; - } - - secu_Newline(out); - extensions++; - } - } -} - - -void -SECU_PrintName(FILE *out, CERTName *name, char *msg, int level) -{ - char *nameStr; - char *str; - SECItem my; - - str = nameStr = CERT_NameToAscii(name); - if (!str) - str = "!Invalid AVA!"; - my.data = (unsigned char *)str; - my.len = PORT_Strlen(str); -#if 1 - secu_PrintRawString(out, &my, msg, level); -#else - SECU_Indent(out, level); fprintf(out, "%s: ", msg); - fprintf(out, str); - secu_Newline(out); -#endif - PORT_Free(nameStr); -} - -void -printflags(char *trusts, unsigned int flags) -{ - if (flags & CERTDB_VALID_CA) - if (!(flags & CERTDB_TRUSTED_CA) && - !(flags & CERTDB_TRUSTED_CLIENT_CA)) - PORT_Strcat(trusts, "c"); - if (flags & CERTDB_VALID_PEER) - if (!(flags & CERTDB_TRUSTED)) - PORT_Strcat(trusts, "p"); - if (flags & CERTDB_TRUSTED_CA) - PORT_Strcat(trusts, "C"); - if (flags & CERTDB_TRUSTED_CLIENT_CA) - PORT_Strcat(trusts, "T"); - if (flags & CERTDB_TRUSTED) - PORT_Strcat(trusts, "P"); - if (flags & CERTDB_USER) - PORT_Strcat(trusts, "u"); - if (flags & CERTDB_SEND_WARN) - PORT_Strcat(trusts, "w"); - if (flags & CERTDB_INVISIBLE_CA) - PORT_Strcat(trusts, "I"); - if (flags & CERTDB_GOVT_APPROVED_CA) - PORT_Strcat(trusts, "G"); - return; -} - -/* callback for listing certs through pkcs11 */ -SECStatus -SECU_PrintCertNickname(CERTCertListNode *node, void *data) -{ - CERTCertTrust *trust; - CERTCertificate* cert; - FILE *out; - char trusts[30]; - char *name; - - cert = node->cert; - - PORT_Memset (trusts, 0, sizeof (trusts)); - out = (FILE *)data; - - name = node->appData; - if (!name || !name[0]) { - name = cert->nickname; - } - if (!name || !name[0]) { - name = cert->emailAddr; - } - if (!name || !name[0]) { - name = "(NULL)"; - } - - trust = cert->trust; - if (trust) { - printflags(trusts, trust->sslFlags); - PORT_Strcat(trusts, ","); - printflags(trusts, trust->emailFlags); - PORT_Strcat(trusts, ","); - printflags(trusts, trust->objectSigningFlags); - } else { - PORT_Memcpy(trusts,",,",3); - } - fprintf(out, "%-60s %-5s\n", name, trusts); - - return (SECSuccess); -} - -int /* sometimes a PRErrorCode, other times a SECStatus. Sigh. */ -SECU_PrintCertificateRequest(FILE *out, SECItem *der, char *m, int level) -{ - PRArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - CERTCertificateRequest *cr; - int rv = SEC_ERROR_NO_MEMORY; - - if (!arena) - return rv; - - /* Decode certificate request */ - cr = PORT_ArenaZNew(arena, CERTCertificateRequest); - if (!cr) - goto loser; - cr->arena = arena; - rv = SEC_QuickDERDecodeItem(arena, cr, - SEC_ASN1_GET(CERT_CertificateRequestTemplate), der); - if (rv) - goto loser; - - /* Pretty print it out */ - SECU_Indent(out, level); fprintf(out, "%s:\n", m); - SECU_PrintInteger(out, &cr->version, "Version", level+1); - SECU_PrintName(out, &cr->subject, "Subject", level+1); - rv = secu_PrintSubjectPublicKeyInfo(out, arena, &cr->subjectPublicKeyInfo, - "Subject Public Key Info", level+1); - if (rv) - goto loser; - if (cr->attributes) - secu_PrintAny(out, cr->attributes[0], "Attributes", level+1); - -loser: - PORT_FreeArena(arena, PR_FALSE); - return rv; -} - -int -SECU_PrintCertificate(FILE *out, SECItem *der, char *m, int level) -{ - PRArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - CERTCertificate *c; - int rv = SEC_ERROR_NO_MEMORY; - int iv; - - if (!arena) - return rv; - - /* Decode certificate */ - c = PORT_ArenaZNew(arena, CERTCertificate); - if (!c) - goto loser; - c->arena = arena; - rv = SEC_ASN1DecodeItem(arena, c, - SEC_ASN1_GET(CERT_CertificateTemplate), der); - if (rv) - goto loser; - - /* Pretty print it out */ - SECU_Indent(out, level); fprintf(out, "%s:\n", m); - iv = c->version.len ? DER_GetInteger(&c->version) : 0; /* version is optional */ - SECU_Indent(out, level+1); fprintf(out, "%s: %d (0x%x)\n", "Version", iv + 1, iv); - - SECU_PrintInteger(out, &c->serialNumber, "Serial Number", level+1); - SECU_PrintAlgorithmID(out, &c->signature, "Signature Algorithm", level+1); - SECU_PrintName(out, &c->issuer, "Issuer", level+1); - secu_PrintValidity(out, &c->validity, "Validity", level+1); - SECU_PrintName(out, &c->subject, "Subject", level+1); - rv = secu_PrintSubjectPublicKeyInfo(out, arena, &c->subjectPublicKeyInfo, - "Subject Public Key Info", level+1); - if (rv) - goto loser; - SECU_PrintExtensions(out, c->extensions, "Signed Extensions", level+1); -loser: - PORT_FreeArena(arena, PR_FALSE); - return rv; -} - -int -SECU_PrintPublicKey(FILE *out, SECItem *der, char *m, int level) -{ - PRArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - SECKEYPublicKey key; - int rv = SEC_ERROR_NO_MEMORY; - - if (!arena) - return rv; - - PORT_Memset(&key, 0, sizeof(key)); - rv = SEC_ASN1DecodeItem(arena, &key, - SEC_ASN1_GET(SECKEY_RSAPublicKeyTemplate), der); - if (!rv) { - /* Pretty print it out */ - secu_PrintRSAPublicKey(out, &key, m, level); - } - - PORT_FreeArena(arena, PR_FALSE); - return rv; -} - -#ifdef HAVE_EPV_TEMPLATE -int -SECU_PrintPrivateKey(FILE *out, SECItem *der, char *m, int level) -{ - PRArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - SECKEYEncryptedPrivateKeyInfo key; - int rv = SEC_ERROR_NO_MEMORY; - - if (!arena) - return rv; - - PORT_Memset(&key, 0, sizeof(key)); - rv = SEC_ASN1DecodeItem(arena, &key, - SEC_ASN1_GET(SECKEY_EncryptedPrivateKeyInfoTemplate), der); - if (rv) - goto loser; - - /* Pretty print it out */ - SECU_Indent(out, level); fprintf(out, "%s:\n", m); - SECU_PrintAlgorithmID(out, &key.algorithm, "Encryption Algorithm", - level+1); - SECU_PrintAsHex(out, &key.encryptedData, "Encrypted Data", level+1); -loser: - PORT_FreeArena(arena, PR_TRUE); - return rv; -} -#endif - -int -SECU_PrintFingerprints(FILE *out, SECItem *derCert, char *m, int level) -{ - unsigned char fingerprint[20]; - char *fpStr = NULL; - int err = PORT_GetError(); - SECStatus rv; - SECItem fpItem; - - /* print MD5 fingerprint */ - memset(fingerprint, 0, sizeof fingerprint); - rv = PK11_HashBuf(SEC_OID_MD5,fingerprint, derCert->data, derCert->len); - fpItem.data = fingerprint; - fpItem.len = MD5_LENGTH; - fpStr = CERT_Hexify(&fpItem, 1); - SECU_Indent(out, level); fprintf(out, "%s (MD5):\n", m); - SECU_Indent(out, level+1); fprintf(out, "%s\n", fpStr); - PORT_Free(fpStr); - fpStr = NULL; - if (rv != SECSuccess && !err) - err = PORT_GetError(); - - /* print SHA1 fingerprint */ - memset(fingerprint, 0, sizeof fingerprint); - rv = PK11_HashBuf(SEC_OID_SHA1,fingerprint, derCert->data, derCert->len); - fpItem.data = fingerprint; - fpItem.len = SHA1_LENGTH; - fpStr = CERT_Hexify(&fpItem, 1); - SECU_Indent(out, level); fprintf(out, "%s (SHA1):\n", m); - SECU_Indent(out, level+1); fprintf(out, "%s\n", fpStr); - PORT_Free(fpStr); - fprintf(out, "\n"); - - if (err) - PORT_SetError(err); - if (err || rv != SECSuccess) - return SECFailure; - - return 0; -} - -/* -** PKCS7 Support -*/ - -/* forward declaration */ -static int -secu_PrintPKCS7ContentInfo(FILE *, SEC_PKCS7ContentInfo *, char *, int); - -/* -** secu_PrintPKCS7EncContent -** Prints a SEC_PKCS7EncryptedContentInfo (without decrypting it) -*/ -static void -secu_PrintPKCS7EncContent(FILE *out, SEC_PKCS7EncryptedContentInfo *src, - char *m, int level) -{ - if (src->contentTypeTag == NULL) - src->contentTypeTag = SECOID_FindOID(&(src->contentType)); - - SECU_Indent(out, level); - fprintf(out, "%s:\n", m); - SECU_Indent(out, level + 1); - fprintf(out, "Content Type: %s\n", - (src->contentTypeTag != NULL) ? src->contentTypeTag->desc - : "Unknown"); - SECU_PrintAlgorithmID(out, &(src->contentEncAlg), - "Content Encryption Algorithm", level+1); - SECU_PrintAsHex(out, &(src->encContent), - "Encrypted Content", level+1); -} - -/* -** secu_PrintRecipientInfo -** Prints a PKCS7RecipientInfo type -*/ -static void -secu_PrintRecipientInfo(FILE *out, SEC_PKCS7RecipientInfo *info, char *m, - int level) -{ - SECU_Indent(out, level); fprintf(out, "%s:\n", m); - SECU_PrintInteger(out, &(info->version), "Version", level + 1); - - SECU_PrintName(out, &(info->issuerAndSN->issuer), "Issuer", - level + 1); - SECU_PrintInteger(out, &(info->issuerAndSN->serialNumber), - "Serial Number", level + 1); - - /* Parse and display encrypted key */ - SECU_PrintAlgorithmID(out, &(info->keyEncAlg), - "Key Encryption Algorithm", level + 1); - SECU_PrintAsHex(out, &(info->encKey), "Encrypted Key", level + 1); -} - -/* -** secu_PrintSignerInfo -** Prints a PKCS7SingerInfo type -*/ -static void -secu_PrintSignerInfo(FILE *out, SEC_PKCS7SignerInfo *info, char *m, int level) -{ - SEC_PKCS7Attribute *attr; - int iv; - char om[100]; - - SECU_Indent(out, level); fprintf(out, "%s:\n", m); - SECU_PrintInteger(out, &(info->version), "Version", level + 1); - - SECU_PrintName(out, &(info->issuerAndSN->issuer), "Issuer", - level + 1); - SECU_PrintInteger(out, &(info->issuerAndSN->serialNumber), - "Serial Number", level + 1); - - SECU_PrintAlgorithmID(out, &(info->digestAlg), "Digest Algorithm", - level + 1); - - if (info->authAttr != NULL) { - SECU_Indent(out, level + 1); - fprintf(out, "Authenticated Attributes:\n"); - iv = 0; - while ((attr = info->authAttr[iv++]) != NULL) { - sprintf(om, "Attribute (%d)", iv); - secu_PrintAttribute(out, attr, om, level + 2); - } - } - - /* Parse and display signature */ - SECU_PrintAlgorithmID(out, &(info->digestEncAlg), - "Digest Encryption Algorithm", level + 1); - SECU_PrintAsHex(out, &(info->encDigest), "Encrypted Digest", level + 1); - - if (info->unAuthAttr != NULL) { - SECU_Indent(out, level + 1); - fprintf(out, "Unauthenticated Attributes:\n"); - iv = 0; - while ((attr = info->unAuthAttr[iv++]) != NULL) { - sprintf(om, "Attribute (%x)", iv); - secu_PrintAttribute(out, attr, om, level + 2); - } - } -} - -/* callers of this function must make sure that the CERTSignedCrl - from which they are extracting the CERTCrl has been fully-decoded. - Otherwise it will not have the entries even though the CRL may have - some */ - -void -SECU_PrintCRLInfo(FILE *out, CERTCrl *crl, char *m, int level) -{ - CERTCrlEntry *entry; - int iv; - char om[100]; - - SECU_Indent(out, level); fprintf(out, "%s:\n", m); - /* version is optional */ - iv = crl->version.len ? DER_GetInteger(&crl->version) : 0; - SECU_Indent(out, level+1); - fprintf(out, "%s: %d (0x%x)\n", "Version", iv + 1, iv); - SECU_PrintAlgorithmID(out, &(crl->signatureAlg), "Signature Algorithm", - level + 1); - SECU_PrintName(out, &(crl->name), "Issuer", level + 1); - SECU_PrintTimeChoice(out, &(crl->lastUpdate), "This Update", level + 1); - SECU_PrintTimeChoice(out, &(crl->nextUpdate), "Next Update", level + 1); - - if (crl->entries != NULL) { - iv = 0; - while ((entry = crl->entries[iv++]) != NULL) { - sprintf(om, "Entry (%x):\n", iv); - SECU_Indent(out, level + 1); fprintf(out, om); - SECU_PrintInteger(out, &(entry->serialNumber), "Serial Number", - level + 2); - SECU_PrintTimeChoice(out, &(entry->revocationDate), - "Revocation Date", level + 2); - SECU_PrintExtensions(out, entry->extensions, - "Entry Extensions", level + 2); - } - } - SECU_PrintExtensions(out, crl->extensions, "CRL Extensions", level + 1); -} - -/* -** secu_PrintPKCS7Signed -** Pretty print a PKCS7 signed data type (up to version 1). -*/ -static int -secu_PrintPKCS7Signed(FILE *out, SEC_PKCS7SignedData *src, - const char *m, int level) -{ - SECAlgorithmID *digAlg; /* digest algorithms */ - SECItem *aCert; /* certificate */ - CERTSignedCrl *aCrl; /* certificate revocation list */ - SEC_PKCS7SignerInfo *sigInfo; /* signer information */ - int rv, iv; - char om[100]; - - SECU_Indent(out, level); fprintf(out, "%s:\n", m); - SECU_PrintInteger(out, &(src->version), "Version", level + 1); - - /* Parse and list digest algorithms (if any) */ - if (src->digestAlgorithms != NULL) { - SECU_Indent(out, level + 1); fprintf(out, "Digest Algorithm List:\n"); - iv = 0; - while ((digAlg = src->digestAlgorithms[iv++]) != NULL) { - sprintf(om, "Digest Algorithm (%x)", iv); - SECU_PrintAlgorithmID(out, digAlg, om, level + 2); - } - } - - /* Now for the content */ - rv = secu_PrintPKCS7ContentInfo(out, &(src->contentInfo), - "Content Information", level + 1); - if (rv != 0) - return rv; - - /* Parse and list certificates (if any) */ - if (src->rawCerts != NULL) { - SECU_Indent(out, level + 1); fprintf(out, "Certificate List:\n"); - iv = 0; - while ((aCert = src->rawCerts[iv++]) != NULL) { - sprintf(om, "Certificate (%x)", iv); - rv = SECU_PrintSignedData(out, aCert, om, level + 2, - SECU_PrintCertificate); - if (rv) - return rv; - } - } - - /* Parse and list CRL's (if any) */ - if (src->crls != NULL) { - SECU_Indent(out, level + 1); - fprintf(out, "Signed Revocation Lists:\n"); - iv = 0; - while ((aCrl = src->crls[iv++]) != NULL) { - sprintf(om, "Signed Revocation List (%x)", iv); - SECU_Indent(out, level + 2); fprintf(out, "%s:\n", om); - SECU_PrintAlgorithmID(out, &aCrl->signatureWrap.signatureAlgorithm, - "Signature Algorithm", level+3); - DER_ConvertBitString(&aCrl->signatureWrap.signature); - SECU_PrintAsHex(out, &aCrl->signatureWrap.signature, "Signature", - level+3); - SECU_PrintCRLInfo(out, &aCrl->crl, "Certificate Revocation List", - level + 3); - } - } - - /* Parse and list signatures (if any) */ - if (src->signerInfos != NULL) { - SECU_Indent(out, level + 1); - fprintf(out, "Signer Information List:\n"); - iv = 0; - while ((sigInfo = src->signerInfos[iv++]) != NULL) { - sprintf(om, "Signer Information (%x)", iv); - secu_PrintSignerInfo(out, sigInfo, om, level + 2); - } - } - - return 0; -} - -/* -** secu_PrintPKCS7Enveloped -** Pretty print a PKCS7 enveloped data type (up to version 1). -*/ -static void -secu_PrintPKCS7Enveloped(FILE *out, SEC_PKCS7EnvelopedData *src, - const char *m, int level) -{ - SEC_PKCS7RecipientInfo *recInfo; /* pointer for signer information */ - int iv; - char om[100]; - - SECU_Indent(out, level); fprintf(out, "%s:\n", m); - SECU_PrintInteger(out, &(src->version), "Version", level + 1); - - /* Parse and list recipients (this is not optional) */ - if (src->recipientInfos != NULL) { - SECU_Indent(out, level + 1); - fprintf(out, "Recipient Information List:\n"); - iv = 0; - while ((recInfo = src->recipientInfos[iv++]) != NULL) { - sprintf(om, "Recipient Information (%x)", iv); - secu_PrintRecipientInfo(out, recInfo, om, level + 2); - } - } - - secu_PrintPKCS7EncContent(out, &src->encContentInfo, - "Encrypted Content Information", level + 1); -} - -/* -** secu_PrintPKCS7SignedEnveloped -** Pretty print a PKCS7 singed and enveloped data type (up to version 1). -*/ -static int -secu_PrintPKCS7SignedAndEnveloped(FILE *out, - SEC_PKCS7SignedAndEnvelopedData *src, - const char *m, int level) -{ - SECAlgorithmID *digAlg; /* pointer for digest algorithms */ - SECItem *aCert; /* pointer for certificate */ - CERTSignedCrl *aCrl; /* pointer for certificate revocation list */ - SEC_PKCS7SignerInfo *sigInfo; /* pointer for signer information */ - SEC_PKCS7RecipientInfo *recInfo; /* pointer for recipient information */ - int rv, iv; - char om[100]; - - SECU_Indent(out, level); fprintf(out, "%s:\n", m); - SECU_PrintInteger(out, &(src->version), "Version", level + 1); - - /* Parse and list recipients (this is not optional) */ - if (src->recipientInfos != NULL) { - SECU_Indent(out, level + 1); - fprintf(out, "Recipient Information List:\n"); - iv = 0; - while ((recInfo = src->recipientInfos[iv++]) != NULL) { - sprintf(om, "Recipient Information (%x)", iv); - secu_PrintRecipientInfo(out, recInfo, om, level + 2); - } - } - - /* Parse and list digest algorithms (if any) */ - if (src->digestAlgorithms != NULL) { - SECU_Indent(out, level + 1); fprintf(out, "Digest Algorithm List:\n"); - iv = 0; - while ((digAlg = src->digestAlgorithms[iv++]) != NULL) { - sprintf(om, "Digest Algorithm (%x)", iv); - SECU_PrintAlgorithmID(out, digAlg, om, level + 2); - } - } - - secu_PrintPKCS7EncContent(out, &src->encContentInfo, - "Encrypted Content Information", level + 1); - - /* Parse and list certificates (if any) */ - if (src->rawCerts != NULL) { - SECU_Indent(out, level + 1); fprintf(out, "Certificate List:\n"); - iv = 0; - while ((aCert = src->rawCerts[iv++]) != NULL) { - sprintf(om, "Certificate (%x)", iv); - rv = SECU_PrintSignedData(out, aCert, om, level + 2, - SECU_PrintCertificate); - if (rv) - return rv; - } - } - - /* Parse and list CRL's (if any) */ - if (src->crls != NULL) { - SECU_Indent(out, level + 1); - fprintf(out, "Signed Revocation Lists:\n"); - iv = 0; - while ((aCrl = src->crls[iv++]) != NULL) { - sprintf(om, "Signed Revocation List (%x)", iv); - SECU_Indent(out, level + 2); fprintf(out, "%s:\n", om); - SECU_PrintAlgorithmID(out, &aCrl->signatureWrap.signatureAlgorithm, - "Signature Algorithm", level+3); - DER_ConvertBitString(&aCrl->signatureWrap.signature); - SECU_PrintAsHex(out, &aCrl->signatureWrap.signature, "Signature", - level+3); - SECU_PrintCRLInfo(out, &aCrl->crl, "Certificate Revocation List", - level + 3); - } - } - - /* Parse and list signatures (if any) */ - if (src->signerInfos != NULL) { - SECU_Indent(out, level + 1); - fprintf(out, "Signer Information List:\n"); - iv = 0; - while ((sigInfo = src->signerInfos[iv++]) != NULL) { - sprintf(om, "Signer Information (%x)", iv); - secu_PrintSignerInfo(out, sigInfo, om, level + 2); - } - } - - return 0; -} - -int -SECU_PrintCrl (FILE *out, SECItem *der, char *m, int level) -{ - PRArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - CERTCrl *c = NULL; - int rv = SEC_ERROR_NO_MEMORY; - - if (!arena) - return rv; - do { - /* Decode CRL */ - c = PORT_ArenaZNew(arena, CERTCrl); - if (!c) - break; - - rv = SEC_QuickDERDecodeItem(arena, c, SEC_ASN1_GET(CERT_CrlTemplate), der); - if (rv != SECSuccess) - break; - SECU_PrintCRLInfo (out, c, m, level); - } while (0); - PORT_FreeArena (arena, PR_FALSE); - return rv; -} - - -/* -** secu_PrintPKCS7Encrypted -** Pretty print a PKCS7 encrypted data type (up to version 1). -*/ -static void -secu_PrintPKCS7Encrypted(FILE *out, SEC_PKCS7EncryptedData *src, - const char *m, int level) -{ - SECU_Indent(out, level); fprintf(out, "%s:\n", m); - SECU_PrintInteger(out, &(src->version), "Version", level + 1); - - secu_PrintPKCS7EncContent(out, &src->encContentInfo, - "Encrypted Content Information", level + 1); -} - -/* -** secu_PrintPKCS7Digested -** Pretty print a PKCS7 digested data type (up to version 1). -*/ -static void -secu_PrintPKCS7Digested(FILE *out, SEC_PKCS7DigestedData *src, - const char *m, int level) -{ - SECU_Indent(out, level); fprintf(out, "%s:\n", m); - SECU_PrintInteger(out, &(src->version), "Version", level + 1); - - SECU_PrintAlgorithmID(out, &src->digestAlg, "Digest Algorithm", - level + 1); - secu_PrintPKCS7ContentInfo(out, &src->contentInfo, "Content Information", - level + 1); - SECU_PrintAsHex(out, &src->digest, "Digest", level + 1); -} - -/* -** secu_PrintPKCS7ContentInfo -** Takes a SEC_PKCS7ContentInfo type and sends the contents to the -** appropriate function -*/ -static int -secu_PrintPKCS7ContentInfo(FILE *out, SEC_PKCS7ContentInfo *src, - char *m, int level) -{ - const char *desc; - SECOidTag kind; - int rv; - - SECU_Indent(out, level); fprintf(out, "%s:\n", m); - level++; - - if (src->contentTypeTag == NULL) - src->contentTypeTag = SECOID_FindOID(&(src->contentType)); - - if (src->contentTypeTag == NULL) { - desc = "Unknown"; - kind = SEC_OID_PKCS7_DATA; - } else { - desc = src->contentTypeTag->desc; - kind = src->contentTypeTag->offset; - } - - if (src->content.data == NULL) { - SECU_Indent(out, level); fprintf(out, "%s:\n", desc); - level++; - SECU_Indent(out, level); fprintf(out, "<no content>\n"); - return 0; - } - - rv = 0; - switch (kind) { - case SEC_OID_PKCS7_SIGNED_DATA: /* Signed Data */ - rv = secu_PrintPKCS7Signed(out, src->content.signedData, desc, level); - break; - - case SEC_OID_PKCS7_ENVELOPED_DATA: /* Enveloped Data */ - secu_PrintPKCS7Enveloped(out, src->content.envelopedData, desc, level); - break; - - case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA: /* Signed and Enveloped */ - rv = secu_PrintPKCS7SignedAndEnveloped(out, - src->content.signedAndEnvelopedData, - desc, level); - break; - - case SEC_OID_PKCS7_DIGESTED_DATA: /* Digested Data */ - secu_PrintPKCS7Digested(out, src->content.digestedData, desc, level); - break; - - case SEC_OID_PKCS7_ENCRYPTED_DATA: /* Encrypted Data */ - secu_PrintPKCS7Encrypted(out, src->content.encryptedData, desc, level); - break; - - default: - SECU_PrintAsHex(out, src->content.data, desc, level); - break; - } - - return rv; -} - -/* -** SECU_PrintPKCS7ContentInfo -** Decode and print any major PKCS7 data type (up to version 1). -*/ -int -SECU_PrintPKCS7ContentInfo(FILE *out, SECItem *der, char *m, int level) -{ - SEC_PKCS7ContentInfo *cinfo; - int rv; - - cinfo = SEC_PKCS7DecodeItem(der, NULL, NULL, NULL, NULL, NULL, NULL, NULL); - if (cinfo != NULL) { - /* Send it to recursive parsing and printing module */ - rv = secu_PrintPKCS7ContentInfo(out, cinfo, m, level); - SEC_PKCS7DestroyContentInfo(cinfo); - } else { - rv = -1; - } - - return rv; -} - -/* -** End of PKCS7 functions -*/ - -void -printFlags(FILE *out, unsigned int flags, int level) -{ - if ( flags & CERTDB_VALID_PEER ) { - SECU_Indent(out, level); fprintf(out, "Valid Peer\n"); - } - if ( flags & CERTDB_TRUSTED ) { - SECU_Indent(out, level); fprintf(out, "Trusted\n"); - } - if ( flags & CERTDB_SEND_WARN ) { - SECU_Indent(out, level); fprintf(out, "Warn When Sending\n"); - } - if ( flags & CERTDB_VALID_CA ) { - SECU_Indent(out, level); fprintf(out, "Valid CA\n"); - } - if ( flags & CERTDB_TRUSTED_CA ) { - SECU_Indent(out, level); fprintf(out, "Trusted CA\n"); - } - if ( flags & CERTDB_NS_TRUSTED_CA ) { - SECU_Indent(out, level); fprintf(out, "Netscape Trusted CA\n"); - } - if ( flags & CERTDB_USER ) { - SECU_Indent(out, level); fprintf(out, "User\n"); - } - if ( flags & CERTDB_TRUSTED_CLIENT_CA ) { - SECU_Indent(out, level); fprintf(out, "Trusted Client CA\n"); - } -#ifdef DEBUG - if ( flags & CERTDB_GOVT_APPROVED_CA ) { - SECU_Indent(out, level); fprintf(out, "Step-up\n"); - } -#endif /* DEBUG */ -} - -void -SECU_PrintTrustFlags(FILE *out, CERTCertTrust *trust, char *m, int level) -{ - SECU_Indent(out, level); fprintf(out, "%s:\n", m); - SECU_Indent(out, level+1); fprintf(out, "SSL Flags:\n"); - printFlags(out, trust->sslFlags, level+2); - SECU_Indent(out, level+1); fprintf(out, "Email Flags:\n"); - printFlags(out, trust->emailFlags, level+2); - SECU_Indent(out, level+1); fprintf(out, "Object Signing Flags:\n"); - printFlags(out, trust->objectSigningFlags, level+2); -} - -int SECU_PrintSignedData(FILE *out, SECItem *der, char *m, - int level, SECU_PPFunc inner) -{ - PRArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - CERTSignedData *sd; - int rv = SEC_ERROR_NO_MEMORY; - - if (!arena) - return rv; - - /* Strip off the signature */ - sd = PORT_ArenaZNew(arena, CERTSignedData); - if (!sd) - goto loser; - - rv = SEC_ASN1DecodeItem(arena, sd, SEC_ASN1_GET(CERT_SignedDataTemplate), - der); - if (rv) - goto loser; - - SECU_Indent(out, level); fprintf(out, "%s:\n", m); - rv = (*inner)(out, &sd->data, "Data", level+1); - - SECU_PrintAlgorithmID(out, &sd->signatureAlgorithm, "Signature Algorithm", - level+1); - DER_ConvertBitString(&sd->signature); - SECU_PrintAsHex(out, &sd->signature, "Signature", level+1); - SECU_PrintFingerprints(out, der, "Fingerprint", level+1); -loser: - PORT_FreeArena(arena, PR_FALSE); - return rv; - -} - - -#ifdef AIX -int _OS_SELECT (int nfds, void *readfds, void *writefds, - void *exceptfds, struct timeval *timeout) { - return select (nfds,readfds,writefds,exceptfds,timeout); -} -#endif - -SECItem * -SECU_GetPBEPassword(void *arg) -{ - char *p = NULL; - SECItem *pwitem = NULL; - - p = SECU_GetPasswordString(arg,"Password: "); - - /* NOTE: This function is obviously unfinished. */ - - if ( pwitem == NULL ) { - fprintf(stderr, "Error hashing password\n"); - return NULL; - } - - return pwitem; -} - -SECStatus -SECU_ParseCommandLine(int argc, char **argv, char *progName, secuCommand *cmd) -{ - PRBool found; - PLOptState *optstate; - PLOptStatus status; - char *optstring; - int i, j; - - optstring = (char *)malloc(cmd->numCommands + 2*cmd->numOptions); - j = 0; - - for (i=0; i<cmd->numCommands; i++) { - optstring[j++] = cmd->commands[i].flag; - } - for (i=0; i<cmd->numOptions; i++) { - optstring[j++] = cmd->options[i].flag; - if (cmd->options[i].needsArg) - optstring[j++] = ':'; - } - optstring[j] = '\0'; - optstate = PL_CreateOptState(argc, argv, optstring); - - /* Parse command line arguments */ - while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) { - - /* Wasn't really an option, just standalone arg. */ - if (optstate->option == '\0') - continue; - - found = PR_FALSE; - - for (i=0; i<cmd->numCommands; i++) { - if (cmd->commands[i].flag == optstate->option) { - cmd->commands[i].activated = PR_TRUE; - if (optstate->value) { - cmd->commands[i].arg = (char *)optstate->value; - } - found = PR_TRUE; - break; - } - } - - if (found) - continue; - - for (i=0; i<cmd->numOptions; i++) { - if (cmd->options[i].flag == optstate->option) { - cmd->options[i].activated = PR_TRUE; - if (optstate->value) { - cmd->options[i].arg = (char *)optstate->value; - } - found = PR_TRUE; - break; - } - } - - if (!found) - return SECFailure; - } - if (status == PL_OPT_BAD) - return SECFailure; - return SECSuccess; -} - -char * -SECU_GetOptionArg(secuCommand *cmd, int optionNum) -{ - if (optionNum < 0 || optionNum >= cmd->numOptions) - return NULL; - if (cmd->options[optionNum].activated) - return PL_strdup(cmd->options[optionNum].arg); - else - return NULL; -} - -static char SECUErrorBuf[64]; - -char * -SECU_ErrorStringRaw(int16 err) -{ - if (err == 0) - SECUErrorBuf[0] = '\0'; - else if (err == SEC_ERROR_BAD_DATA) - sprintf(SECUErrorBuf, "Bad data"); - else if (err == SEC_ERROR_BAD_DATABASE) - sprintf(SECUErrorBuf, "Problem with database"); - else if (err == SEC_ERROR_BAD_DER) - sprintf(SECUErrorBuf, "Problem with DER"); - else if (err == SEC_ERROR_BAD_KEY) - sprintf(SECUErrorBuf, "Problem with key"); - else if (err == SEC_ERROR_BAD_PASSWORD) - sprintf(SECUErrorBuf, "Incorrect password"); - else if (err == SEC_ERROR_BAD_SIGNATURE) - sprintf(SECUErrorBuf, "Bad signature"); - else if (err == SEC_ERROR_EXPIRED_CERTIFICATE) - sprintf(SECUErrorBuf, "Expired certificate"); - else if (err == SEC_ERROR_EXTENSION_VALUE_INVALID) - sprintf(SECUErrorBuf, "Invalid extension value"); - else if (err == SEC_ERROR_INPUT_LEN) - sprintf(SECUErrorBuf, "Problem with input length"); - else if (err == SEC_ERROR_INVALID_ALGORITHM) - sprintf(SECUErrorBuf, "Invalid algorithm"); - else if (err == SEC_ERROR_INVALID_ARGS) - sprintf(SECUErrorBuf, "Invalid arguments"); - else if (err == SEC_ERROR_INVALID_AVA) - sprintf(SECUErrorBuf, "Invalid AVA"); - else if (err == SEC_ERROR_INVALID_TIME) - sprintf(SECUErrorBuf, "Invalid time"); - else if (err == SEC_ERROR_IO) - sprintf(SECUErrorBuf, "Security I/O error"); - else if (err == SEC_ERROR_LIBRARY_FAILURE) - sprintf(SECUErrorBuf, "Library failure"); - else if (err == SEC_ERROR_NO_MEMORY) - sprintf(SECUErrorBuf, "Out of memory"); - else if (err == SEC_ERROR_OLD_CRL) - sprintf(SECUErrorBuf, "CRL is older than the current one"); - else if (err == SEC_ERROR_OUTPUT_LEN) - sprintf(SECUErrorBuf, "Problem with output length"); - else if (err == SEC_ERROR_UNKNOWN_ISSUER) - sprintf(SECUErrorBuf, "Unknown issuer"); - else if (err == SEC_ERROR_UNTRUSTED_CERT) - sprintf(SECUErrorBuf, "Untrusted certificate"); - else if (err == SEC_ERROR_UNTRUSTED_ISSUER) - sprintf(SECUErrorBuf, "Untrusted issuer"); - else if (err == SSL_ERROR_BAD_CERTIFICATE) - sprintf(SECUErrorBuf, "Bad certificate"); - else if (err == SSL_ERROR_BAD_CLIENT) - sprintf(SECUErrorBuf, "Bad client"); - else if (err == SSL_ERROR_BAD_SERVER) - sprintf(SECUErrorBuf, "Bad server"); - else if (err == SSL_ERROR_EXPORT_ONLY_SERVER) - sprintf(SECUErrorBuf, "Export only server"); - else if (err == SSL_ERROR_NO_CERTIFICATE) - sprintf(SECUErrorBuf, "No certificate"); - else if (err == SSL_ERROR_NO_CYPHER_OVERLAP) - sprintf(SECUErrorBuf, "No cypher overlap"); - else if (err == SSL_ERROR_UNSUPPORTED_CERTIFICATE_TYPE) - sprintf(SECUErrorBuf, "Unsupported certificate type"); - else if (err == SSL_ERROR_UNSUPPORTED_VERSION) - sprintf(SECUErrorBuf, "Unsupported version"); - else if (err == SSL_ERROR_US_ONLY_SERVER) - sprintf(SECUErrorBuf, "U.S. only server"); - else if (err == PR_IO_ERROR) - sprintf(SECUErrorBuf, "I/O error"); - - else if (err == SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE) - sprintf (SECUErrorBuf, "Expired Issuer Certificate"); - else if (err == SEC_ERROR_REVOKED_CERTIFICATE) - sprintf (SECUErrorBuf, "Revoked certificate"); - else if (err == SEC_ERROR_NO_KEY) - sprintf (SECUErrorBuf, "No private key in database for this cert"); - else if (err == SEC_ERROR_CERT_NOT_VALID) - sprintf (SECUErrorBuf, "Certificate is not valid"); - else if (err == SEC_ERROR_EXTENSION_NOT_FOUND) - sprintf (SECUErrorBuf, "Certificate extension was not found"); - else if (err == SEC_ERROR_EXTENSION_VALUE_INVALID) - sprintf (SECUErrorBuf, "Certificate extension value invalid"); - else if (err == SEC_ERROR_CA_CERT_INVALID) - sprintf (SECUErrorBuf, "Issuer certificate is invalid"); - else if (err == SEC_ERROR_CERT_USAGES_INVALID) - sprintf (SECUErrorBuf, "Certificate usages is invalid"); - else if (err == SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION) - sprintf (SECUErrorBuf, "Certificate has unknown critical extension"); - else if (err == SEC_ERROR_PKCS7_BAD_SIGNATURE) - sprintf (SECUErrorBuf, "Bad PKCS7 signature"); - else if (err == SEC_ERROR_INADEQUATE_KEY_USAGE) - sprintf (SECUErrorBuf, "Certificate not approved for this operation"); - else if (err == SEC_ERROR_INADEQUATE_CERT_TYPE) - sprintf (SECUErrorBuf, "Certificate not approved for this operation"); - - return SECUErrorBuf; -} - -char * -SECU_ErrorString(int16 err) -{ - char *error_string; - - *SECUErrorBuf = 0; - SECU_ErrorStringRaw (err); - - if (*SECUErrorBuf == 0) { - error_string = SECU_GetString(err); - if (error_string == NULL || *error_string == '\0') - sprintf(SECUErrorBuf, "No error string found for %d.", err); - else - return error_string; - } - - return SECUErrorBuf; -} - - -void -SECU_PrintPRandOSError(char *progName) -{ - char buffer[513]; - PRInt32 errLen = PR_GetErrorTextLength(); - if (errLen > 0 && errLen < sizeof buffer) { - PR_GetErrorText(buffer); - } - SECU_PrintError(progName, "NSS_Initialize failed"); - if (errLen > 0 && errLen < sizeof buffer) { - PR_fprintf(PR_STDERR, "\t%s\n", buffer); - } -} - - -static char * -bestCertName(CERTCertificate *cert) { - if (cert->nickname) { - return cert->nickname; - } - if (cert->emailAddr && cert->emailAddr[0]) { - return cert->emailAddr; - } - return cert->subjectName; -} - -void -SECU_printCertProblems(FILE *outfile, CERTCertDBHandle *handle, - CERTCertificate *cert, PRBool checksig, - SECCertificateUsage certUsage, void *pinArg, PRBool verbose) -{ - CERTVerifyLog log; - CERTVerifyLogNode *node = NULL; - unsigned int depth = (unsigned int)-1; - unsigned int flags = 0; - char * errstr = NULL; - PRErrorCode err = PORT_GetError(); - - log.arena = PORT_NewArena(512); - log.head = log.tail = NULL; - log.count = 0; - CERT_VerifyCertificate(handle, cert, checksig, certUsage, PR_Now(), pinArg, &log, NULL); - - if (log.count > 0) { - fprintf(outfile,"PROBLEM WITH THE CERT CHAIN:\n"); - for (node = log.head; node; node = node->next) { - if (depth != node->depth) { - depth = node->depth; - fprintf(outfile,"CERT %d. %s %s:\n", depth, - bestCertName(node->cert), - depth ? "[Certificate Authority]": ""); - if (verbose) { - const char * emailAddr; - emailAddr = CERT_GetFirstEmailAddress(node->cert); - if (emailAddr) { - fprintf(outfile,"Email Address(es): "); - do { - fprintf(outfile, "%s\n", emailAddr); - emailAddr = CERT_GetNextEmailAddress(node->cert, - emailAddr); - } while (emailAddr); - } - } - } - fprintf(outfile," ERROR %ld: %s\n", node->error, - SECU_Strerror(node->error)); - errstr = NULL; - switch (node->error) { - case SEC_ERROR_INADEQUATE_KEY_USAGE: - flags = (unsigned int)node->arg; - switch (flags) { - case KU_DIGITAL_SIGNATURE: - errstr = "Cert cannot sign."; - break; - case KU_KEY_ENCIPHERMENT: - errstr = "Cert cannot encrypt."; - break; - case KU_KEY_CERT_SIGN: - errstr = "Cert cannot sign other certs."; - break; - default: - errstr = "[unknown usage]."; - break; - } - case SEC_ERROR_INADEQUATE_CERT_TYPE: - flags = (unsigned int)node->arg; - switch (flags) { - case NS_CERT_TYPE_SSL_CLIENT: - case NS_CERT_TYPE_SSL_SERVER: - errstr = "Cert cannot be used for SSL."; - break; - case NS_CERT_TYPE_SSL_CA: - errstr = "Cert cannot be used as an SSL CA."; - break; - case NS_CERT_TYPE_EMAIL: - errstr = "Cert cannot be used for SMIME."; - break; - case NS_CERT_TYPE_EMAIL_CA: - errstr = "Cert cannot be used as an SMIME CA."; - break; - case NS_CERT_TYPE_OBJECT_SIGNING: - errstr = "Cert cannot be used for object signing."; - break; - case NS_CERT_TYPE_OBJECT_SIGNING_CA: - errstr = "Cert cannot be used as an object signing CA."; - break; - default: - errstr = "[unknown usage]."; - break; - } - case SEC_ERROR_UNKNOWN_ISSUER: - case SEC_ERROR_UNTRUSTED_ISSUER: - case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE: - errstr = node->cert->issuerName; - break; - default: - break; - } - if (errstr) { - fprintf(stderr," %s\n",errstr); - } - CERT_DestroyCertificate(node->cert); - } - } - PORT_SetError(err); /* restore original error code */ -} diff --git a/security/nss/cmd/lib/secutil.h b/security/nss/cmd/lib/secutil.h deleted file mode 100644 index 7b7f86d28..000000000 --- a/security/nss/cmd/lib/secutil.h +++ /dev/null @@ -1,340 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ -#ifndef _SEC_UTIL_H_ -#define _SEC_UTIL_H_ - -#include "seccomon.h" -#include "secitem.h" -#include "prerror.h" -#include "base64.h" -#include "key.h" -#include "secpkcs7.h" -#include "secasn1.h" -#include "secder.h" -#include <stdio.h> - -#define SEC_CT_PRIVATE_KEY "private-key" -#define SEC_CT_PUBLIC_KEY "public-key" -#define SEC_CT_CERTIFICATE "certificate" -#define SEC_CT_CERTIFICATE_REQUEST "certificate-request" -#define SEC_CT_PKCS7 "pkcs7" -#define SEC_CT_CRL "crl" - -#define NS_CERTREQ_HEADER "-----BEGIN NEW CERTIFICATE REQUEST-----" -#define NS_CERTREQ_TRAILER "-----END NEW CERTIFICATE REQUEST-----" - -#define NS_CERT_HEADER "-----BEGIN CERTIFICATE-----" -#define NS_CERT_TRAILER "-----END CERTIFICATE-----" - -/* From libsec/pcertdb.c --- it's not declared in sec.h */ -extern SECStatus SEC_AddPermCertificate(CERTCertDBHandle *handle, - SECItem *derCert, char *nickname, CERTCertTrust *trust); - - -#ifdef SECUTIL_NEW -typedef int (*SECU_PPFunc)(PRFileDesc *out, SECItem *item, - char *msg, int level); -#else -typedef int (*SECU_PPFunc)(FILE *out, SECItem *item, char *msg, int level); -#endif - -typedef struct { - enum { - PW_NONE = 0, - PW_FROMFILE = 1, - PW_PLAINTEXT = 2 - } source; - char *data; -} secuPWData; - -/* -** Change a password on a token, or initialize a token with a password -** if it does not already have one. -** Use passwd to send the password in plaintext, pwFile to specify a -** file containing the password, or NULL for both to prompt the user. -*/ -SECStatus SECU_ChangePW(PK11SlotInfo *slot, char *passwd, char *pwFile); - -/* These were stolen from the old sec.h... */ -/* -** Check a password for legitimacy. Passwords must be at least 8 -** characters long and contain one non-alphabetic. Return DSTrue if the -** password is ok, DSFalse otherwise. -*/ -extern PRBool SEC_CheckPassword(char *password); - -/* -** Blind check of a password. Complement to SEC_CheckPassword which -** ignores length and content type, just retuning DSTrue is the password -** exists, DSFalse if NULL -*/ -extern PRBool SEC_BlindCheckPassword(char *password); - -/* -** Get a password. -** First prompt with "msg" on "out", then read the password from "in". -** The password is then checked using "chkpw". -*/ -extern char *SEC_GetPassword(FILE *in, FILE *out, char *msg, - PRBool (*chkpw)(char *)); - -char *SECU_FilePasswd(PK11SlotInfo *slot, PRBool retry, void *arg); - -char *SECU_GetPasswordString(void *arg, char *prompt); - -/* -** Write a dongle password. -** Uses MD5 to hash constant system data (hostname, etc.), and then -** creates RC4 key to encrypt a password "pw" into a file "fd". -*/ -extern SECStatus SEC_WriteDongleFile(int fd, char *pw); - -/* -** Get a dongle password. -** Uses MD5 to hash constant system data (hostname, etc.), and then -** creates RC4 key to decrypt and return a password from file "fd". -*/ -extern char *SEC_ReadDongleFile(int fd); - - -/* End stolen headers */ - -/* Just sticks the two strings together with a / if needed */ -char *SECU_AppendFilenameToDir(char *dir, char *filename); - -/* Returns result of getenv("SSL_DIR") or NULL */ -extern char *SECU_DefaultSSLDir(void); - -/* -** Should be called once during initialization to set the default -** directory for looking for cert.db, key.db, and cert-nameidx.db files -** Removes trailing '/' in 'base' -** If 'base' is NULL, defaults to set to .netscape in home directory. -*/ -extern char *SECU_ConfigDirectory(const char* base); - -/* -** Basic callback function for SSL_GetClientAuthDataHook -*/ -extern int -SECU_GetClientAuthData(void *arg, PRFileDesc *fd, - struct CERTDistNamesStr *caNames, - struct CERTCertificateStr **pRetCert, - struct SECKEYPrivateKeyStr **pRetKey); - -/* print out an error message */ -extern void SECU_PrintError(char *progName, char *msg, ...); - -/* print out a system error message */ -extern void SECU_PrintSystemError(char *progName, char *msg, ...); - -/* Return informative error string */ -extern const char * SECU_Strerror(PRErrorCode errNum); - -/* print information about cert verification failure */ -extern void -SECU_printCertProblems(FILE *outfile, CERTCertDBHandle *handle, - CERTCertificate *cert, PRBool checksig, - SECCertificateUsage certUsage, void *pinArg, PRBool verbose); - -/* Read the contents of a file into a SECItem */ -extern SECStatus SECU_FileToItem(SECItem *dst, PRFileDesc *src); -extern SECStatus SECU_TextFileToItem(SECItem *dst, PRFileDesc *src); - -/* Read in a DER from a file, may be ascii */ -extern SECStatus -SECU_ReadDERFromFile(SECItem *der, PRFileDesc *inFile, PRBool ascii); - -/* Indent based on "level" */ -extern void SECU_Indent(FILE *out, int level); - -/* Print integer value and hex */ -extern void SECU_PrintInteger(FILE *out, SECItem *i, char *m, int level); - -/* Print ObjectIdentifier symbolically */ -extern void SECU_PrintObjectID(FILE *out, SECItem *oid, char *m, int level); - -/* Print AlgorithmIdentifier symbolically */ -extern void SECU_PrintAlgorithmID(FILE *out, SECAlgorithmID *a, char *m, - int level); - -/* Print SECItem as hex */ -extern void SECU_PrintAsHex(FILE *out, SECItem *i, const char *m, int level); - -/* dump a buffer in hex and ASCII */ -extern void SECU_PrintBuf(FILE *out, const char *msg, const void *vp, int len); - -/* - * Format and print the UTC Time "t". If the tag message "m" is not NULL, - * do indent formatting based on "level" and add a newline afterward; - * otherwise just print the formatted time string only. - */ -extern void SECU_PrintUTCTime(FILE *out, SECItem *t, char *m, int level); - -/* - * Format and print the Generalized Time "t". If the tag message "m" - * is not NULL, * do indent formatting based on "level" and add a newline - * afterward; otherwise just print the formatted time string only. - */ -extern void SECU_PrintGeneralizedTime(FILE *out, SECItem *t, char *m, - int level); - -/* - * Format and print the UTC or Generalized Time "t". If the tag message - * "m" is not NULL, do indent formatting based on "level" and add a newline - * afterward; otherwise just print the formatted time string only. - */ -extern void SECU_PrintTimeChoice(FILE *out, SECItem *t, char *m, int level); - -/* callback for listing certs through pkcs11 */ -extern SECStatus SECU_PrintCertNickname(CERTCertListNode* cert, void *data); - -/* Dump all certificate nicknames in a database */ -extern SECStatus -SECU_PrintCertificateNames(CERTCertDBHandle *handle, PRFileDesc* out, - PRBool sortByName, PRBool sortByTrust); - -/* See if nickname already in database. Return 1 true, 0 false, -1 error */ -int SECU_CheckCertNameExists(CERTCertDBHandle *handle, char *nickname); - -/* Dump contents of cert req */ -extern int SECU_PrintCertificateRequest(FILE *out, SECItem *der, char *m, - int level); - -/* Dump contents of certificate */ -extern int SECU_PrintCertificate(FILE *out, SECItem *der, char *m, int level); - -/* print trust flags on a cert */ -extern void SECU_PrintTrustFlags(FILE *out, CERTCertTrust *trust, char *m, int level); - -/* Dump contents of public key */ -extern int SECU_PrintPublicKey(FILE *out, SECItem *der, char *m, int level); - -#ifdef HAVE_EPV_TEMPLATE -/* Dump contents of private key */ -extern int SECU_PrintPrivateKey(FILE *out, SECItem *der, char *m, int level); -#endif - -/* Print the MD5 and SHA1 fingerprints of a cert */ -extern int SECU_PrintFingerprints(FILE *out, SECItem *derCert, char *m, - int level); - -/* Pretty-print any PKCS7 thing */ -extern int SECU_PrintPKCS7ContentInfo(FILE *out, SECItem *der, char *m, - int level); - -/* Init PKCS11 stuff */ -extern SECStatus SECU_PKCS11Init(PRBool readOnly); - -/* Dump contents of signed data */ -extern int SECU_PrintSignedData(FILE *out, SECItem *der, char *m, int level, - SECU_PPFunc inner); - -extern int SECU_PrintCrl(FILE *out, SECItem *der, char *m, int level); - -extern void -SECU_PrintCRLInfo(FILE *out, CERTCrl *crl, char *m, int level); - -extern void SECU_PrintExtensions(FILE *out, CERTCertExtension **extensions, - char *msg, int level); - -extern void SECU_PrintName(FILE *out, CERTName *name, char *msg, int level); - -#ifdef SECU_GetPassword -/* Convert a High public Key to a Low public Key */ -extern SECKEYLowPublicKey *SECU_ConvHighToLow(SECKEYPublicKey *pubHighKey); -#endif - -extern SECItem *SECU_GetPBEPassword(void *arg); - -extern char *SECU_GetModulePassword(PK11SlotInfo *slot, PRBool retry, void *arg); - -extern SECStatus DER_PrettyPrint(FILE *out, SECItem *it, PRBool raw); -extern void SEC_Init(void); - -extern char *SECU_SECModDBName(void); - -extern void SECU_PrintPRandOSError(char *progName); - -/* - * - * Utilities for parsing security tools command lines - * - */ - -/* A single command flag */ -typedef struct { - char flag; - PRBool needsArg; - char *arg; - PRBool activated; -} secuCommandFlag; - -/* A full array of command/option flags */ -typedef struct -{ - int numCommands; - int numOptions; - - secuCommandFlag *commands; - secuCommandFlag *options; -} secuCommand; - -/* fill the "arg" and "activated" fields for each flag */ -SECStatus -SECU_ParseCommandLine(int argc, char **argv, char *progName, secuCommand *cmd); -char * -SECU_GetOptionArg(secuCommand *cmd, int optionNum); - -/* - * - * Error messaging - * - */ - -/* Return informative error string */ -char *SECU_ErrorString(int16 err); - -/* Return informative error string. Does not call XP_GetString */ -char *SECU_ErrorStringRaw(int16 err); - -void printflags(char *trusts, unsigned int flags); - -#ifndef XP_UNIX -extern int ffs(unsigned int i); -#endif - -#include "secerr.h" -#include "sslerr.h" - -#endif /* _SEC_UTIL_H_ */ diff --git a/security/nss/cmd/makefile.inc b/security/nss/cmd/makefile.inc deleted file mode 100644 index 029576e7c..000000000 --- a/security/nss/cmd/makefile.inc +++ /dev/null @@ -1,84 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -INCLUDES += \ - -I$(DEPTH)/security/lib/cert \ - -I$(DEPTH)/security/lib/key \ - -I$(DEPTH)/security/lib/util \ - -I../include \ - $(NULL) - - -# For the time being, sec stuff is export only -# US_FLAGS = -DEXPORT_VERSION -DUS_VERSION - -US_FLAGS = -DEXPORT_VERSION -EXPORT_FLAGS = -DEXPORT_VERSION - -BASE_LIBS = \ - $(DIST)/lib/libdbm.a \ - $(DIST)/lib/libxp.a \ - $(DIST)/lib/libnspr21.a \ - $(NULL) - - -#There is a circular dependancy in security/lib, and here is a gross fix -SEC_LIBS = \ - $(DIST)/lib/libsecnav.a \ - $(DIST)/lib/libssl.a \ - $(DIST)/lib/libpkcs7.a \ - $(DIST)/lib/libcert.a \ - $(DIST)/lib/libkey.a \ - $(DIST)/lib/libsecmod.a \ - $(DIST)/lib/libcrypto.a \ - $(DIST)/lib/libsecutil.a \ - $(DIST)/lib/libssl.a \ - $(DIST)/lib/libpkcs7.a \ - $(DIST)/lib/libcert.a \ - $(DIST)/lib/libkey.a \ - $(DIST)/lib/libsecmod.a \ - $(DIST)/lib/libcrypto.a \ - $(DIST)/lib/libsecutil.a \ - $(DIST)/lib/libhash.a \ - $(NULL) - -MYLIBDIR= ../lib/$(OBJDIR) -MYLIB = $(MYLIBDIR)/libsectool.a - -US_LIBS = $(MYLIB) $(SEC_LIBS) $(BASE_LIBS) $(MYLIB) $(BASE_LIBS) -EX_LIBS = $(MYLIB) $(SEC_LIBS) $(BASE_LIBS) $(MYLIB) $(BASE_LIBS) - -# this hack is necessary because rules.mk doesn't put anything like $(LIBS) -# on the link command line (!?!?!?!) -LDFLAGS += $(EX_LIBS) - diff --git a/security/nss/cmd/makefile.win b/security/nss/cmd/makefile.win deleted file mode 100644 index 5e506590b..000000000 --- a/security/nss/cmd/makefile.win +++ /dev/null @@ -1,48 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -VERBOSE = 1 -include <manifest.mn> - -include <$(DEPTH)\config\config.mak> - -include <$(DEPTH)\config\rules.mak> - -objs: $(OBJS) - -programs: $(PROGRAM) - -syms: - @echo "OBJS is $(OBJS)" - @echo "INCS is $(INCS)" - diff --git a/security/nss/cmd/makepqg/Makefile b/security/nss/cmd/makepqg/Makefile deleted file mode 100644 index 36bf774fb..000000000 --- a/security/nss/cmd/makepqg/Makefile +++ /dev/null @@ -1,77 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - -include ../platlibs.mk - - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - - -include ../platrules.mk - - diff --git a/security/nss/cmd/makepqg/makefile.win b/security/nss/cmd/makepqg/makefile.win deleted file mode 100644 index 462448d73..000000000 --- a/security/nss/cmd/makepqg/makefile.win +++ /dev/null @@ -1,156 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -VERBOSE = 1 -include <manifest.mn> - -PROGRAM = makepqg -PROGRAM = $(OBJDIR)\$(PROGRAM).exe - -include <$(DEPTH)\config\config.mak> - - -# let manifest generate C_OBJS, it will prepend ./$(OBJDIR)/ -# rules.mak will append C_OBJS onto OBJS. -# OBJS = $(CSRCS:.c=.obj) - -# include files are looked for in $LINCS and $INCS. -# $LINCS is in manifest.mnw, computed from REQUIRES= -INCS = $(INCS) \ - -I$(DEPTH)/security/lib/cert \ - -I$(DEPTH)/security/lib/crypto \ - -I../include \ - $(NULL) - -IGNORE_ME = \ - -I$(DEPTH)/security/lib/key \ - -I$(DEPTH)/security/lib/util \ - - -WINFE = $(DEPTH)/cmd/winfe/mkfiles$(MOZ_BITS)/x86Dbg - -# these files are the content of libdbm -DBM_LIB = \ - $(WINFE)/DB.obj \ - $(WINFE)/HASH.obj \ - $(WINFE)/H_BIGKEY.obj \ - $(WINFE)/H_PAGE.obj \ - $(WINFE)/H_LOG2.obj \ - $(WINFE)/H_FUNC.obj \ - $(WINFE)/HASH_BUF.obj \ - $(NULL) - -MOZ_LIBS = \ - $(WINFE)/ALLXPSTR.obj \ - $(WINFE)/XP_ERROR.obj \ - $(WINFE)/XPASSERT.obj \ - $(WINFE)/XP_REG.obj \ - $(WINFE)/XP_TRACE.obj \ - $(DBM_LIB) \ - $(WINFE)/XP_STR.obj \ - $(WINFE)/MKTEMP.obj \ - $(NULL) - -SEC_LIBS = \ - $(DIST)/lib/cert$(MOZ_BITS).lib \ - $(DIST)/lib/crypto$(MOZ_BITS).lib \ - $(DIST)/lib/hash$(MOZ_BITS).lib \ - $(DIST)/lib/key$(MOZ_BITS).lib \ - $(DIST)/lib/pkcs7$(MOZ_BITS).lib \ - $(DIST)/lib/secmod$(MOZ_BITS).lib \ - $(DIST)/lib/secutl$(MOZ_BITS).lib \ - $(DIST)/lib/ssl$(MOZ_BITS).lib \ - $(NULL) - -LLFLAGS = $(LLFLAGS) \ - ../lib/$(OBJDIR)/sectool$(MOZ_BITS).lib \ - $(SEC_LIBS) \ - $(MOZ_LIBS) \ - $(DEPTH)/nspr/src/$(OBJDIR)/getopt.obj \ - $(LIBNSPR) \ - $(NULL) - - -# awt3240.lib # brpref32.lib # cert32.lib -# crypto32.lib # dllcom.lib # editor32.lib -# edpref32.lib # edtplug.lib # font.lib -# hash32.lib # htmldg32.lib # img32.lib -# javart32.lib # jbn3240.lib # jdb3240.lib -# jmc.lib # jpeg3240.lib # jpw3240.lib -# jrt3240.lib # js3240.lib # jsd3240.lib -# key32.lib # libapplet32.lib # libnjs32.lib -# libnsc32.lib # libreg32.lib # mm3240.lib -# mnpref32.lib # netcst32.lib # nsdlg32.lib -# nsldap32.lib # nsldaps32.lib # nsn32.lib -# pkcs1232.lib # pkcs732.lib # pr3240.lib -# prefui32.lib # prefuuid.lib # secmod32.lib -# secnav32.lib # secutl32.lib # softup32.lib -# sp3240.lib # ssl32.lib # uni3200.lib -# unicvt32.lib # win32md.lib # winfont.lib -# xppref32.lib # zlib32.lib - -include <$(DEPTH)\config\rules.mak> - - -INSTALL = $(MAKE_INSTALL) - -objs: $(OBJS) - -$(PROGRAM):: - $(INSTALL) $(DIST)/bin/pr3240.dll ./$(OBJDIR) - -programs: $(PROGRAM) - -install:: $(TARGETS) - $(INSTALL) $(TARGETS) $(DIST)/bin - -# ALLXPSTR.obj XP_ALLOC.obj XP_HASH.obj XP_RGB.obj XP_WRAP.obj -# CXPRINT.obj XP_C.cl XP_LIST.obj XP_SEC.obj netscape.exp -# CXPRNDLG.obj XP_CNTXT.obj XP_MD5.obj XP_STR.obj xp.pch -# EXPORT.obj XP_CORE.obj XP_MESG.obj XP_THRMO.obj xppref32.dll -# XPASSERT.obj XP_ERROR.obj XP_RECT.obj XP_TIME.obj -# XPLOCALE.obj XP_FILE.obj XP_REG.obj XP_TRACE.obj - -symbols: - @echo "CSRCS = $(CSRCS)" - @echo "INCS = $(INCS)" - @echo "OBJS = $(OBJS)" - @echo "LIBRARY = $(LIBRARY)" - @echo "PROGRAM = $(PROGRAM)" - @echo "TARGETS = $(TARGETS)" - @echo "DIST = $(DIST)" - @echo "VERSION_NUMBER = $(VERSION_NUMBER)" - @echo "WINFE = $(WINFE)" - @echo "DBM_LIB = $(DBM_LIB)" - @echo "INSTALL = $(INSTALL)" - diff --git a/security/nss/cmd/makepqg/makepqg.c b/security/nss/cmd/makepqg/makepqg.c deleted file mode 100644 index d2ec1f6f1..000000000 --- a/security/nss/cmd/makepqg/makepqg.c +++ /dev/null @@ -1,288 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -#include "prtypes.h" -#include "prtime.h" -#include "prlong.h" - -#include "nss.h" -#include "secutil.h" -#include "secitem.h" -#include "pk11func.h" -#include "pk11pqg.h" - -#if defined(XP_UNIX) -#include <unistd.h> -#endif - -#include "plgetopt.h" - -#define BPB 8 /* bits per byte. */ - -char *progName; - - -const SEC_ASN1Template seckey_PQGParamsTemplate[] = { - { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SECKEYPQGParams) }, - { SEC_ASN1_INTEGER, offsetof(SECKEYPQGParams,prime) }, - { SEC_ASN1_INTEGER, offsetof(SECKEYPQGParams,subPrime) }, - { SEC_ASN1_INTEGER, offsetof(SECKEYPQGParams,base) }, - { 0, } -}; - - - -void -Usage(void) -{ - fprintf(stderr, "Usage: %s\n", progName); - fprintf(stderr, -"-a Output DER-encoded PQG params, BTOA encoded.\n" -" -l prime-length Length of prime in bits (1024 is default)\n" -" -o file Output to this file (default is stdout)\n" -"-b Output DER-encoded PQG params in binary\n" -" -l prime-length Length of prime in bits (1024 is default)\n" -" -o file Output to this file (default is stdout)\n" -"-r Output P, Q and G in ASCII hexadecimal. \n" -" -l prime-length Length of prime in bits (1024 is default)\n" -" -o file Output to this file (default is stdout)\n" -"-g bits Generate SEED this many bits long.\n" -); - exit(-1); - -} - -int -outputPQGParams(PQGParams * pqgParams, PRBool output_binary, PRBool output_raw, - FILE * outFile) -{ - PRArenaPool * arena = NULL; - char * PQG; - SECItem encodedParams; - - if (output_raw) { - SECItem item; - - PK11_PQG_GetPrimeFromParams(pqgParams, &item); - SECU_PrintInteger(outFile, &item, "Prime", 1); - SECITEM_FreeItem(&item, PR_FALSE); - - PK11_PQG_GetSubPrimeFromParams(pqgParams, &item); - SECU_PrintInteger(outFile, &item, "Subprime", 1); - SECITEM_FreeItem(&item, PR_FALSE); - - PK11_PQG_GetBaseFromParams(pqgParams, &item); - SECU_PrintInteger(outFile, &item, "Base", 1); - SECITEM_FreeItem(&item, PR_FALSE); - - fprintf(outFile, "\n"); - return 0; - } - - encodedParams.data = NULL; - encodedParams.len = 0; - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - SEC_ASN1EncodeItem(arena, &encodedParams, pqgParams, - seckey_PQGParamsTemplate); - if (output_binary) { - fwrite(encodedParams.data, encodedParams.len, sizeof(char), outFile); - printf("\n"); - return 0; - } - - /* must be output ASCII */ - PQG = BTOA_DataToAscii(encodedParams.data, encodedParams.len); - - fprintf(outFile,"%s",PQG); - printf("\n"); - return 0; -} - -int -outputPQGVerify(PQGVerify * pqgVerify, PRBool output_binary, PRBool output_raw, - FILE * outFile) -{ - if (output_raw) { - SECItem item; - unsigned int counter; - - PK11_PQG_GetHFromVerify(pqgVerify, &item); - SECU_PrintInteger(outFile, &item, "h", 1); - SECITEM_FreeItem(&item, PR_FALSE); - - PK11_PQG_GetSeedFromVerify(pqgVerify, &item); - SECU_PrintInteger(outFile, &item, "SEED", 1); - fprintf(outFile, " g: %d\n", item.len * BPB); - SECITEM_FreeItem(&item, PR_FALSE); - - counter = PK11_PQG_GetCounterFromVerify(pqgVerify); - fprintf(outFile, " counter: %d\n", counter); - fprintf(outFile, "\n"); - return 0; - } - return 0; -} - -int -main(int argc, char **argv) -{ - FILE * outFile = NULL; - PQGParams * pqgParams = NULL; - PQGVerify * pqgVerify = NULL; - int keySizeInBits = 1024; - int j; - int o; - int g = 0; - SECStatus rv = 0; - SECStatus passed = 0; - PRBool output_ascii = PR_FALSE; - PRBool output_binary = PR_FALSE; - PRBool output_raw = PR_FALSE; - PLOptState *optstate; - PLOptStatus status; - - - progName = strrchr(argv[0], '/'); - if (!progName) - progName = strrchr(argv[0], '\\'); - progName = progName ? progName+1 : argv[0]; - - /* Parse command line arguments */ - optstate = PL_CreateOptState(argc, argv, "l:abro:g:" ); - while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) { - switch (optstate->option) { - - case 'l': - keySizeInBits = atoi(optstate->value); - break; - - case 'a': - output_ascii = PR_TRUE; - break; - - case 'b': - output_binary = PR_TRUE; - break; - - case 'r': - output_raw = PR_TRUE; - break; - - case 'o': - outFile = fopen(optstate->value, "wb"); - if (!outFile) { - fprintf(stderr, "%s: unable to open \"%s\" for writing\n", - progName, optstate->value); - rv = -1; - } - break; - - case 'g': - g = atoi(optstate->value); - break; - - default: - case '?': - Usage(); - break; - - } - } - - if (rv != 0) { - return rv; - } - - /* exactly 1 of these options must be set. */ - if (1 != ((output_ascii != PR_FALSE) + - (output_binary != PR_FALSE) + - (output_raw != PR_FALSE))) { - Usage(); - } - - j = PQG_PBITS_TO_INDEX(keySizeInBits); - if (j < 0) { - fprintf(stderr, "%s: Illegal prime length, \n" - "\tacceptable values are between 512 and 1024,\n" - "\tand divisible by 64\n", progName); - return -1; - } - if (g != 0 && (g < 160 || g >= 2048 || g % 8 != 0)) { - fprintf(stderr, "%s: Illegal g bits, \n" - "\tacceptable values are between 160 and 2040,\n" - "\tand divisible by 8\n", progName); - return -1; - } - - if (outFile == NULL) { - outFile = stdout; - } - - - NSS_NoDB_Init(NULL); - - if (g) - rv = PK11_PQG_ParamGenSeedLen((unsigned)j, (unsigned)(g/8), - &pqgParams, &pqgVerify); - else - rv = PK11_PQG_ParamGen((unsigned)j, &pqgParams, &pqgVerify); - - if (rv != SECSuccess || pqgParams == NULL) { - fprintf(stderr, "%s: PQG parameter generation failed.\n", progName); - goto loser; - } - fprintf(stderr, "%s: PQG parameter generation completed.\n", progName); - - o = outputPQGParams(pqgParams, output_binary, output_raw, outFile); - o = outputPQGVerify(pqgVerify, output_binary, output_raw, outFile); - - rv = PK11_PQG_VerifyParams(pqgParams, pqgVerify, &passed); - if (rv != SECSuccess) { - fprintf(stderr, "%s: PQG parameter verification aborted.\n", progName); - goto loser; - } - if (passed != SECSuccess) { - fprintf(stderr, "%s: PQG parameters failed verification.\n", progName); - goto loser; - } - fprintf(stderr, "%s: PQG parameters passed verification.\n", progName); - - PK11_PQG_DestroyParams(pqgParams); - PK11_PQG_DestroyVerify(pqgVerify); - return 0; - -loser: - PK11_PQG_DestroyParams(pqgParams); - PK11_PQG_DestroyVerify(pqgVerify); - return 1; -} diff --git a/security/nss/cmd/makepqg/manifest.mn b/security/nss/cmd/makepqg/manifest.mn deleted file mode 100644 index 328797094..000000000 --- a/security/nss/cmd/makepqg/manifest.mn +++ /dev/null @@ -1,47 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -CORE_DEPTH = ../../.. - -# This next line is used by .mk files -# and gets translated into $LINCS in manifest.mnw -REQUIRES = nss seccmd dbm - -# DIRS = - -CSRCS = makepqg.c - -PROGRAM = makepqg - -#USE_STATIC_LIBS = 1 - diff --git a/security/nss/cmd/makepqg/testit.ksh b/security/nss/cmd/makepqg/testit.ksh deleted file mode 100644 index 98cb7fa9d..000000000 --- a/security/nss/cmd/makepqg/testit.ksh +++ /dev/null @@ -1,41 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -COUNTER=75 -while [ $COUNTER -ge "1" ] -do - COUNTER=$(eval expr $COUNTER - 1) - echo $COUNTER - */makepqg.exe -r -l 640 -g 160 || exit 1 -done - diff --git a/security/nss/cmd/manifest.mn b/security/nss/cmd/manifest.mn deleted file mode 100644 index 4598e1455..000000000 --- a/security/nss/cmd/manifest.mn +++ /dev/null @@ -1,90 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -DEPTH = ../.. -# MODULE = seccmd - -REQUIRES = nss nspr libdbm - -DIRS = lib \ - zlib \ - atob \ - bltest \ - btoa \ - certcgi \ - certutil \ - checkcert \ - crlutil \ - dbtest \ - derdump \ - digest \ - makepqg \ - ocspclnt \ - oidcalc \ - p7content \ - p7env \ - p7sign \ - p7verify \ - pk12util \ - pp \ - rsaperf \ - sdrtest \ - selfserv \ - signtool \ - signver \ - shlibsign \ - smimetools \ - SSLsample \ - ssltap \ - strsclnt \ - swfort \ - symkeyutil \ - tstclnt \ - vfyserv \ - modutil \ - $(NULL) - -TEMPORARILY_DONT_BUILD = \ - $(NULL) - -# rsaperf \ -# -# needs to look at what needs to happen to make jar build in -# the binary release environment. -# -# perror requires lib/strerror.c which requires the client code installed -# to build (requires allxpstr.h) -# -DONT_BULD = jar \ - perror \ -$(NULL) diff --git a/security/nss/cmd/modutil/Makefile b/security/nss/cmd/modutil/Makefile deleted file mode 100644 index 3d2bbb412..000000000 --- a/security/nss/cmd/modutil/Makefile +++ /dev/null @@ -1,80 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### -include ../platlibs.mk - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - - -include ../platrules.mk - -# -# Cancel the built-in implicit yacc and lex rules. -# - -%.c: %.y -%.c: %.l diff --git a/security/nss/cmd/modutil/README b/security/nss/cmd/modutil/README deleted file mode 100644 index 12d192c9f..000000000 --- a/security/nss/cmd/modutil/README +++ /dev/null @@ -1,7 +0,0 @@ - CRYPTOGRAPHIC MODULE UTILITY (modutil) - VERSION 1.0 - =============================================== - -The file specification.html documentats the software. - -The file pk11jar.html documents the PKCS #11 JAR format. diff --git a/security/nss/cmd/modutil/config.mk b/security/nss/cmd/modutil/config.mk deleted file mode 100644 index 9f0cdf1e4..000000000 --- a/security/nss/cmd/modutil/config.mk +++ /dev/null @@ -1,77 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -####################################################################### -# Set the LDFLAGS value to encompass all normal link options, all # -# library names, and all special system linking options # -####################################################################### - -LDFLAGS = \ - $(DYNAMIC_LIB_PATH) \ - $(LDOPTS) \ - $(LIBSECTOOLS) \ - $(LIBSECMOD) \ - $(LIBHASH) \ - $(LIBCERT) \ - $(LIBKEY) \ - $(LIBCRYPTO) \ - $(LIBSECUTIL) \ - $(LIBDBM) \ - $(LIBPLC3) \ - $(LIBPLDS3) \ - $(LIBPR3) \ - $(DLLSYSTEM) \ - $(LIBJAR) \ - $(LIBZLIB) \ - $(LIBPKCS7) \ - $(LIBPLC3) - -# Strip out the symbols -ifdef BUILD_OPT - ifneq (,$(filter-out WIN%,$(OS_TARGET))) - LDFLAGS += -s - endif -endif - -####################################################################### -# Adjust specific variables for all platforms # -####################################################################### - - -ifeq (,$(filter-out WIN%,$(OS_TARGET))) - PACKAGE_FILES = license.txt README.TXT specification.html pk11jar.html modutil.exe -else - PACKAGE_FILES = license.doc README specification.html pk11jar.html modutil -endif - -ARCHIVE_NAME = modutil_$(OS_TARGET)$(OS_RELEASE) diff --git a/security/nss/cmd/modutil/error.h b/security/nss/cmd/modutil/error.h deleted file mode 100644 index c5761f5fe..000000000 --- a/security/nss/cmd/modutil/error.h +++ /dev/null @@ -1,182 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -#ifndef MODUTIL_ERROR_H -#define MODUTIL_ERROR_H - -typedef enum { - NO_ERR=0, - INVALID_USAGE_ERR, - UNEXPECTED_ARG_ERR, - UNKNOWN_OPTION_ERR, - MULTIPLE_COMMAND_ERR, - OPTION_NEEDS_ARG_ERR, - DUPLICATE_OPTION_ERR, - MISSING_PARAM_ERR, - INVALID_FIPS_ARG, - NO_COMMAND_ERR, - NO_DBDIR_ERR, - FIPS_SWITCH_FAILED_ERR, - FIPS_ALREADY_ON_ERR, - FIPS_ALREADY_OFF_ERR, - FILE_ALREADY_EXISTS_ERR, - FILE_DOESNT_EXIST_ERR, - FILE_NOT_READABLE_ERR, - FILE_NOT_WRITEABLE_ERR, - DIR_DOESNT_EXIST_ERR, - DIR_NOT_READABLE_ERR, - DIR_NOT_WRITEABLE_ERR, - INVALID_CONSTANT_ERR, - ADD_MODULE_FAILED_ERR, - ADD_MODULE_FAILED_STATUS_ERR, - OUT_OF_MEM_ERR, - DELETE_INTERNAL_ERR, - DELETE_FAILED_ERR, - NO_LIST_LOCK_ERR, - NO_MODULE_LIST_ERR, - NO_SUCH_MODULE_ERR, - MOD_INFO_ERR, - SLOT_INFO_ERR, - TOKEN_INFO_ERR, - NO_SUCH_TOKEN_ERR, - CHANGEPW_FAILED_ERR, - BAD_PW_ERR, - DB_ACCESS_ERR, - AUTHENTICATION_FAILED_ERR, - NO_SUCH_SLOT_ERR, - ENABLE_FAILED_ERR, - UPDATE_MOD_FAILED_ERR, - DEFAULT_FAILED_ERR, - UNDEFAULT_FAILED_ERR, - STDIN_READ_ERR, - UNSPECIFIED_ERR, - NOCERTDB_MISUSE_ERR, - NSS_INITIALIZE_FAILED_ERR, - - LAST_ERR /* must be last */ -} Error; -#define SUCCESS NO_ERR - -/* !!! Should move this into its own .c and un-static it. */ -static char *errStrings[] = { - "Operation completed successfully.\n", - "ERROR: Invalid command line.\n", - "ERROR: Not expecting argument \"%s\".\n", - "ERROR: Unknown option: %s.\n", - "ERROR: %s: multiple commands are not allowed on the command line.\n", - "ERROR: %s: option needs an argument.\n", - "ERROR: %s: option cannot be given more than once.\n", - "ERROR: Command \"%s\" requires parameter \"%s\".\n", - "ERROR: Argument to -fips must be \"true\" or \"false\".\n", - "ERROR: No command was specified.\n", - "ERROR: Cannot determine database directory: use the -dbdir option.\n", - "ERROR: Unable to switch FIPS modes.\n", - "FIPS mode already enabled.\n", - "FIPS mode already disabled.\n", - "ERROR: File \"%s\" already exists.\n", - "ERROR: File \"%s\" does not exist.\n", - "ERROR: File \"%s\" is not readable.\n", - "ERROR: File \"%s\" is not writeable.\n", - "ERROR: Directory \"%s\" does not exist.\n", - "ERROR: Directory \"%s\" is not readable.\n", - "ERROR: Directory \"%s\" is not writeable.\n", - "\"%s\" is not a recognized value.\n", - "ERROR: Failed to add module \"%s\".\n", - "ERROR: Failed to add module \"%s\". Probable cause : \"%s\".\n", - "ERROR: Out of memory.\n", - "ERROR: Cannot delete internal module.\n", - "ERROR: Failed to delete module \"%s\".\n", - "ERROR: Unable to obtain lock on module list.\n", - "ERROR: Unable to obtain module list.\n", - "ERROR: Module \"%s\" not found in database.\n", - "ERROR: Unable to get information about module \"%s\".\n", - "ERROR: Unable to get information about slot \"%s\".\n", - "ERROR: Unable to get information about token \"%s\".\n", - "ERROR: Token \"%s\" not found.\n", - "ERROR: Unable to change password on token \"%s\".\n", - "ERROR: Incorrect password.\n", - "ERROR: Unable to access database \"%s\".\n", - "ERROR: Unable to authenticate to token \"%s\".\n", - "ERROR: Slot \"%s\" not found.\n", - "ERROR: Failed to %s slot \"%s\".\n", - "ERROR: Failed to update module \"%s\".\n", - "ERROR: Failed to change defaults.\n", - "ERROR: Failed to change default.\n", - "ERROR: Unable to read from standard input.\n", - "ERROR: Unknown error occurred.\n", - "ERROR: -nocertdb option can only be used with the -jar command.\n" - "ERROR: NSS_Initialize() failed.\n" -}; - -typedef enum { - FIPS_ENABLED_MSG=0, - FIPS_DISABLED_MSG, - USING_DBDIR_MSG, - CREATING_DB_MSG, - ADD_MODULE_SUCCESS_MSG, - DELETE_SUCCESS_MSG, - CHANGEPW_SUCCESS_MSG, - BAD_PW_MSG, - PW_MATCH_MSG, - DONE_MSG, - ENABLE_SUCCESS_MSG, - DEFAULT_SUCCESS_MSG, - UNDEFAULT_SUCCESS_MSG, - BROWSER_RUNNING_MSG, - ABORTING_MSG, - - LAST_MSG /* must be last */ -} Message; - -static char *msgStrings[] = { - "FIPS mode enabled.\n", - "FIPS mode disabled.\n", - "Using database directory %s...\n", - "Creating \"%s\"...", - "Module \"%s\" added to database.\n", - "Module \"%s\" deleted from database.\n", - "Token \"%s\" password changed successfully.\n", - "Incorrect password, try again...\n", - "Passwords do not match, try again...\n", - "done.\n", - "Slot \"%s\" %s.\n", - "Successfully changed defaults.\n", - "Successfully changed defaults.\n", -"\nWARNING: Performing this operation while the browser is running could cause" -"\ncorruption of your security databases. If the browser is currently running," -"\nyou should exit browser before continuing this operation. Type " -"\n'q <enter>' to abort, or <enter> to continue: ", - "\nAborting...\n" -}; - -#endif /* MODUTIL_ERROR_H */ diff --git a/security/nss/cmd/modutil/install-ds.c b/security/nss/cmd/modutil/install-ds.c deleted file mode 100644 index e6b90ded3..000000000 --- a/security/nss/cmd/modutil/install-ds.c +++ /dev/null @@ -1,1541 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -#include "install-ds.h" -#include <prmem.h> -#include <plstr.h> -#include <prprf.h> -#include <string.h> - -#define PORT_Strcasecmp PL_strcasecmp - -#define MODULE_FILE_STRING "ModuleFile" -#define MODULE_NAME_STRING "ModuleName" -#define MECH_FLAGS_STRING "DefaultMechanismFlags" -#define CIPHER_FLAGS_STRING "DefaultCipherFlags" -#define FILES_STRING "Files" -#define FORWARD_COMPATIBLE_STRING "ForwardCompatible" -#define PLATFORMS_STRING "Platforms" -#define RELATIVE_DIR_STRING "RelativePath" -#define ABSOLUTE_DIR_STRING "AbsolutePath" -#define FILE_PERMISSIONS_STRING "FilePermissions" -#define EQUIVALENT_PLATFORM_STRING "EquivalentPlatform" -#define EXECUTABLE_STRING "Executable" - -#define DEFAULT_PERMISSIONS 0777 - -#define PLATFORM_SEPARATOR_CHAR ':' - -/* Error codes */ -enum { - BOGUS_RELATIVE_DIR=0, - BOGUS_ABSOLUTE_DIR, - BOGUS_FILE_PERMISSIONS, - NO_RELATIVE_DIR, - NO_ABSOLUTE_DIR, - EMPTY_PLATFORM_STRING, - BOGUS_PLATFORM_STRING, - REPEAT_MODULE_FILE, - REPEAT_MODULE_NAME, - BOGUS_MODULE_FILE, - BOGUS_MODULE_NAME, - REPEAT_MECH, - BOGUS_MECH_FLAGS, - REPEAT_CIPHER, - BOGUS_CIPHER_FLAGS, - REPEAT_FILES, - REPEAT_EQUIV, - BOGUS_EQUIV, - EQUIV_TOO_MUCH_INFO, - NO_FILES, - NO_MODULE_FILE, - NO_MODULE_NAME, - NO_PLATFORMS, - EQUIV_LOOP, - UNKNOWN_MODULE_FILE -}; - -/* Indexed by the above error codes */ -static const char *errString[] = { - "%s: Invalid relative directory", - "%s: Invalid absolute directory", - "%s: Invalid file permissions", - "%s: No relative directory specified", - "%s: No absolute directory specified", - "Empty string given for platform name", - "%s: invalid platform string", - "More than one ModuleFile entry given for platform %s", - "More than one ModuleName entry given for platform %s", - "Invalid ModuleFile specification for platform %s", - "Invalid ModuleName specification for platform %s", - "More than one DefaultMechanismFlags entry given for platform %s", - "Invalid DefaultMechanismFlags specification for platform %s", - "More than one DefaultCipherFlags entry given for platform %s", - "Invalid DefaultCipherFlags entry given for platform %s", - "More than one Files entry given for platform %s", - "More than one EquivalentPlatform entry given for platform %s", - "Invalid EquivalentPlatform specification for platform %s", - "Module %s uses an EquivalentPlatform but also specifies its own" - " information", - "No Files specification in module %s", - "No ModuleFile specification in module %s", - "No ModuleName specification in module %s", - "No Platforms specification in installer script", - "Platform %s has an equivalency loop", - "Module file \"%s\" in platform \"%s\" does not exist" -}; - -static char* PR_Strdup(const char* str); - -#define PAD(x) {int i; for(i=0;i<x;i++) printf(" ");} -#define PADINC 4 - -Pk11Install_File* -Pk11Install_File_new() -{ - Pk11Install_File* new_this; - new_this = (Pk11Install_File*)PR_Malloc(sizeof(Pk11Install_File)); - Pk11Install_File_init(new_this); - return new_this; -} - -void -Pk11Install_File_init(Pk11Install_File* _this) -{ - _this->jarPath=NULL; - _this->relativePath=NULL; - _this->absolutePath=NULL; - _this->executable=PR_FALSE; - _this->permissions=0; -} - -/* -////////////////////////////////////////////////////////////////////////// -// Method: ~Pk11Install_File -// Class: Pk11Install_File -// Notes: Destructor. -*/ -void -Pk11Install_File_delete(Pk11Install_File* _this) -{ - Pk11Install_File_Cleanup(_this); -} - -/* -////////////////////////////////////////////////////////////////////////// -// Method: Cleanup -// Class: Pk11Install_File -*/ -void -Pk11Install_File_Cleanup(Pk11Install_File* _this) -{ - if(_this->jarPath) { - PR_Free(_this->jarPath); - _this->jarPath = NULL; - } - if(_this->relativePath) { - PR_Free(_this->relativePath); - _this->relativePath = NULL; - } - if(_this->absolutePath) { - PR_Free(_this->absolutePath); - _this->absolutePath = NULL; - } - - _this->permissions = 0; - _this->executable = PR_FALSE; -} - -/* -////////////////////////////////////////////////////////////////////////// -// Method: Generate -// Class: Pk11Install_File -// Notes: Creates a file data structure from a syntax tree. -// Returns: NULL for success, otherwise an error message. -*/ -char* -Pk11Install_File_Generate(Pk11Install_File* _this, - const Pk11Install_Pair *pair) -{ - Pk11Install_ListIter *iter; - Pk11Install_Value *val; - Pk11Install_Pair *subpair; - Pk11Install_ListIter *subiter; - Pk11Install_Value *subval; - char* errStr; - char *endp; - PRBool gotPerms; - - iter=NULL; - subiter=NULL; - errStr=NULL; - gotPerms=PR_FALSE; - - /* Clear out old values */ - Pk11Install_File_Cleanup(_this); - - _this->jarPath = PR_Strdup(pair->key); - - /* Go through all the pairs under this file heading */ - iter = Pk11Install_ListIter_new(pair->list); - for( ; (val = iter->current); Pk11Install_ListIter_nextItem(iter)) { - if(val->type == PAIR_VALUE) { - subpair = val->pair; - - /* Relative directory */ - if(!PORT_Strcasecmp(subpair->key, RELATIVE_DIR_STRING)) { - subiter = Pk11Install_ListIter_new(subpair->list); - subval = subiter->current; - if(!subval || (subval->type != STRING_VALUE)){ - errStr = PR_smprintf(errString[BOGUS_RELATIVE_DIR], - _this->jarPath); - goto loser; - } - _this->relativePath = PR_Strdup(subval->string); - Pk11Install_ListIter_delete(subiter); - subiter = NULL; - - /* Absolute directory */ - } else if( !PORT_Strcasecmp(subpair->key, ABSOLUTE_DIR_STRING)) { - subiter = Pk11Install_ListIter_new(subpair->list); - subval = subiter->current; - if(!subval || (subval->type != STRING_VALUE)){ - errStr = PR_smprintf(errString[BOGUS_ABSOLUTE_DIR], - _this->jarPath); - goto loser; - } - _this->absolutePath = PR_Strdup(subval->string); - Pk11Install_ListIter_delete(subiter); - subiter = NULL; - - /* file permissions */ - } else if( !PORT_Strcasecmp(subpair->key, - FILE_PERMISSIONS_STRING)) { - subiter = Pk11Install_ListIter_new(subpair->list); - subval = subiter->current; - if(!subval || (subval->type != STRING_VALUE)){ - errStr = PR_smprintf(errString[BOGUS_FILE_PERMISSIONS], - _this->jarPath); - goto loser; - } - _this->permissions = (int) strtol(subval->string, &endp, 8); - if(*endp != '\0' || subval->string == "\0") { - errStr = PR_smprintf(errString[BOGUS_FILE_PERMISSIONS], - _this->jarPath); - goto loser; - } - gotPerms = PR_TRUE; - Pk11Install_ListIter_delete(subiter); - subiter = NULL; - } - } else { - if(!PORT_Strcasecmp(val->string, EXECUTABLE_STRING)) { - _this->executable = PR_TRUE; - } - } - } - - /* Default permission value */ - if(!gotPerms) { - _this->permissions = DEFAULT_PERMISSIONS; - } - - /* Make sure we got all the information */ - if(!_this->relativePath && !_this->absolutePath) { - errStr = PR_smprintf(errString[NO_ABSOLUTE_DIR], _this->jarPath); - goto loser; - } -#if 0 - if(!_this->relativePath ) { - errStr = PR_smprintf(errString[NO_RELATIVE_DIR], _this->jarPath); - goto loser; - } - if(!_this->absolutePath) { - errStr = PR_smprintf(errString[NO_ABSOLUTE_DIR], _this->jarPath); - goto loser; - } -#endif - -loser: - if(iter) { - Pk11Install_ListIter_delete(iter); - PR_Free(iter); - } - if(subiter) { - Pk11Install_ListIter_delete(subiter); - PR_Free(subiter); - } - return errStr; -} - -/* -////////////////////////////////////////////////////////////////////////// -// Method: Print -// Class: Pk11Install_File -*/ -void -Pk11Install_File_Print(Pk11Install_File* _this, int pad) -{ - PAD(pad); printf("jarPath: %s\n", - _this->jarPath ? _this->jarPath : "<NULL>"); - PAD(pad); printf("relativePath: %s\n", - _this->relativePath ? _this->relativePath: "<NULL>"); - PAD(pad); printf("absolutePath: %s\n", - _this->absolutePath ? _this->absolutePath: "<NULL>"); - PAD(pad); printf("permissions: %o\n", _this->permissions); -} - -Pk11Install_PlatformName* -Pk11Install_PlatformName_new() -{ - Pk11Install_PlatformName* new_this; - new_this = (Pk11Install_PlatformName*) - PR_Malloc(sizeof(Pk11Install_PlatformName)); - Pk11Install_PlatformName_init(new_this); - return new_this; -} - -void -Pk11Install_PlatformName_init(Pk11Install_PlatformName* _this) -{ - _this->OS = NULL; - _this->verString = NULL; - _this->numDigits = 0; - _this->arch = NULL; -} - -/* -////////////////////////////////////////////////////////////////////////// -// Method: ~Pk11Install_PlatformName -// Class: Pk11Install_PlatformName -*/ -void -Pk11Install_PlatformName_delete(Pk11Install_PlatformName* _this) -{ - Pk11Install_PlatformName_Cleanup(_this); -} - -/* -////////////////////////////////////////////////////////////////////////// -// Method: Cleanup -// Class: Pk11Install_PlatformName -*/ -void -Pk11Install_PlatformName_Cleanup(Pk11Install_PlatformName* _this) -{ - if(_this->OS) { - PR_Free(_this->OS); - _this->OS = NULL; - } - if(_this->verString) { - int i; - for (i=0; i<_this->numDigits; i++) { - PR_Free(_this->verString[i]); - } - PR_Free(_this->verString); - _this->verString = NULL; - } - if(_this->arch) { - PR_Free(_this->arch); - _this->arch = NULL; - } - _this->numDigits = 0; -} - -/* -////////////////////////////////////////////////////////////////////////// -// Method: Generate -// Class: Pk11Install_PlatformName -// Notes: Extracts the information from a platform string. -*/ -char* -Pk11Install_PlatformName_Generate(Pk11Install_PlatformName* _this, - const char *str) -{ - char *errStr; - char *copy; - char *end, *start; /* start and end of a section (OS, version, arch)*/ - char *pend, *pstart; /* start and end of one portion of version*/ - char *endp; /* used by strtol*/ - int periods, i; - - errStr=NULL; - copy=NULL; - - if(!str) { - errStr = PR_smprintf(errString[EMPTY_PLATFORM_STRING]); - goto loser; - } - copy = PR_Strdup(str); - - /* - // Get the OS - */ - end = strchr(copy, PLATFORM_SEPARATOR_CHAR); - if(!end || end==copy) { - errStr = PR_smprintf(errString[BOGUS_PLATFORM_STRING], str); - goto loser; - } - *end = '\0'; - - _this->OS = PR_Strdup(copy); - - /* - // Get the digits of the version of form: x.x.x (arbitrary number of digits) - */ - - start = end+1; - end = strchr(start, PLATFORM_SEPARATOR_CHAR); - if(!end) { - errStr = PR_smprintf(errString[BOGUS_PLATFORM_STRING], str); - goto loser; - } - *end = '\0'; - - if(end!=start) { - /* Find out how many periods*/ - periods = 0; - pstart = start; - while( (pend=strchr(pstart, '.')) ) { - periods++; - pstart = pend+1; - } - _this->numDigits= 1+ periods; - _this->verString = (char**)PR_Malloc(sizeof(char*)*_this->numDigits); - - pstart = start; - i = 0; - /* Get the digits before each period*/ - while( (pend=strchr(pstart, '.')) ) { - if(pend == pstart) { - errStr = PR_smprintf(errString[BOGUS_PLATFORM_STRING], str); - goto loser; - } - *pend = '\0'; - _this->verString[i] = PR_Strdup(pstart); - endp = pend; - if(endp==pstart || (*endp != '\0')) { - errStr = PR_smprintf(errString[BOGUS_PLATFORM_STRING], str); - goto loser; - } - pstart = pend+1; - i++; - } - /* Last digit comes after the last period*/ - if(*pstart == '\0') { - errStr = PR_smprintf(errString[BOGUS_PLATFORM_STRING], str); - goto loser; - } - _this->verString[i] = PR_Strdup(pstart); - /* - if(endp==pstart || (*endp != '\0')) { - errStr = PR_smprintf(errString[BOGUS_PLATFORM_STRING], str); - goto loser; - } - */ - } else { - _this->verString = NULL; - _this->numDigits = 0; - } - - /* - // Get the architecture - */ - start = end+1; - if( strchr(start, PLATFORM_SEPARATOR_CHAR) ) { - errStr = PR_smprintf(errString[BOGUS_PLATFORM_STRING], str); - goto loser; - } - _this->arch = PR_Strdup(start); - - if(copy) { - PR_Free(copy); - } - return NULL; -loser: - if(_this->OS) { - PR_Free(_this->OS); - _this->OS = NULL; - } - if(_this->verString) { - for (i=0; i<_this->numDigits; i++) { - PR_Free(_this->verString[i]); - } - PR_Free(_this->verString); - _this->verString = NULL; - } - _this->numDigits = 0; - if(_this->arch) { - PR_Free(_this->arch); - _this->arch = NULL; - } - - return errStr; -} - -/* -////////////////////////////////////////////////////////////////////////// -// Method: operator == -// Class: Pk11Install_PlatformName -// Returns: PR_TRUE if the platform have the same OS, arch, and version -*/ -PRBool -Pk11Install_PlatformName_equal(Pk11Install_PlatformName* _this, - Pk11Install_PlatformName* cmp) -{ - int i; - - if(!_this->OS || !_this->arch || !cmp->OS || !cmp->arch) { - return PR_FALSE; - } - - if( PORT_Strcasecmp(_this->OS, cmp->OS) || - PORT_Strcasecmp(_this->arch, cmp->arch) || - _this->numDigits != cmp->numDigits ) { - return PR_FALSE; - } - - for(i=0; i < _this->numDigits; i++) { - if(PORT_Strcasecmp(_this->verString[i], cmp->verString[i])) { - return PR_FALSE; - } - } - return PR_TRUE; -} - -/* -////////////////////////////////////////////////////////////////////////// -// Method: operator <= -// Class: Pk11Install_PlatformName -// Returns: PR_TRUE if the platform have the same OS and arch and a lower -// or equal release. -*/ -PRBool -Pk11Install_PlatformName_lteq(Pk11Install_PlatformName* _this, - Pk11Install_PlatformName* cmp) -{ - return (Pk11Install_PlatformName_equal(_this,cmp) || - Pk11Install_PlatformName_lt(_this,cmp)) ? PR_TRUE : PR_FALSE; -} - -/* -////////////////////////////////////////////////////////////////////////// -// Method: operator < -// Class: Pk11Install_PlatformName -// Returns: PR_TRUE if the platform have the same OS and arch and a greater -// release. -*/ -PRBool -Pk11Install_PlatformName_lt(Pk11Install_PlatformName* _this, - Pk11Install_PlatformName* cmp) -{ - int i, scmp; - - if(!_this->OS || !_this->arch || !cmp->OS || !cmp->arch) { - return PR_FALSE; - } - - if( PORT_Strcasecmp(_this->OS, cmp->OS) ) { - return PR_FALSE; - } - if( PORT_Strcasecmp(_this->arch, cmp->arch) ) { - return PR_FALSE; - } - - for(i=0; (i < _this->numDigits) && (i < cmp->numDigits); i++) { - scmp = PORT_Strcasecmp(_this->verString[i], cmp->verString[i]); - if (scmp > 0) { - return PR_FALSE; - } else if (scmp < 0) { - return PR_TRUE; - } - } - /* All the digits they have in common are the same. */ - if(_this->numDigits < cmp->numDigits) { - return PR_TRUE; - } - - return PR_FALSE; -} - -/* -////////////////////////////////////////////////////////////////////////// -// Method: GetString -// Class: Pk11Install_PlatformName -// Returns: String composed of OS, release, and architecture separated -// by the separator char. Memory is allocated by this function -// but is the responsibility of the caller to de-allocate. -*/ -char* -Pk11Install_PlatformName_GetString(Pk11Install_PlatformName* _this) -{ - char *ret; - char *ver; - char *OS_; - char *arch_; - - OS_=NULL; - arch_=NULL; - - OS_ = _this->OS ? _this->OS : ""; - arch_ = _this->arch ? _this->arch : ""; - - ver = Pk11Install_PlatformName_GetVerString(_this); - ret = PR_smprintf("%s%c%s%c%s", OS_, PLATFORM_SEPARATOR_CHAR, ver, - PLATFORM_SEPARATOR_CHAR, arch_); - - PR_Free(ver); - - return ret; -} - -/* -////////////////////////////////////////////////////////////////////////// -// Method: GetVerString -// Class: Pk11Install_PlatformName -// Returns: The version string for this platform, in the form x.x.x with an -// arbitrary number of digits. Memory allocated by function, -// must be de-allocated by caller. -*/ -char* -Pk11Install_PlatformName_GetVerString(Pk11Install_PlatformName* _this) -{ - char *tmp; - char *ret; - int i; - char buf[80]; - - tmp = (char*)PR_Malloc(80*_this->numDigits+1); - tmp[0] = '\0'; - - for(i=0; i < _this->numDigits-1; i++) { - sprintf(buf, "%s.", _this->verString[i]); - strcat(tmp, buf); - } - if(i < _this->numDigits) { - sprintf(buf, "%s", _this->verString[i]); - strcat(tmp, buf); - } - - ret = PR_Strdup(tmp); - free(tmp); - - return ret; -} - -/* -////////////////////////////////////////////////////////////////////////// -// Method: Print -// Class: Pk11Install_PlatformName -*/ -void -Pk11Install_PlatformName_Print(Pk11Install_PlatformName* _this, int pad) -{ - PAD(pad); printf("OS: %s\n", _this->OS ? _this->OS : "<NULL>"); - PAD(pad); printf("Digits: "); - if(_this->numDigits == 0) { - printf("None\n"); - } else { - printf("%s\n", Pk11Install_PlatformName_GetVerString(_this)); - } - PAD(pad); printf("arch: %s\n", _this->arch ? _this->arch : "<NULL>"); -} - -Pk11Install_Platform* -Pk11Install_Platform_new() -{ - Pk11Install_Platform* new_this; - new_this = (Pk11Install_Platform*)PR_Malloc(sizeof(Pk11Install_Platform)); - Pk11Install_Platform_init(new_this); - return new_this; -} - -void -Pk11Install_Platform_init(Pk11Install_Platform* _this) -{ - Pk11Install_PlatformName_init(&_this->name); - Pk11Install_PlatformName_init(&_this->equivName); - _this->equiv = NULL; - _this->usesEquiv = PR_FALSE; - _this->moduleFile = NULL; - _this->moduleName = NULL; - _this->modFile = -1; - _this->mechFlags = 0; - _this->cipherFlags = 0; - _this->files = NULL; - _this->numFiles = 0; -} - -/* -////////////////////////////////////////////////////////////////////////// -// Method: ~Pk11Install_Platform -// Class: Pk11Install_Platform -*/ -void -Pk11Install_Platform_delete(Pk11Install_Platform* _this) -{ - Pk11Install_Platform_Cleanup(_this); -} - -/* -////////////////////////////////////////////////////////////////////////// -// Method: Cleanup -// Class: Pk11Install_Platform -*/ -void -Pk11Install_Platform_Cleanup(Pk11Install_Platform* _this) -{ - int i; - if(_this->moduleFile) { - PR_Free(_this->moduleFile); - _this->moduleFile = NULL; - } - if(_this->moduleName) { - PR_Free(_this->moduleName); - _this->moduleName = NULL; - } - if(_this->files) { - for (i=0;i<_this->numFiles;i++) { - Pk11Install_File_delete(&_this->files[i]); - } - PR_Free(_this->files); - _this->files = NULL; - } - _this->equiv = NULL; - _this->usesEquiv = PR_FALSE; - _this->modFile = -1; - _this->numFiles = 0; - _this->mechFlags = _this->cipherFlags = 0; -} - -/* -////////////////////////////////////////////////////////////////////////// -// Method: Generate -// Class: Pk11Install_Platform -// Notes: Creates a platform data structure from a syntax tree. -// Returns: NULL for success, otherwise an error message. -*/ -char* -Pk11Install_Platform_Generate(Pk11Install_Platform* _this, - const Pk11Install_Pair *pair) -{ - char* errStr; - char* endptr; - char* tmp; - int i; - Pk11Install_ListIter *iter; - Pk11Install_Value *val; - Pk11Install_Value *subval; - Pk11Install_Pair *subpair; - Pk11Install_ListIter *subiter; - PRBool gotModuleFile, gotModuleName, gotMech, - gotCipher, gotFiles, gotEquiv; - - errStr=NULL; - iter=subiter=NULL; - val=subval=NULL; - subpair=NULL; - gotModuleFile=gotModuleName=gotMech=gotCipher=gotFiles=gotEquiv=PR_FALSE; - Pk11Install_Platform_Cleanup(_this); - - errStr = Pk11Install_PlatformName_Generate(&_this->name,pair->key); - if(errStr) { - tmp = PR_smprintf("%s: %s", pair->key, errStr); - PR_smprintf_free(errStr); - errStr = tmp; - goto loser; - } - - iter = Pk11Install_ListIter_new(pair->list); - for( ; (val=iter->current); Pk11Install_ListIter_nextItem(iter)) { - if(val->type==PAIR_VALUE) { - subpair = val->pair; - - if( !PORT_Strcasecmp(subpair->key, MODULE_FILE_STRING)) { - if(gotModuleFile) { - errStr = PR_smprintf(errString[REPEAT_MODULE_FILE], - Pk11Install_PlatformName_GetString(&_this->name)); - goto loser; - } - subiter = Pk11Install_ListIter_new(subpair->list); - subval = subiter->current; - if(!subval || (subval->type != STRING_VALUE)) { - errStr = PR_smprintf(errString[BOGUS_MODULE_FILE], - Pk11Install_PlatformName_GetString(&_this->name)); - goto loser; - } - _this->moduleFile = PR_Strdup(subval->string); - Pk11Install_ListIter_delete(subiter); - PR_Free(subiter); - subiter = NULL; - gotModuleFile = PR_TRUE; - } else if(!PORT_Strcasecmp(subpair->key, MODULE_NAME_STRING)){ - if(gotModuleName) { - errStr = PR_smprintf(errString[REPEAT_MODULE_NAME], - Pk11Install_PlatformName_GetString(&_this->name)); - goto loser; - } - subiter = Pk11Install_ListIter_new(subpair->list); - subval = subiter->current; - if(!subval || (subval->type != STRING_VALUE)) { - errStr = PR_smprintf(errString[BOGUS_MODULE_NAME], - Pk11Install_PlatformName_GetString(&_this->name)); - goto loser; - } - _this->moduleName = PR_Strdup(subval->string); - Pk11Install_ListIter_delete(subiter); - PR_Free(subiter); - subiter = NULL; - gotModuleName = PR_TRUE; - } else if(!PORT_Strcasecmp(subpair->key, MECH_FLAGS_STRING)) { - endptr=NULL; - - if(gotMech) { - errStr = PR_smprintf(errString[REPEAT_MECH], - Pk11Install_PlatformName_GetString(&_this->name)); - goto loser; - } - subiter = Pk11Install_ListIter_new(subpair->list); - subval = subiter->current; - if(!subval || (subval->type != STRING_VALUE)) { - errStr = PR_smprintf(errString[BOGUS_MECH_FLAGS], - Pk11Install_PlatformName_GetString(&_this->name)); - goto loser; - } - _this->mechFlags = strtol(subval->string, &endptr, 0); - if(*endptr!='\0' || (endptr==subval->string) ) { - errStr = PR_smprintf(errString[BOGUS_MECH_FLAGS], - Pk11Install_PlatformName_GetString(&_this->name)); - goto loser; - } - Pk11Install_ListIter_delete(subiter); - PR_Free(subiter); - subiter=NULL; - gotMech = PR_TRUE; - } else if(!PORT_Strcasecmp(subpair->key,CIPHER_FLAGS_STRING)) { - endptr=NULL; - - if(gotCipher) { - errStr = PR_smprintf(errString[REPEAT_CIPHER], - Pk11Install_PlatformName_GetString(&_this->name)); - goto loser; - } - subiter = Pk11Install_ListIter_new(subpair->list); - subval = subiter->current; - if(!subval || (subval->type != STRING_VALUE)) { - errStr = PR_smprintf(errString[BOGUS_CIPHER_FLAGS], - Pk11Install_PlatformName_GetString(&_this->name)); - goto loser; - } - _this->cipherFlags = strtol(subval->string, &endptr, 0); - if(*endptr!='\0' || (endptr==subval->string) ) { - errStr = PR_smprintf(errString[BOGUS_CIPHER_FLAGS], - Pk11Install_PlatformName_GetString(&_this->name)); - goto loser; - } - Pk11Install_ListIter_delete(subiter); - PR_Free(subiter); - subiter=NULL; - gotCipher = PR_TRUE; - } else if(!PORT_Strcasecmp(subpair->key, FILES_STRING)) { - if(gotFiles) { - errStr = PR_smprintf(errString[REPEAT_FILES], - Pk11Install_PlatformName_GetString(&_this->name)); - goto loser; - } - subiter = Pk11Install_ListIter_new(subpair->list); - _this->numFiles = subpair->list->numPairs; - _this->files = (Pk11Install_File*) - PR_Malloc(sizeof(Pk11Install_File)*_this->numFiles); - for(i=0; i < _this->numFiles; i++, - Pk11Install_ListIter_nextItem(subiter)) { - Pk11Install_File_init(&_this->files[i]); - val = subiter->current; - if(val && (val->type==PAIR_VALUE)) { - errStr = Pk11Install_File_Generate(&_this->files[i],val->pair); - if(errStr) { - tmp = PR_smprintf("%s: %s", - Pk11Install_PlatformName_GetString(&_this->name),errStr); - PR_smprintf_free(errStr); - errStr = tmp; - goto loser; - } - } - } - gotFiles = PR_TRUE; - } else if(!PORT_Strcasecmp(subpair->key, - EQUIVALENT_PLATFORM_STRING)) { - if(gotEquiv) { - errStr = PR_smprintf(errString[REPEAT_EQUIV], - Pk11Install_PlatformName_GetString(&_this->name)); - goto loser; - } - subiter = Pk11Install_ListIter_new(subpair->list); - subval = subiter->current; - if(!subval || (subval->type != STRING_VALUE) ) { - errStr = PR_smprintf(errString[BOGUS_EQUIV], - Pk11Install_PlatformName_GetString(&_this->name)); - goto loser; - } - errStr = Pk11Install_PlatformName_Generate(&_this->equivName, - subval->string); - if(errStr) { - tmp = PR_smprintf("%s: %s", - Pk11Install_PlatformName_GetString(&_this->name), errStr); - tmp = PR_smprintf("%s: %s", - Pk11Install_PlatformName_GetString(&_this->name), errStr); - PR_smprintf_free(errStr); - errStr = tmp; - goto loser; - } - _this->usesEquiv = PR_TRUE; - } - } - } - - /* Make sure we either have an EquivalentPlatform or all the other info */ - if(_this->usesEquiv && - (gotFiles || gotModuleFile || gotModuleName || gotMech || gotCipher)) { - errStr = PR_smprintf(errString[EQUIV_TOO_MUCH_INFO], - Pk11Install_PlatformName_GetString(&_this->name)); - goto loser; - } - if(!gotFiles && !_this->usesEquiv) { - errStr = PR_smprintf(errString[NO_FILES], - Pk11Install_PlatformName_GetString(&_this->name)); - goto loser; - } - if(!gotModuleFile && !_this->usesEquiv) { - errStr= PR_smprintf(errString[NO_MODULE_FILE], - Pk11Install_PlatformName_GetString(&_this->name)); - goto loser; - } - if(!gotModuleName && !_this->usesEquiv) { - errStr = PR_smprintf(errString[NO_MODULE_NAME], - Pk11Install_PlatformName_GetString(&_this->name)); - goto loser; - } - - /* Point the modFile pointer to the correct file */ - if(gotModuleFile) { - for(i=0; i < _this->numFiles; i++) { - if(!PORT_Strcasecmp(_this->moduleFile, _this->files[i].jarPath) ) { - _this->modFile = i; - break; - } - } - if(_this->modFile==-1) { - errStr = PR_smprintf(errString[UNKNOWN_MODULE_FILE], - _this->moduleFile, - Pk11Install_PlatformName_GetString(&_this->name)); - goto loser; - } - } - -loser: - if(iter) { - PR_Free(iter); - } - if(subiter) { - PR_Free(subiter); - } - return errStr; -} - -/* -////////////////////////////////////////////////////////////////////////// -// Method: Print -// Class: Pk11Install_Platform -*/ -void -Pk11Install_Platform_Print(Pk11Install_Platform* _this, int pad) -{ - int i; - - PAD(pad); printf("Name:\n"); - Pk11Install_PlatformName_Print(&_this->name,pad+PADINC); - PAD(pad); printf("equivName:\n"); - Pk11Install_PlatformName_Print(&_this->equivName,pad+PADINC); - PAD(pad); - if(_this->usesEquiv) { - printf("Uses equiv, which points to:\n"); - Pk11Install_Platform_Print(_this->equiv,pad+PADINC); - } else { - printf("Doesn't use equiv\n"); - } - PAD(pad); - printf("Module File: %s\n", _this->moduleFile ? _this->moduleFile - : "<NULL>"); - PAD(pad); printf("mechFlags: %lx\n", _this->mechFlags); - PAD(pad); printf("cipherFlags: %lx\n", _this->cipherFlags); - PAD(pad); printf("Files:\n"); - for(i=0; i < _this->numFiles; i++) { - Pk11Install_File_Print(&_this->files[i],pad+PADINC); - PAD(pad); printf("--------------------\n"); - } -} - -/* -////////////////////////////////////////////////////////////////////////// -// Method: Pk11Install_Info -// Class: Pk11Install_Info -*/ -Pk11Install_Info* -Pk11Install_Info_new() -{ - Pk11Install_Info* new_this; - new_this = (Pk11Install_Info*)PR_Malloc(sizeof(Pk11Install_Info)); - Pk11Install_Info_init(new_this); - return new_this; -} - -void -Pk11Install_Info_init(Pk11Install_Info* _this) -{ - _this->platforms = NULL; - _this->numPlatforms = 0; - _this->forwardCompatible = NULL; - _this->numForwardCompatible = 0; -} - -/* -////////////////////////////////////////////////////////////////////////// -// Method: ~Pk11Install_Info -// Class: Pk11Install_Info -*/ -void -Pk11Install_Info_delete(Pk11Install_Info* _this) -{ - Pk11Install_Info_Cleanup(_this); -} - -/* -////////////////////////////////////////////////////////////////////////// -// Method: Cleanup -// Class: Pk11Install_Info -*/ -void -Pk11Install_Info_Cleanup(Pk11Install_Info* _this) -{ - int i; - if(_this->platforms) { - for (i=0;i<_this->numPlatforms;i++) { - Pk11Install_Platform_delete(&_this->platforms[i]); - } - PR_Free(&_this->platforms); - _this->platforms = NULL; - _this->numPlatforms = 0; - } - - if(_this->forwardCompatible) { - for (i=0;i<_this->numForwardCompatible;i++) { - Pk11Install_PlatformName_delete(&_this->forwardCompatible[i]); - } - PR_Free(&_this->forwardCompatible); - _this->numForwardCompatible = 0; - } -} - -/* -////////////////////////////////////////////////////////////////////////// -// Method: Generate -// Class: Pk11Install_Info -// Takes: Pk11Install_ValueList *list, the top-level list -// resulting from parsing an installer file. -// Returns: char*, NULL if successful, otherwise an error string. -// Caller is responsible for freeing memory. -*/ -char* -Pk11Install_Info_Generate(Pk11Install_Info* _this, - const Pk11Install_ValueList *list) -{ - char *errStr; - Pk11Install_ListIter *iter; - Pk11Install_Value *val; - Pk11Install_Pair *pair; - Pk11Install_ListIter *subiter; - Pk11Install_Value *subval; - Pk11Install_Platform *first, *second; - int i, j; - - errStr=NULL; - iter=subiter=NULL; - Pk11Install_Info_Cleanup(_this); - - iter = Pk11Install_ListIter_new(list); - for( ; (val=iter->current); Pk11Install_ListIter_nextItem(iter)) { - if(val->type == PAIR_VALUE) { - pair = val->pair; - - if(!PORT_Strcasecmp(pair->key, FORWARD_COMPATIBLE_STRING)) { - subiter = Pk11Install_ListIter_new(pair->list); - _this->numForwardCompatible = pair->list->numStrings; - _this->forwardCompatible = (Pk11Install_PlatformName*) - PR_Malloc(sizeof(Pk11Install_PlatformName)* - _this->numForwardCompatible); - for(i=0; i < _this->numForwardCompatible; i++, - Pk11Install_ListIter_nextItem(subiter)) { - subval = subiter->current; - if(subval->type == STRING_VALUE) { - errStr = Pk11Install_PlatformName_Generate( - &_this->forwardCompatible[i], subval->string); - if(errStr) { - goto loser; - } - } - } - Pk11Install_ListIter_delete(subiter); - PR_Free(subiter); - subiter = NULL; - } else if(!PORT_Strcasecmp(pair->key, PLATFORMS_STRING)) { - subiter = Pk11Install_ListIter_new(pair->list); - _this->numPlatforms = pair->list->numPairs; - _this->platforms = (Pk11Install_Platform*) - PR_Malloc(sizeof(Pk11Install_Platform)* - _this->numPlatforms); - for(i=0; i < _this->numPlatforms; i++, - Pk11Install_ListIter_nextItem(subiter)) { - Pk11Install_Platform_init(&_this->platforms[i]); - subval = subiter->current; - if(subval->type == PAIR_VALUE) { - errStr = Pk11Install_Platform_Generate(&_this->platforms[i],subval->pair); - if(errStr) { - goto loser; - } - } - } - Pk11Install_ListIter_delete(subiter); - PR_Free(subiter); - subiter = NULL; - } - } - } - - if(_this->numPlatforms == 0) { - errStr = PR_smprintf(errString[NO_PLATFORMS]); - goto loser; - } - -/* - // - // Now process equivalent platforms - // - - // First the naive pass -*/ - for(i=0; i < _this->numPlatforms; i++) { - if(_this->platforms[i].usesEquiv) { - _this->platforms[i].equiv = NULL; - for(j=0; j < _this->numPlatforms; j++) { - if (Pk11Install_PlatformName_equal(&_this->platforms[i].equivName, - &_this->platforms[j].name)) { - if(i==j) { - errStr = PR_smprintf(errString[EQUIV_LOOP], - Pk11Install_PlatformName_GetString(&_this->platforms[i].name)); - goto loser; - } - _this->platforms[i].equiv = &_this->platforms[j]; - break; - } - } - if(_this->platforms[i].equiv == NULL) { - errStr = PR_smprintf(errString[BOGUS_EQUIV], - Pk11Install_PlatformName_GetString(&_this->platforms[i].name)); - goto loser; - } - } - } - -/* - // Now the intelligent pass, which will also detect loops. - // We will send two pointers through the linked list of equivalent - // platforms. Both start with the current node. "first" traverses - // two nodes for each iteration. "second" lags behind, only traversing - // one node per iteration. Eventually one of two things will happen: - // first will hit the end of the list (a platform that doesn't use - // an equivalency), or first will equal second if there is a loop. -*/ - for(i=0; i < _this->numPlatforms; i++) { - if(_this->platforms[i].usesEquiv) { - second = _this->platforms[i].equiv; - if(!second->usesEquiv) { - /* The first link is the terminal node */ - continue; - } - first = second->equiv; - while(first->usesEquiv) { - if(first == second) { - errStr = PR_smprintf(errString[EQUIV_LOOP], - Pk11Install_PlatformName_GetString(&_this->platforms[i].name)); - goto loser; - } - first = first->equiv; - if(!first->usesEquiv) { - break; - } - if(first == second) { - errStr = PR_smprintf(errString[EQUIV_LOOP], - Pk11Install_PlatformName_GetString(&_this->platforms[i].name)); - goto loser; - } - second = second->equiv; - first = first->equiv; - } - _this->platforms[i].equiv = first; - } - } - -loser: - if(iter) { - Pk11Install_ListIter_delete(iter); - PR_Free(iter); - iter = NULL; - } - if(subiter) { - Pk11Install_ListIter_delete(subiter); - PR_Free(subiter); - subiter = NULL; - } - return errStr; -} - -/* -////////////////////////////////////////////////////////////////////////// -// Method: GetBestPlatform -// Class: Pk11Install_Info -// Takes: char *myPlatform, the platform we are currently running -// on. -*/ -Pk11Install_Platform* -Pk11Install_Info_GetBestPlatform(Pk11Install_Info* _this, char *myPlatform) -{ - Pk11Install_PlatformName plat; - char *errStr; - int i, j; - - errStr=NULL; - - Pk11Install_PlatformName_init(&plat); - if( (errStr=Pk11Install_PlatformName_Generate(&plat, myPlatform)) ) { - PR_smprintf_free(errStr); - return NULL; - } - - /* First try real platforms */ - for(i=0; i < _this->numPlatforms; i++) { - if(Pk11Install_PlatformName_equal(&_this->platforms[i].name,&plat)) { - if(_this->platforms[i].equiv) { - return _this->platforms[i].equiv; - } - else { - return &_this->platforms[i]; - } - } - } - - /* Now try forward compatible platforms */ - for(i=0; i < _this->numForwardCompatible; i++) { - if(Pk11Install_PlatformName_lteq(&_this->forwardCompatible[i],&plat)) { - break; - } - } - if(i == _this->numForwardCompatible) { - return NULL; - } - - /* Got a forward compatible name, find the actual platform. */ - for(j=0; j < _this->numPlatforms; j++) { - if(Pk11Install_PlatformName_equal(&_this->platforms[j].name, - &_this->forwardCompatible[i])) { - if(_this->platforms[j].equiv) { - return _this->platforms[j].equiv; - } else { - return &_this->platforms[j]; - } - } - } - - return NULL; -} - -/* -////////////////////////////////////////////////////////////////////////// -// Method: Print -// Class: Pk11Install_Info -*/ -void -Pk11Install_Info_Print(Pk11Install_Info* _this, int pad) -{ - int i; - - PAD(pad); printf("Forward Compatible:\n"); - for(i = 0; i < _this->numForwardCompatible; i++) { - Pk11Install_PlatformName_Print(&_this->forwardCompatible[i],pad+PADINC); - PAD(pad); printf("-------------------\n"); - } - PAD(pad); printf("Platforms:\n"); - for( i = 0; i < _this->numPlatforms; i++) { - Pk11Install_Platform_Print(&_this->platforms[i],pad+PADINC); - PAD(pad); printf("-------------------\n"); - } -} - -/* -////////////////////////////////////////////////////////////////////////// -*/ -static char* -PR_Strdup(const char* str) -{ - char *tmp; - tmp = (char*) PR_Malloc((unsigned int)(strlen(str)+1)); - strcpy(tmp, str); - return tmp; -} - -/* The global value list, the top of the tree */ -Pk11Install_ValueList* Pk11Install_valueList=NULL; - -/****************************************************************************/ -void -Pk11Install_ValueList_AddItem(Pk11Install_ValueList* _this, - Pk11Install_Value *item) -{ - _this->numItems++; - if (item->type == STRING_VALUE) { - _this->numStrings++; - } else { - _this->numPairs++; - } - item->next = _this->head; - _this->head = item; -} - -/****************************************************************************/ -Pk11Install_ListIter* -Pk11Install_ListIter_new_default() -{ - Pk11Install_ListIter* new_this; - new_this = (Pk11Install_ListIter*) - PR_Malloc(sizeof(Pk11Install_ListIter)); - Pk11Install_ListIter_init(new_this); - return new_this; -} - -/****************************************************************************/ -void -Pk11Install_ListIter_init(Pk11Install_ListIter* _this) -{ - _this->list = NULL; - _this->current = NULL; -} - -/****************************************************************************/ -Pk11Install_ListIter* -Pk11Install_ListIter_new(const Pk11Install_ValueList *_list) -{ - Pk11Install_ListIter* new_this; - new_this = (Pk11Install_ListIter*) - PR_Malloc(sizeof(Pk11Install_ListIter)); - new_this->list = _list; - new_this->current = _list->head; - return new_this; -} - -/****************************************************************************/ -void -Pk11Install_ListIter_delete(Pk11Install_ListIter* _this) -{ - _this->list=NULL; - _this->current=NULL; -} - -/****************************************************************************/ -void -Pk11Install_ListIter_reset(Pk11Install_ListIter* _this) -{ - if(_this->list) { - _this->current = _this->list->head; - } -} - -/*************************************************************************/ -Pk11Install_Value* -Pk11Install_ListIter_nextItem(Pk11Install_ListIter* _this) -{ - if(_this->current) { - _this->current = _this->current->next; - } - - return _this->current; -} - -/****************************************************************************/ -Pk11Install_ValueList* -Pk11Install_ValueList_new() -{ - Pk11Install_ValueList* new_this; - new_this = (Pk11Install_ValueList*) - PR_Malloc(sizeof(Pk11Install_ValueList)); - new_this->numItems = 0; - new_this->numPairs = 0; - new_this->numStrings = 0; - new_this->head = NULL; - return new_this; -} - -/****************************************************************************/ -void -Pk11Install_ValueList_delete(Pk11Install_ValueList* _this) -{ - - Pk11Install_Value *tmp; - Pk11Install_Value *list; - list = _this->head; - - while(list != NULL) { - tmp = list; - list = list->next; - PR_Free(tmp); - } - PR_Free(_this); -} - -/****************************************************************************/ -Pk11Install_Value* -Pk11Install_Value_new_default() -{ - Pk11Install_Value* new_this; - new_this = (Pk11Install_Value*)PR_Malloc(sizeof(Pk11Install_Value)); - new_this->type = STRING_VALUE; - new_this->string = NULL; - new_this->pair = NULL; - new_this->next = NULL; - return new_this; -} - -/****************************************************************************/ -Pk11Install_Value* -Pk11Install_Value_new(ValueType _type, Pk11Install_Pointer ptr) -{ - Pk11Install_Value* new_this; - new_this = Pk11Install_Value_new_default(); - new_this->type = _type; - if(_type == STRING_VALUE) { - new_this->pair = NULL; - new_this->string = ptr.string; - } else { - new_this->string = NULL; - new_this->pair = ptr.pair; - } - return new_this; -} - -/****************************************************************************/ -void -Pk11Install_Value_delete(Pk11Install_Value* _this) -{ - if(_this->type == STRING_VALUE) { - PR_Free(_this->string); - } else { - PR_Free(_this->pair); - } -} - -/****************************************************************************/ -Pk11Install_Pair* -Pk11Install_Pair_new_default() -{ - return Pk11Install_Pair_new(NULL,NULL); -} - -/****************************************************************************/ -Pk11Install_Pair* -Pk11Install_Pair_new(char *_key, Pk11Install_ValueList *_list) -{ - Pk11Install_Pair* new_this; - new_this = (Pk11Install_Pair*)PR_Malloc(sizeof(Pk11Install_Pair)); - new_this->key = _key; - new_this->list = _list; - return new_this; -} - -/****************************************************************************/ -void -Pk11Install_Pair_delete(Pk11Install_Pair* _this) -{ - PR_Free(_this->key); - Pk11Install_ValueList_delete(_this->list); - PR_Free(_this->list); -} - -/*************************************************************************/ -void -Pk11Install_Pair_Print(Pk11Install_Pair* _this, int pad) -{ - while (_this) { - /*PAD(pad); printf("**Pair\n"); - PAD(pad); printf("***Key====\n");*/ - PAD(pad); printf("%s {\n", _this->key); - /*PAD(pad); printf("====\n");*/ - /*PAD(pad); printf("***ValueList\n");*/ - Pk11Install_ValueList_Print(_this->list,pad+PADINC); - PAD(pad); printf("}\n"); - } -} - -/*************************************************************************/ -void -Pk11Install_ValueList_Print(Pk11Install_ValueList* _this, int pad) -{ - Pk11Install_Value *v; - - /*PAD(pad);printf("**Value List**\n");*/ - for(v = _this->head; v != NULL; v=v->next) { - Pk11Install_Value_Print(v,pad); - } -} - -/*************************************************************************/ -void -Pk11Install_Value_Print(Pk11Install_Value* _this, int pad) -{ - /*PAD(pad); printf("**Value, type=%s\n", - type==STRING_VALUE ? "string" : "pair");*/ - if(_this->type==STRING_VALUE) { - /*PAD(pad+PADINC); printf("====\n");*/ - PAD(pad); printf("%s\n", _this->string); - /*PAD(pad+PADINC); printf("====\n");*/ - } else { - Pk11Install_Pair_Print(_this->pair,pad+PADINC); - } -} diff --git a/security/nss/cmd/modutil/install-ds.h b/security/nss/cmd/modutil/install-ds.h deleted file mode 100644 index 2311f0928..000000000 --- a/security/nss/cmd/modutil/install-ds.h +++ /dev/null @@ -1,290 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -#ifndef INSTALL_DS_H -#define INSTALL_DS_H - -#include <stdio.h> -#include <prio.h> -#include <prmem.h> - -extern PRFileDesc *Pk11Install_FD; -extern int Pk11Install_yylex(); -extern int Pk11Install_yylinenum; -extern char *Pk11Install_yyerrstr; - -typedef enum { STRING_VALUE, PAIR_VALUE } ValueType; - -typedef struct Pk11Install_Pair_str Pk11Install_Pair; -typedef union Pk11Install_Pointer_str Pk11Install_Pointer; -typedef struct Pk11Install_Value_str Pk11Install_Value; -typedef struct Pk11Install_ValueList_str Pk11Install_ValueList; -typedef struct Pk11Install_ListIter_str Pk11Install_ListIter; -typedef struct Pk11Install_File_str Pk11Install_File; -typedef struct Pk11Install_PlatformName_str Pk11Install_PlatformName; -typedef struct Pk11Install_Platform_str Pk11Install_Platform; -typedef struct Pk11Install_Info_str Pk11Install_Info; - -extern Pk11Install_Pointer Pk11Install_yylval; -extern Pk11Install_ValueList* Pk11Install_valueList; - -/* -////////////////////////////////////////////////////////////////////////// -// Pk11Install_Pair -////////////////////////////////////////////////////////////////////////// -*/ - -struct Pk11Install_Pair_str { - char * key; - Pk11Install_ValueList *list; - -}; - -Pk11Install_Pair* -Pk11Install_Pair_new_default(); -Pk11Install_Pair* -Pk11Install_Pair_new( char* _key, Pk11Install_ValueList* _list); -void -Pk11Install_Pair_delete(Pk11Install_Pair* _this); -void -Pk11Install_Pair_Print(Pk11Install_Pair* _this, int pad); - -/* -////////////////////////////////////////////////////////////////////////// -// Pk11Install_Pointer -////////////////////////////////////////////////////////////////////////// -*/ -union Pk11Install_Pointer_str { - Pk11Install_ValueList *list; - Pk11Install_Value *value; - Pk11Install_Pair *pair; - char *string; -}; - -/* -////////////////////////////////////////////////////////////////////////// -// Pk11Install_Value -////////////////////////////////////////////////////////////////////////// -*/ -struct Pk11Install_Value_str { - - ValueType type; - char *string; - Pk11Install_Pair *pair; - struct Pk11Install_Value_str *next; -}; - -Pk11Install_Value* -Pk11Install_Value_new_default(); -Pk11Install_Value* -Pk11Install_Value_new(ValueType _type, Pk11Install_Pointer ptr); -void -Pk11Install_Value_delete(Pk11Install_Value* _this); -void -Pk11Install_Value_Print(Pk11Install_Value* _this, int pad); - -/* -////////////////////////////////////////////////////////////////////////// -// Pk11Install_ValueList -////////////////////////////////////////////////////////////////////////// -*/ -struct Pk11Install_ValueList_str { - int numItems; - int numPairs; - int numStrings; - Pk11Install_Value *head; -}; - -Pk11Install_ValueList* -Pk11Install_ValueList_new(); -void -Pk11Install_ValueList_delete(Pk11Install_ValueList* _this); -void -Pk11Install_ValueList_AddItem(Pk11Install_ValueList* _this, - Pk11Install_Value* item); -void -Pk11Install_ValueList_Print(Pk11Install_ValueList* _this, int pad); - - -/* -////////////////////////////////////////////////////////////////////////// -// Pk11Install_ListIter -////////////////////////////////////////////////////////////////////////// -*/ -struct Pk11Install_ListIter_str { - const Pk11Install_ValueList *list; - Pk11Install_Value *current; -}; - -Pk11Install_ListIter* -Pk11Install_ListIter_new_default(); -void -Pk11Install_ListIter_init(Pk11Install_ListIter* _this); -Pk11Install_ListIter* -Pk11Install_ListIter_new(const Pk11Install_ValueList* _list); -void -Pk11Install_ListIter_delete(Pk11Install_ListIter* _this); -void -Pk11Install_ListIter_reset(Pk11Install_ListIter* _this); -Pk11Install_Value* -Pk11Install_ListIter_nextItem(Pk11Install_ListIter* _this); - -/************************************************************************ - * - * Pk11Install_File - */ -struct Pk11Install_File_str { - char *jarPath; - char *relativePath; - char *absolutePath; - PRBool executable; - int permissions; -}; - -Pk11Install_File* -Pk11Install_File_new(); -void -Pk11Install_File_init(Pk11Install_File* _this); -void -Pk11Install_file_delete(Pk11Install_File* _this); -/*// Parses a syntax tree to obtain all attributes. -// Returns NULL for success, error message if parse error.*/ -char* -Pk11Install_File_Generate(Pk11Install_File* _this, - const Pk11Install_Pair* pair); -void -Pk11Install_File_Print(Pk11Install_File* _this, int pad); -void -Pk11Install_File_Cleanup(Pk11Install_File* _this); - -/************************************************************************ - * - * Pk11Install_PlatformName - */ -struct Pk11Install_PlatformName_str { - char *OS; - char **verString; - int numDigits; - char *arch; -}; - -Pk11Install_PlatformName* -Pk11Install_PlatformName_new(); -void -Pk11Install_PlatformName_init(Pk11Install_PlatformName* _this); -void -Pk11Install_PlatformName_delete(Pk11Install_PlatformName* _this); -char* -Pk11Install_PlatformName_Generate(Pk11Install_PlatformName* _this, - const char* str); -char* -Pk11Install_PlatformName_GetString(Pk11Install_PlatformName* _this); -char* -Pk11Install_PlatformName_GetVerString(Pk11Install_PlatformName* _this); -void -Pk11Install_PlatformName_Print(Pk11Install_PlatformName* _this, int pad); -void -Pk11Install_PlatformName_Cleanup(Pk11Install_PlatformName* _this); -PRBool -Pk11Install_PlatformName_equal(Pk11Install_PlatformName* _this, - Pk11Install_PlatformName* cmp); -PRBool -Pk11Install_PlatformName_lteq(Pk11Install_PlatformName* _this, - Pk11Install_PlatformName* cmp); -PRBool -Pk11Install_PlatformName_lt(Pk11Install_PlatformName* _this, - Pk11Install_PlatformName* cmp); - -/************************************************************************ - * - * Pk11Install_Platform - */ -struct Pk11Install_Platform_str { - Pk11Install_PlatformName name; - Pk11Install_PlatformName equivName; - struct Pk11Install_Platform_str *equiv; - PRBool usesEquiv; - char *moduleFile; - char *moduleName; - int modFile; - unsigned long mechFlags; - unsigned long cipherFlags; - Pk11Install_File *files; - int numFiles; -}; - -Pk11Install_Platform* -Pk11Install_Platform_new(); -void -Pk11Install_Platform_init(Pk11Install_Platform* _this); -void -Pk11Install_Platform_delete(Pk11Install_Platform* _this); -/*// Returns NULL for success, error message if parse error.*/ -char* -Pk11Install_Platform_Generate(Pk11Install_Platform* _this, - const Pk11Install_Pair *pair); -void -Pk11Install_Platform_Print(Pk11Install_Platform* _this, int pad); -void -Pk11Install_Platform_Cleanup(Pk11Install_Platform* _this); - -/************************************************************************ - * - * Pk11Install_Info - */ -struct Pk11Install_Info_str { - Pk11Install_Platform *platforms; - int numPlatforms; - Pk11Install_PlatformName *forwardCompatible; - int numForwardCompatible; -}; - -Pk11Install_Info* -Pk11Install_Info_new(); -void -Pk11Install_Info_init(); -void -Pk11Install_Info_delete(Pk11Install_Info* _this); -/*// Returns NULL for success, error message if parse error.*/ -char* -Pk11Install_Info_Generate(Pk11Install_Info* _this, - const Pk11Install_ValueList *list); - /*// Returns NULL if there is no matching platform*/ -Pk11Install_Platform* -Pk11Install_Info_GetBestPlatform(Pk11Install_Info* _this, char* myPlatform); -void -Pk11Install_Info_Print(Pk11Install_Info* _this, int pad); -void -Pk11Install_Info_Cleanup(Pk11Install_Info* _this); - -#endif /* INSTALL_DS_H */ diff --git a/security/nss/cmd/modutil/install.c b/security/nss/cmd/modutil/install.c deleted file mode 100644 index c6f55be01..000000000 --- a/security/nss/cmd/modutil/install.c +++ /dev/null @@ -1,985 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -#include "install.h" -#include "install-ds.h" -#include <prlock.h> -#include <prio.h> -#include <prmem.h> -#include <prprf.h> -#include <prsystem.h> -#include <prproces.h> - -#ifdef XP_UNIX -/* for chmod */ -#include <sys/types.h> -#include <sys/stat.h> -#endif - -/*extern "C" {*/ -#include <jar.h> -/*}*/ - -extern /*"C"*/ -int Pk11Install_AddNewModule(char* moduleName, char* dllPath, - unsigned long defaultMechanismFlags, - unsigned long cipherEnableFlags); -extern /*"C"*/ -short Pk11Install_UserVerifyJar(JAR *jar, PRFileDesc *out, - PRBool query); -extern /*"C"*/ -const char* mySECU_ErrorString(int16); -extern -int Pk11Install_yyparse(); - -#define INSTALL_METAINFO_TAG "Pkcs11_install_script" -#define SCRIPT_TEMP_FILE "pkcs11inst.tmp" -#define ROOT_MARKER "%root%" -#define TEMP_MARKER "%temp%" -#define PRINTF_ROOT_MARKER "%%root%%" -#define TEMPORARY_DIRECTORY_NAME "pk11inst.dir" -#define JAR_BASE_END (JAR_BASE+100) - -static PRLock* errorHandlerLock=NULL; -static Pk11Install_ErrorHandler errorHandler=NULL; -static char* PR_Strdup(const char* str); -static int rm_dash_r (char *path); -static int make_dirs(char *path, int file_perms); -static int dir_perms(int perms); - -static Pk11Install_Error DoInstall(JAR *jar, const char *installDir, - const char* tempDir, Pk11Install_Platform *platform, - PRFileDesc *feedback, PRBool noverify); - -static char *errorString[]= { - "Operation was successful", /* PK11_INSTALL_NO_ERROR */ - "Directory \"%s\" does not exist", /* PK11_INSTALL_DIR_DOESNT_EXIST */ - "File \"%s\" does not exist", /* PK11_INSTALL_FILE_DOESNT_EXIST */ - "File \"%s\" is not readable", /* PK11_INSTALL_FILE_NOT_READABLE */ - "%s", /* PK11_INSTALL_ERROR_STRING */ - "Error in JAR file %s: %s", /* PK11_INSTALL_JAR_ERROR */ - "No Pkcs11_install_script specified in JAR metainfo file", - /* PK11_INSTALL_NO_INSTALLER_SCRIPT */ - "Could not delete temporary file \"%s\"", - /*PK11_INSTALL_DELETE_TEMP_FILE */ - "Could not open temporary file \"%s\"", /*PK11_INSTALL_OPEN_SCRIPT_FILE*/ - "%s: %s", /* PK11_INSTALL_SCRIPT_PARSE */ - "Error in script: %s", - "Unable to obtain system platform information", - "Installer script has no information about the current platform (%s)", - "Relative directory \"%s\" does not contain "PRINTF_ROOT_MARKER, - "Module File \"%s\" not found", - "Error occurred installing module \"%s\" into database", - "Error extracting \"%s\" from JAR file: %s", - "Directory \"%s\" is not writeable", - "Could not create directory \"%s\"", - "Could not remove directory \"%s\"", - "Unable to execute \"%s\"", - "Unable to wait for process \"%s\"", - "\"%s\" returned error code %d", - "User aborted operation", - "Unspecified error" -}; - -enum { - INSTALLED_FILE_MSG=0, - INSTALLED_MODULE_MSG, - INSTALLER_SCRIPT_NAME, - MY_PLATFORM_IS, - USING_PLATFORM, - PARSED_INSTALL_SCRIPT, - EXEC_FILE_MSG, - EXEC_SUCCESS, - INSTALLATION_COMPLETE_MSG, - USER_ABORT -}; - -static char *msgStrings[] = { - "Installed file %s to %s\n", - "Installed module \"%s\" into module database\n", - "Using installer script \"%s\"\n", - "Current platform is %s\n", - "Using installation parameters for platform %s\n", - "Successfully parsed installation script\n", - "Executing \"%s\"...\n", - "\"%s\" executed successfully\n", - "\nInstallation completed successfully\n", - "\nAborting...\n" -}; - -/************************************************************************** - * S t r i n g N o d e - */ -typedef struct StringNode_str { - char *str; - struct StringNode_str* next; -} StringNode; - -StringNode* StringNode_new() -{ - StringNode* new_this; - new_this = (StringNode*)malloc(sizeof(StringNode)); - new_this->str=NULL; - new_this->next=NULL; - return new_this; -} - -void StringNode_delete(StringNode* s) -{ - if(s->str) { - PR_Free(s->str); - s->str=NULL; - } -} - -/************************************************************************* - * S t r i n g L i s t - */ -typedef struct StringList_str { - StringNode* head; - StringNode* tail; -} StringList; - -void StringList_new(StringList* list) -{ - list->head=NULL; - list->tail=NULL; -} - -void StringList_delete(StringList* list) -{ - StringNode *tmp; - while(list->head) { - tmp = list->head; - list->head = list->head->next; - StringNode_delete(tmp); - } -} - -void -StringList_Append(StringList* list, char* str) -{ - if(!str) { - return; - } - - if(!list->tail) { - /* This is the first element */ - list->head = list->tail = StringNode_new(); - } else { - list->tail->next = StringNode_new(); - list->tail = list->tail->next; - } - - list->tail->str = PR_Strdup(str); - list->tail->next = NULL; /* just to be sure */ -} - -/************************************************************************** - * - * P k 1 1 I n s t a l l _ S e t E r r o r H a n d l e r - * - * Sets the error handler to be used by the library. Returns the current - * error handler function. - */ -Pk11Install_ErrorHandler -Pk11Install_SetErrorHandler(Pk11Install_ErrorHandler handler) -{ - Pk11Install_ErrorHandler old; - - if(!errorHandlerLock) { - errorHandlerLock = PR_NewLock(); - } - - PR_Lock(errorHandlerLock); - - old = errorHandler; - errorHandler = handler; - - PR_Unlock(errorHandlerLock); - - return old; -} - -/************************************************************************** - * - * P k 1 1 I n s t a l l _ I n i t - * - * Does initialization that otherwise would be done on the fly. Only - * needs to be called by multithreaded apps, before they make any calls - * to this library. - */ -void -Pk11Install_Init() -{ - if(!errorHandlerLock) { - errorHandlerLock = PR_NewLock(); - } -} - -/************************************************************************** - * - * P k 1 1 I n s t a l l _ R e l e a s e - * - * Releases static data structures used by the library. Don't use the - * library after calling this, unless you call Pk11Install_Init() - * first. This function doesn't have to be called at all unless you're - * really anal about freeing memory before your program exits. - */ -void -Pk11Install_Release() -{ - if(errorHandlerLock) { - PR_Free(errorHandlerLock); - errorHandlerLock = NULL; - } -} - -/************************************************************************* - * - * e r r o r - * - * Takes an error code and its arguments, creates the error string, - * and sends the string to the handler function if it exists. - */ - -#ifdef OSF1 -/* stdarg has already been pulled in from NSPR */ -#undef va_start -#undef va_end -#undef va_arg -#include <varargs.h> -#else -#include <stdarg.h> -#endif - -#ifdef OSF1 -static void -error(long va_alist, ...) -#else -static void -error(Pk11Install_Error errcode, ...) -#endif -{ - - va_list ap; - char *errstr; - Pk11Install_ErrorHandler handler; - - if(!errorHandlerLock) { - errorHandlerLock = PR_NewLock(); - } - - PR_Lock(errorHandlerLock); - - handler = errorHandler; - - PR_Unlock(errorHandlerLock); - - if(handler) { -#ifdef OSF1 - va_start(ap); - errstr = PR_vsmprintf(errorString[va_arg(ap, Pk11Install_Error)], ap); -#else - va_start(ap, errcode); - errstr = PR_vsmprintf(errorString[errcode], ap); -#endif - handler(errstr); - PR_smprintf_free(errstr); - va_end(ap); - } -} - -/************************************************************************* - * - * j a r _ c a l l b a c k - */ -static int -jar_callback(int status, JAR *foo, const char *bar, char *pathname, - char *errortext) { - char *string; - - string = PR_smprintf("JAR error %d: %s in file %s\n", status, errortext, - pathname); - error(PK11_INSTALL_ERROR_STRING, string); - PR_smprintf_free(string); - return 0; -} - -/************************************************************************* - * - * P k 1 1 I n s t a l l _ D o I n s t a l l - * - * jarFile is the path of a JAR in the PKCS #11 module JAR format. - * installDir is the directory relative to which files will be - * installed. - */ -Pk11Install_Error -Pk11Install_DoInstall(char *jarFile, const char *installDir, - const char *tempDir, PRFileDesc *feedback, short force, PRBool noverify) -{ - JAR *jar; - char *installer; - unsigned long installer_len; - int status; - Pk11Install_Error ret; - PRBool made_temp_file; - Pk11Install_Info installInfo; - Pk11Install_Platform *platform; - char* errMsg; - char sysname[SYS_INFO_BUFFER_LENGTH], release[SYS_INFO_BUFFER_LENGTH], - arch[SYS_INFO_BUFFER_LENGTH]; - char *myPlatform; - - jar=NULL; - ret = PK11_INSTALL_UNSPECIFIED; - made_temp_file=PR_FALSE; - errMsg=NULL; - Pk11Install_Info_init(&installInfo); - - /* - printf("Inside DoInstall, jarFile=%s, installDir=%s, tempDir=%s\n", - jarFile, installDir, tempDir); - */ - - /* - * Check out jarFile and installDir for validity - */ - if( PR_Access(installDir, PR_ACCESS_EXISTS) != PR_SUCCESS ) { - error(PK11_INSTALL_DIR_DOESNT_EXIST, installDir); - return PK11_INSTALL_DIR_DOESNT_EXIST; - } - if(!tempDir) { - tempDir = "."; - } - if( PR_Access(tempDir, PR_ACCESS_EXISTS) != PR_SUCCESS ) { - error(PK11_INSTALL_DIR_DOESNT_EXIST, tempDir); - return PK11_INSTALL_DIR_DOESNT_EXIST; - } - if( PR_Access(tempDir, PR_ACCESS_WRITE_OK) != PR_SUCCESS ) { - error(PK11_INSTALL_DIR_NOT_WRITEABLE, tempDir); - return PK11_INSTALL_DIR_NOT_WRITEABLE; - } - if( (PR_Access(jarFile, PR_ACCESS_EXISTS) != PR_SUCCESS) ) { - error(PK11_INSTALL_FILE_DOESNT_EXIST, jarFile); - return PK11_INSTALL_FILE_DOESNT_EXIST; - } - if( PR_Access(jarFile, PR_ACCESS_READ_OK) != PR_SUCCESS ) { - error(PK11_INSTALL_FILE_NOT_READABLE, jarFile); - return PK11_INSTALL_FILE_NOT_READABLE; - } - - /* - * Extract the JAR file - */ - jar = JAR_new(); - JAR_set_callback(JAR_CB_SIGNAL, jar, jar_callback); - - if(noverify) { - status = JAR_pass_archive_unverified(jar, jarArchGuess, jarFile, "url"); - } else { - status = JAR_pass_archive(jar, jarArchGuess, jarFile, "url"); - } - if( (status < 0) || (jar->valid < 0) ) { - if (status >= JAR_BASE && status <= JAR_BASE_END) { - error(PK11_INSTALL_JAR_ERROR, jarFile, JAR_get_error(status)); - } else { - error(PK11_INSTALL_JAR_ERROR, jarFile, - mySECU_ErrorString((int16) PORT_GetError()) ); - } - ret=PK11_INSTALL_JAR_ERROR; - goto loser; - } - /*printf("passed the archive\n");*/ - - /* - * Show the user security information, allow them to abort or continue - */ - if( Pk11Install_UserVerifyJar(jar, PR_STDOUT, - force?PR_FALSE:PR_TRUE) && !force) { - if(feedback) { - PR_fprintf(feedback, msgStrings[USER_ABORT]); - } - ret=PK11_INSTALL_USER_ABORT; - goto loser; - } - - /* - * Get the name of the installation file - */ - if( JAR_get_metainfo(jar, NULL, INSTALL_METAINFO_TAG, (void**)&installer, - (unsigned long*)&installer_len) ) { - error(PK11_INSTALL_NO_INSTALLER_SCRIPT); - ret=PK11_INSTALL_NO_INSTALLER_SCRIPT; - goto loser; - } - if(feedback) { - PR_fprintf(feedback, msgStrings[INSTALLER_SCRIPT_NAME], installer); - } - - /* - * Extract the installation file - */ - if( PR_Access(SCRIPT_TEMP_FILE, PR_ACCESS_EXISTS) == PR_SUCCESS) { - if( PR_Delete(SCRIPT_TEMP_FILE) != PR_SUCCESS) { - error(PK11_INSTALL_DELETE_TEMP_FILE, SCRIPT_TEMP_FILE); - ret=PK11_INSTALL_DELETE_TEMP_FILE; - goto loser; - } - } - if(noverify) { - status = JAR_extract(jar, installer, SCRIPT_TEMP_FILE); - } else { - status = JAR_verified_extract(jar, installer, SCRIPT_TEMP_FILE); - } - if(status) { - if (status >= JAR_BASE && status <= JAR_BASE_END) { - error(PK11_INSTALL_JAR_EXTRACT, installer, JAR_get_error(status)); - } else { - error(PK11_INSTALL_JAR_EXTRACT, installer, - mySECU_ErrorString((int16) PORT_GetError()) ); - } - ret = PK11_INSTALL_JAR_EXTRACT; - goto loser; - } else { - made_temp_file = PR_TRUE; - } - - /* - * Parse the installation file into a syntax tree - */ - Pk11Install_FD = PR_Open(SCRIPT_TEMP_FILE, PR_RDONLY, 0); - if(!Pk11Install_FD) { - error(PK11_INSTALL_OPEN_SCRIPT_FILE, SCRIPT_TEMP_FILE); - ret=PK11_INSTALL_OPEN_SCRIPT_FILE; - goto loser; - } - if(Pk11Install_yyparse()) { - error(PK11_INSTALL_SCRIPT_PARSE, installer, - Pk11Install_yyerrstr ? Pk11Install_yyerrstr : ""); - ret=PK11_INSTALL_SCRIPT_PARSE; - goto loser; - } - -#if 0 - /* for debugging */ - Pk11Install_valueList->Print(0); -#endif - - /* - * From the syntax tree, build a semantic structure - */ - errMsg = Pk11Install_Info_Generate(&installInfo,Pk11Install_valueList); - if(errMsg) { - error(PK11_INSTALL_SEMANTIC, errMsg); - ret=PK11_INSTALL_SEMANTIC; - goto loser; - } -#if 0 - installInfo.Print(0); -#endif - - if(feedback) { - PR_fprintf(feedback, msgStrings[PARSED_INSTALL_SCRIPT]); - } - - /* - * Figure out which platform to use - */ - { - sysname[0] = release[0] = arch[0] = '\0'; - - if( (PR_GetSystemInfo(PR_SI_SYSNAME, sysname, SYS_INFO_BUFFER_LENGTH) - != PR_SUCCESS) || - (PR_GetSystemInfo(PR_SI_RELEASE, release, SYS_INFO_BUFFER_LENGTH) - != PR_SUCCESS) || - (PR_GetSystemInfo(PR_SI_ARCHITECTURE, arch, SYS_INFO_BUFFER_LENGTH) - != PR_SUCCESS) ) { - error(PK11_INSTALL_SYSINFO); - ret=PK11_INSTALL_SYSINFO; - goto loser; - } - myPlatform = PR_smprintf("%s:%s:%s", sysname, release, arch); - platform = Pk11Install_Info_GetBestPlatform(&installInfo,myPlatform); - if(!platform) { - error(PK11_INSTALL_NO_PLATFORM, myPlatform); - PR_smprintf_free(myPlatform); - ret=PK11_INSTALL_NO_PLATFORM; - goto loser; - } - if(feedback) { - PR_fprintf(feedback, msgStrings[MY_PLATFORM_IS], myPlatform); - PR_fprintf(feedback, msgStrings[USING_PLATFORM], - Pk11Install_PlatformName_GetString(&platform->name)); - } - PR_smprintf_free(myPlatform); - } - - /* Run the install for that platform */ - ret = DoInstall(jar, installDir, tempDir, platform, feedback, noverify); - if(ret) { - goto loser; - } - - ret = PK11_INSTALL_SUCCESS; -loser: - if(Pk11Install_valueList) { - Pk11Install_ValueList_delete(Pk11Install_valueList); - PR_Free(Pk11Install_valueList); - Pk11Install_valueList = NULL; - } - if(jar) { - JAR_destroy(jar); - } - if(made_temp_file) { - PR_Delete(SCRIPT_TEMP_FILE); - } - if(errMsg) { - PR_smprintf_free(errMsg); - } - return ret; -} - -/* -///////////////////////////////////////////////////////////////////////// -// actually run the installation, copying files to and fro -*/ -static Pk11Install_Error -DoInstall(JAR *jar, const char *installDir, const char *tempDir, - Pk11Install_Platform *platform, PRFileDesc *feedback, PRBool noverify) -{ - Pk11Install_File *file; - Pk11Install_Error ret; - char *reldir; - char *dest; - char *modDest; - char *cp; - int i; - int status; - char *tempname, *temp; - StringList executables; - StringNode *execNode; - PRProcessAttr *attr; - PRProcess *proc; - char *argv[2]; - char *envp[1]; - int errcode; - - ret=PK11_INSTALL_UNSPECIFIED; - reldir=NULL; - dest=NULL; - modDest=NULL; - tempname=NULL; - - StringList_new(&executables); - /* - // Create Temporary directory - */ - tempname = PR_smprintf("%s/%s", tempDir, TEMPORARY_DIRECTORY_NAME); - if( PR_Access(tempname, PR_ACCESS_EXISTS)==PR_SUCCESS ) { - /* Left over from previous run? Delete it. */ - rm_dash_r(tempname); - } - if(PR_MkDir(tempname, 0700) != PR_SUCCESS) { - error(PK11_INSTALL_CREATE_DIR, tempname); - ret = PK11_INSTALL_CREATE_DIR; - goto loser; - } - - /* - // Install all the files - */ - for(i=0; i < platform->numFiles; i++) { - file = &platform->files[i]; - - if(file->relativePath) { - PRBool foundMarker = PR_FALSE; - reldir = PR_Strdup(file->relativePath); - - /* Replace all the markers with the directories for which they stand */ - while(1) { - if( (cp=PL_strcasestr(reldir, ROOT_MARKER)) ) { - /* Has a %root% marker */ - *cp = '\0'; - temp = PR_smprintf("%s%s%s", reldir, installDir, - cp+strlen(ROOT_MARKER)); - PR_Free(reldir); - reldir = temp; - foundMarker = PR_TRUE; - } else if( (cp = PL_strcasestr(reldir, TEMP_MARKER)) ) { - /* Has a %temp% marker */ - *cp = '\0'; - temp = PR_smprintf("%s%s%s", reldir, tempname, - cp+strlen(TEMP_MARKER)); - PR_Free(reldir); - reldir = temp; - foundMarker = PR_TRUE; - } else { - break; - } - } - if(!foundMarker) { - /* Has no markers...this isn't really a relative directory */ - error(PK11_INSTALL_BOGUS_REL_DIR, file->relativePath); - ret = PK11_INSTALL_BOGUS_REL_DIR; - goto loser; - } - dest = reldir; - reldir = NULL; - } else if(file->absolutePath) { - dest = PR_Strdup(file->absolutePath); - } - - /* Remember if this is the module file, we'll need to add it later */ - if(i == platform->modFile) { - modDest = PR_Strdup(dest); - } - - /* Remember is this is an executable, we'll need to run it later */ - if(file->executable) { - StringList_Append(&executables,dest); - /*executables.Append(dest);*/ - } - - /* Make sure the directory we are targetting exists */ - if( make_dirs(dest, file->permissions) ) { - ret=PK11_INSTALL_CREATE_DIR; - goto loser; - } - - /* Actually extract the file onto the filesystem */ - if(noverify) { - status = JAR_extract(jar, (char*)file->jarPath, dest); - } else { - status = JAR_verified_extract(jar, (char*)file->jarPath, dest); - } - if(status) { - if (status >= JAR_BASE && status <= JAR_BASE_END) { - error(PK11_INSTALL_JAR_EXTRACT, file->jarPath, - JAR_get_error(status)); - } else { - error(PK11_INSTALL_JAR_EXTRACT, file->jarPath, - mySECU_ErrorString((int16) PORT_GetError()) ); - } - ret=PK11_INSTALL_JAR_EXTRACT; - goto loser; - } - if(feedback) { - PR_fprintf(feedback, msgStrings[INSTALLED_FILE_MSG], - file->jarPath, dest); - } - - /* no NSPR command to change permissions? */ -#ifdef XP_UNIX - chmod(dest, file->permissions); -#endif - - /* Memory clean-up tasks */ - if(reldir) { - PR_Free(reldir); - reldir = NULL; - } - if(dest) { - PR_Free(dest); - dest = NULL; - } - } - /* Make sure we found the module file */ - if(!modDest) { - /* Internal problem here, since every platform is supposed to have - a module file */ - error(PK11_INSTALL_NO_MOD_FILE, platform->moduleName); - ret=PK11_INSTALL_NO_MOD_FILE; - goto loser; - } - - /* - // Execute any executable files - */ - { - argv[1] = NULL; - envp[0] = NULL; - for(execNode = executables.head; execNode; execNode = execNode->next) { - attr = PR_NewProcessAttr(); - argv[0] = PR_Strdup(execNode->str); - - /* Announce our intentions */ - if(feedback) { - PR_fprintf(feedback, msgStrings[EXEC_FILE_MSG], execNode->str); - } - - /* start the process */ - if( !(proc=PR_CreateProcess(execNode->str, argv, envp, attr)) ) { - PR_Free(argv[0]); - PR_DestroyProcessAttr(attr); - error(PK11_INSTALL_EXEC_FILE, execNode->str); - ret=PK11_INSTALL_EXEC_FILE; - goto loser; - } - - /* wait for it to finish */ - if( PR_WaitProcess(proc, &errcode) != PR_SUCCESS) { - PR_Free(argv[0]); - PR_DestroyProcessAttr(attr); - error(PK11_INSTALL_WAIT_PROCESS, execNode->str); - ret=PK11_INSTALL_WAIT_PROCESS; - goto loser; - } - - /* What happened? */ - if(errcode) { - /* process returned an error */ - error(PK11_INSTALL_PROC_ERROR, execNode->str, errcode); - } else if(feedback) { - /* process ran successfully */ - PR_fprintf(feedback, msgStrings[EXEC_SUCCESS], execNode->str); - } - - PR_Free(argv[0]); - PR_DestroyProcessAttr(attr); - } - } - - /* - // Add the module - */ - status = Pk11Install_AddNewModule((char*)platform->moduleName, - (char*)modDest, platform->mechFlags, platform->cipherFlags ); - - if(status != SECSuccess) { - error(PK11_INSTALL_ADD_MODULE, platform->moduleName); - ret=PK11_INSTALL_ADD_MODULE; - goto loser; - } - if(feedback) { - PR_fprintf(feedback, msgStrings[INSTALLED_MODULE_MSG], - platform->moduleName); - } - - if(feedback) { - PR_fprintf(feedback, msgStrings[INSTALLATION_COMPLETE_MSG]); - } - - ret = PK11_INSTALL_SUCCESS; - -loser: - if(reldir) { - PR_Free(reldir); - } - if(dest) { - PR_Free(dest); - } - if(modDest) { - PR_Free(modDest); - } - if(tempname) { - PRFileInfo info; - if(PR_GetFileInfo(tempname, &info) == PR_SUCCESS) { - if((info.type == PR_FILE_DIRECTORY)) { - /* Recursively remove temporary directory */ - if(rm_dash_r(tempname)) { - error(PK11_INSTALL_REMOVE_DIR, - tempname); - ret=PK11_INSTALL_REMOVE_DIR; - } - - } - } - PR_Free(tempname); - } - StringList_delete(&executables); - return ret; -} - -/* -////////////////////////////////////////////////////////////////////////// -*/ -static char* -PR_Strdup(const char* str) -{ - char *tmp = (char*) PR_Malloc(strlen(str)+1); - strcpy(tmp, str); - return tmp; -} - -/* - * r m _ d a s h _ r - * - * Remove a file, or a directory recursively. - * - */ -static int -rm_dash_r (char *path) -{ - PRDir *dir; - PRDirEntry *entry; - PRFileInfo fileinfo; - char filename[240]; - - if(PR_GetFileInfo(path, &fileinfo) != PR_SUCCESS) { - /*fprintf(stderr, "Error: Unable to access %s\n", filename);*/ - return -1; - } - if(fileinfo.type == PR_FILE_DIRECTORY) { - - dir = PR_OpenDir(path); - if(!dir) { - return -1; - } - - /* Recursively delete all entries in the directory */ - while((entry = PR_ReadDir(dir, PR_SKIP_BOTH)) != NULL) { - sprintf(filename, "%s/%s", path, entry->name); - if(rm_dash_r(filename)) return -1; - } - - if(PR_CloseDir(dir) != PR_SUCCESS) { - return -1; - } - - /* Delete the directory itself */ - if(PR_RmDir(path) != PR_SUCCESS) { - return -1; - } - } else { - if(PR_Delete(path) != PR_SUCCESS) { - return -1; - } - } - return 0; -} - -/*************************************************************************** - * - * m a k e _ d i r s - * - * Ensure that the directory portion of the path exists. This may require - * making the directory, and its parent, and its parent's parent, etc. - */ -static int -make_dirs(char *path, int file_perms) -{ - char *Path; - char *start; - char *sep; - int ret = 0; - PRFileInfo info; - - if(!path) { - return 0; - } - - Path = PR_Strdup(path); - start = strpbrk(Path, "/\\"); - if(!start) { - return 0; - } - start++; /* start right after first slash */ - - /* Each time through the loop add one more directory. */ - while( (sep=strpbrk(start, "/\\")) ) { - *sep = '\0'; - - if( PR_GetFileInfo(Path, &info) != PR_SUCCESS) { - /* No such dir, we have to create it */ - if( PR_MkDir(Path, dir_perms(file_perms)) != PR_SUCCESS) { - error(PK11_INSTALL_CREATE_DIR, Path); - ret = PK11_INSTALL_CREATE_DIR; - goto loser; - } - } else { - /* something exists by this name, make sure it's a directory */ - if( info.type != PR_FILE_DIRECTORY ) { - error(PK11_INSTALL_CREATE_DIR, Path); - ret = PK11_INSTALL_CREATE_DIR; - goto loser; - } - } - - /* If this is the lowest directory level, make sure it is writeable */ - if(!strpbrk(sep+1, "/\\")) { - if( PR_Access(Path, PR_ACCESS_WRITE_OK)!=PR_SUCCESS) { - error(PK11_INSTALL_DIR_NOT_WRITEABLE, Path); - ret = PK11_INSTALL_DIR_NOT_WRITEABLE; - goto loser; - } - } - - start = sep+1; /* start after the next slash */ - *sep = '/'; - } - -loser: - PR_Free(Path); - return ret; -} - -/************************************************************************* - * d i r _ p e r m s - * - * Guesses the desired permissions on a directory based on the permissions - * of a file that will be stored in it. Give read, write, and - * execute to the owner (so we can create the file), read and - * execute to anyone who has read permissions on the file, and write - * to anyone who has write permissions on the file. - */ -static int -dir_perms(int perms) -{ - int ret = 0; - - /* owner */ - ret |= 0700; - - /* group */ - if(perms & 0040) { - /* read on the file -> read and execute on the directory */ - ret |= 0050; - } - if(perms & 0020) { - /* write on the file -> write on the directory */ - ret |= 0020; - } - - /* others */ - if(perms & 0004) { - /* read on the file -> read and execute on the directory */ - ret |= 0005; - } - if(perms & 0002) { - /* write on the file -> write on the directory */ - ret |= 0002; - } - - return ret; -} diff --git a/security/nss/cmd/modutil/install.h b/security/nss/cmd/modutil/install.h deleted file mode 100644 index 3874ed77e..000000000 --- a/security/nss/cmd/modutil/install.h +++ /dev/null @@ -1,130 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -#ifndef PK11INSTALL_H -#define PK11INSTALL_H - -#include <prio.h> - -#ifdef __cplusplus -extern "C" { -#endif - -typedef void (*Pk11Install_ErrorHandler)(char *); - -typedef enum { - PK11_INSTALL_NO_ERROR=0, - PK11_INSTALL_DIR_DOESNT_EXIST, - PK11_INSTALL_FILE_DOESNT_EXIST, - PK11_INSTALL_FILE_NOT_READABLE, - PK11_INSTALL_ERROR_STRING, - PK11_INSTALL_JAR_ERROR, - PK11_INSTALL_NO_INSTALLER_SCRIPT, - PK11_INSTALL_DELETE_TEMP_FILE, - PK11_INSTALL_OPEN_SCRIPT_FILE, - PK11_INSTALL_SCRIPT_PARSE, - PK11_INSTALL_SEMANTIC, - PK11_INSTALL_SYSINFO, - PK11_INSTALL_NO_PLATFORM, - PK11_INSTALL_BOGUS_REL_DIR, - PK11_INSTALL_NO_MOD_FILE, - PK11_INSTALL_ADD_MODULE, - PK11_INSTALL_JAR_EXTRACT, - PK11_INSTALL_DIR_NOT_WRITEABLE, - PK11_INSTALL_CREATE_DIR, - PK11_INSTALL_REMOVE_DIR, - PK11_INSTALL_EXEC_FILE, - PK11_INSTALL_WAIT_PROCESS, - PK11_INSTALL_PROC_ERROR, - PK11_INSTALL_USER_ABORT, - PK11_INSTALL_UNSPECIFIED -} Pk11Install_Error; -#define PK11_INSTALL_SUCCESS PK11_INSTALL_NO_ERROR - -/************************************************************************** - * - * P k 1 1 I n s t a l l _ I n i t - * - * Does initialization that otherwise would be done on the fly. Only - * needs to be called by multithreaded apps, before they make any calls - * to this library. - */ -void -Pk11Install_Init(); - -/************************************************************************** - * - * P k 1 1 I n s t a l l _ S e t E r r o r H a n d l e r - * - * Sets the error handler to be used by the library. Returns the current - * error handler function. - */ -Pk11Install_ErrorHandler -Pk11Install_SetErrorHandler(Pk11Install_ErrorHandler handler); - - -/************************************************************************** - * - * P k 1 1 I n s t a l l _ R e l e a s e - * - * Releases static data structures used by the library. Don't use the - * library after calling this, unless you call Pk11Install_Init() - * first. This function doesn't have to be called at all unless you're - * really anal about freeing memory before your program exits. - */ -void -Pk11Install_Release(); - -/************************************************************************* - * - * P k 1 1 I n s t a l l _ D o I n s t a l l - * - * jarFile is the path of a JAR in the PKCS #11 module JAR format. - * installDir is the directory relative to which files will be - * installed. - * feedback is a file descriptor to which to write informative (not error) - * status messages: what files are being installed, what modules are being - * installed. If feedback==NULL, no messages will be displayed. - * If force != 0, interactive prompts will be suppressed. - * If noverify == PR_TRUE, signatures won't be checked on the JAR file. - */ -Pk11Install_Error -Pk11Install_DoInstall(char *jarFile, const char *installDir, - const char *tempDir, PRFileDesc *feedback, short force, - PRBool noverify); - -#ifdef __cplusplus -} -#endif - -#endif /*PK11INSTALL_H*/ diff --git a/security/nss/cmd/modutil/installparse.c b/security/nss/cmd/modutil/installparse.c deleted file mode 100644 index 16f81b6eb..000000000 --- a/security/nss/cmd/modutil/installparse.c +++ /dev/null @@ -1,429 +0,0 @@ -#ifndef lint -char yysccsid[] = "@(#)yaccpar 1.4 (Berkeley) 02/25/90"; -#endif -#line 37 "installparse.y" - -#define yyparse Pk11Install_yyparse -#define yylex Pk11Install_yylex -#define yyerror Pk11Install_yyerror -#define yychar Pk11Install_yychar -#define yyval Pk11Install_yyval -#define yylval Pk11Install_yylval -#define yydebug Pk11Install_yydebug -#define yynerrs Pk11Install_yynerrs -#define yyerrflag Pk11Install_yyerrflag -#define yyss Pk11Install_yyss -#define yyssp Pk11Install_yyssp -#define yyvs Pk11Install_yyvs -#define yyvsp Pk11Install_yyvsp -#define yylhs Pk11Install_yylhs -#define yylen Pk11Install_yylen -#define yydefred Pk11Install_yydefred -#define yydgoto Pk11Install_yydgoto -#define yysindex Pk11Install_yysindex -#define yyrindex Pk11Install_yyrindex -#define yygindex Pk11Install_yygindex -#define yytable Pk11Install_yytable -#define yycheck Pk11Install_yycheck -#define yyname Pk11Install_yyname -#define yyrule Pk11Install_yyrule - -/* C Stuff */ -#include "install-ds.h" -#include <prprf.h> - -#define YYSTYPE Pk11Install_Pointer -extern char *Pk11Install_yytext; -char *Pk11Install_yyerrstr=NULL; - -#line 40 "ytab.c" -#define OPENBRACE 257 -#define CLOSEBRACE 258 -#define STRING 259 -#define YYERRCODE 256 -short yylhs[] = { -1, - 0, 1, 1, 2, 2, 3, 4, -}; -short yylen[] = { 2, - 1, 2, 0, 1, 1, 4, 1, -}; -short yydefred[] = { 0, - 0, 0, 1, 0, 4, 0, 2, 0, 0, 6, -}; -short yydgoto[] = { 2, - 3, 4, 5, 6, -}; -short yysindex[] = { -257, - 0, 0, 0, -257, 0, -252, 0, -257, -251, 0, -}; -short yyrindex[] = { 6, - 1, 0, 0, 3, 0, 0, 0, -250, 0, 0, -}; -short yygindex[] = { 0, - -4, 0, 0, 0, -}; -#define YYTABLESIZE 261 -short yytable[] = { 7, - 5, 1, 3, 9, 8, 3, 10, 3, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 7, 5, 5, - 3, -}; -short yycheck[] = { 4, - 0, 259, 0, 8, 257, 0, 258, 258, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 257, 258, 259, - 258, -}; -#define YYFINAL 2 -#ifndef YYDEBUG -#define YYDEBUG 0 -#endif -#define YYMAXTOKEN 259 -#if YYDEBUG -char *yyname[] = { -"end-of-file",0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, -0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, -0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, -0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, -0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, -0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, -0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,"OPENBRACE","CLOSEBRACE","STRING", -}; -char *yyrule[] = { -"$accept : toplist", -"toplist : valuelist", -"valuelist : value valuelist", -"valuelist :", -"value : key_value_pair", -"value : STRING", -"key_value_pair : key OPENBRACE valuelist CLOSEBRACE", -"key : STRING", -}; -#endif -#ifndef YYSTYPE -typedef int YYSTYPE; -#endif -#define yyclearin (yychar=(-1)) -#define yyerrok (yyerrflag=0) -#ifndef YYSTACKSIZE -#ifdef YYMAXDEPTH -#define YYSTACKSIZE YYMAXDEPTH -#else -#define YYSTACKSIZE 300 -#endif -#endif -int yydebug; -int yynerrs; -int yyerrflag; -int yychar; -short *yyssp; -YYSTYPE *yyvsp; -YYSTYPE yyval; -YYSTYPE yylval; -#define yystacksize YYSTACKSIZE -short yyss[YYSTACKSIZE]; -YYSTYPE yyvs[YYSTACKSIZE]; -#line 118 "installparse.y" -/*----------------------- Program Section --------------------------------*/ - -/*************************************************************************/ -void -Pk11Install_yyerror(char *message) -{ - char *tmp; - if(Pk11Install_yyerrstr) { - tmp=PR_smprintf("%sline %d: %s\n", Pk11Install_yyerrstr, - Pk11Install_yylinenum, message); - PR_smprintf_free(Pk11Install_yyerrstr); - } else { - tmp = PR_smprintf("line %d: %s\n", Pk11Install_yylinenum, message); - } - Pk11Install_yyerrstr=tmp; -} -#line 191 "ytab.c" -#define YYABORT goto yyabort -#define YYACCEPT goto yyaccept -#define YYERROR goto yyerrlab -int -yyparse() -{ - register int yym, yyn, yystate; -#if YYDEBUG - register char *yys; - extern char *getenv(); - - if (yys = getenv("YYDEBUG")) - { - yyn = *yys; - if (yyn >= '0' && yyn <= '9') - yydebug = yyn - '0'; - } -#endif - - yynerrs = 0; - yyerrflag = 0; - yychar = (-1); - - yyssp = yyss; - yyvsp = yyvs; - *yyssp = yystate = 0; - -yyloop: - if (yyn = yydefred[yystate]) goto yyreduce; - if (yychar < 0) - { - if ((yychar = yylex()) < 0) yychar = 0; -#if YYDEBUG - if (yydebug) - { - yys = 0; - if (yychar <= YYMAXTOKEN) yys = yyname[yychar]; - if (!yys) yys = "illegal-symbol"; - printf("yydebug: state %d, reading %d (%s)\n", yystate, - yychar, yys); - } -#endif - } - if ((yyn = yysindex[yystate]) && (yyn += yychar) >= 0 && - yyn <= YYTABLESIZE && yycheck[yyn] == yychar) - { -#if YYDEBUG - if (yydebug) - printf("yydebug: state %d, shifting to state %d\n", - yystate, yytable[yyn]); -#endif - if (yyssp >= yyss + yystacksize - 1) - { - goto yyoverflow; - } - *++yyssp = yystate = yytable[yyn]; - *++yyvsp = yylval; - yychar = (-1); - if (yyerrflag > 0) --yyerrflag; - goto yyloop; - } - if ((yyn = yyrindex[yystate]) && (yyn += yychar) >= 0 && - yyn <= YYTABLESIZE && yycheck[yyn] == yychar) - { - yyn = yytable[yyn]; - goto yyreduce; - } - if (yyerrflag) goto yyinrecovery; -#ifdef lint - goto yynewerror; -#endif -yynewerror: - yyerror("syntax error"); -#ifdef lint - goto yyerrlab; -#endif -yyerrlab: - ++yynerrs; -yyinrecovery: - if (yyerrflag < 3) - { - yyerrflag = 3; - for (;;) - { - if ((yyn = yysindex[*yyssp]) && (yyn += YYERRCODE) >= 0 && - yyn <= YYTABLESIZE && yycheck[yyn] == YYERRCODE) - { -#if YYDEBUG - if (yydebug) - printf("yydebug: state %d, error recovery shifting\ - to state %d\n", *yyssp, yytable[yyn]); -#endif - if (yyssp >= yyss + yystacksize - 1) - { - goto yyoverflow; - } - *++yyssp = yystate = yytable[yyn]; - *++yyvsp = yylval; - goto yyloop; - } - else - { -#if YYDEBUG - if (yydebug) - printf("yydebug: error recovery discarding state %d\n", - *yyssp); -#endif - if (yyssp <= yyss) goto yyabort; - --yyssp; - --yyvsp; - } - } - } - else - { - if (yychar == 0) goto yyabort; -#if YYDEBUG - if (yydebug) - { - yys = 0; - if (yychar <= YYMAXTOKEN) yys = yyname[yychar]; - if (!yys) yys = "illegal-symbol"; - printf("yydebug: state %d, error recovery discards token %d (%s)\n", - yystate, yychar, yys); - } -#endif - yychar = (-1); - goto yyloop; - } -yyreduce: -#if YYDEBUG - if (yydebug) - printf("yydebug: state %d, reducing by rule %d (%s)\n", - yystate, yyn, yyrule[yyn]); -#endif - yym = yylen[yyn]; - yyval = yyvsp[1-yym]; - switch (yyn) - { -case 1: -#line 84 "installparse.y" -{ - Pk11Install_valueList = yyvsp[0].list; -} -break; -case 2: -#line 89 "installparse.y" -{ - Pk11Install_ValueList_AddItem(yyvsp[0].list,yyvsp[-1].value); - yyval .list = yyvsp[0].list; -} -break; -case 3: -#line 94 "installparse.y" -{ - yyval .list = Pk11Install_ValueList_new(); -} -break; -case 4: -#line 99 "installparse.y" -{ - yyval .value= Pk11Install_Value_new(PAIR_VALUE,yyvsp[0]); -} -break; -case 5: -#line 103 "installparse.y" -{ - yyval .value= Pk11Install_Value_new(STRING_VALUE, yyvsp[0]); -} -break; -case 6: -#line 108 "installparse.y" -{ - yyval .pair = Pk11Install_Pair_new(yyvsp[-3].string,yyvsp[-1].list); -} -break; -case 7: -#line 113 "installparse.y" -{ - yyval .string = yyvsp[0].string; -} -break; -#line 374 "ytab.c" - } - yyssp -= yym; - yystate = *yyssp; - yyvsp -= yym; - yym = yylhs[yyn]; - if (yystate == 0 && yym == 0) - { -#ifdef YYDEBUG - if (yydebug) - printf("yydebug: after reduction, shifting from state 0 to\ - state %d\n", YYFINAL); -#endif - yystate = YYFINAL; - *++yyssp = YYFINAL; - *++yyvsp = yyval; - if (yychar < 0) - { - if ((yychar = yylex()) < 0) yychar = 0; -#if YYDEBUG - if (yydebug) - { - yys = 0; - if (yychar <= YYMAXTOKEN) yys = yyname[yychar]; - if (!yys) yys = "illegal-symbol"; - printf("yydebug: state %d, reading %d (%s)\n", - YYFINAL, yychar, yys); - } -#endif - } - if (yychar == 0) goto yyaccept; - goto yyloop; - } - if ((yyn = yygindex[yym]) && (yyn += yystate) >= 0 && - yyn <= YYTABLESIZE && yycheck[yyn] == yystate) - yystate = yytable[yyn]; - else - yystate = yydgoto[yym]; -#ifdef YYDEBUG - if (yydebug) - printf("yydebug: after reduction, shifting from state %d \ -to state %d\n", *yyssp, yystate); -#endif - if (yyssp >= yyss + yystacksize - 1) - { - goto yyoverflow; - } - *++yyssp = yystate; - *++yyvsp = yyval; - goto yyloop; -yyoverflow: - yyerror("yacc stack overflow"); -yyabort: - return (1); -yyaccept: - return (0); -} diff --git a/security/nss/cmd/modutil/installparse.h b/security/nss/cmd/modutil/installparse.h deleted file mode 100644 index 75686d4fd..000000000 --- a/security/nss/cmd/modutil/installparse.h +++ /dev/null @@ -1,3 +0,0 @@ -#define OPENBRACE 257 -#define CLOSEBRACE 258 -#define STRING 259 diff --git a/security/nss/cmd/modutil/installparse.l b/security/nss/cmd/modutil/installparse.l deleted file mode 100644 index 6befe16cb..000000000 --- a/security/nss/cmd/modutil/installparse.l +++ /dev/null @@ -1,166 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - - -/* lex file for analyzing PKCS #11 Module installation instructions */ - -/*----------------------------- Definitions ---------------------------*/ -%{ -#include <string.h> - -#include "install-ds.h" /* defines tokens and data structures */ -#include "installparse.h" /* produced by yacc -d */ -#include <prprf.h> -static char *putSimpleString(char*); /* return copy of string */ -static char *putComplexString(char*); /* strip out quotes, deal with */ - /* escaped characters */ - -void Pk11Install_yyerror(char *); - -/* Overrides to use NSPR */ -#define malloc PR_Malloc -#define realloc PR_Realloc -#define free PR_Free - -int Pk11Install_yylinenum=1; -static char *err; - -#define YY_NEVER_INTERACTIVE 1 -#define yyunput Pkcs11Install_yyunput - -/* This is the default YY_INPUT modified for NSPR */ -#define YY_INPUT(buf,result,max_size) \ - if ( yy_current_buffer->yy_is_interactive ) { \ - char c; \ - int n; \ - for ( n = 0; n < max_size && \ - PR_Read(Pk11Install_FD, &c, 1)==1 && c != '\n'; ++n ) { \ - buf[n] = c; \ - } \ - if ( c == '\n' ) { \ - buf[n++] = c; \ - } \ - result = n; \ - } else { \ - result = PR_Read(Pk11Install_FD, buf, max_size); \ - } - -%} - -/*** Regular expression definitions ***/ -/* simple_string has no whitespace, quotes, or braces */ -simple_string [^ \t\r\n\""{""}"]+ - -/* complex_string is enclosed in quotes. Inside the quotes, quotes and - backslashes must be backslash-escaped. No newlines or carriage returns - are allowed inside the quotes. Otherwise, anything goes. */ -complex_string \"([^\"\\\r\n]|(\\\")|(\\\\))+\" - -/* Standard whitespace */ -whitespace [ \t\r]+ - -other . - -/*---------------------------- Actions --------------------------------*/ -%% - -"{" return OPENBRACE; -"}" return CLOSEBRACE; -{simple_string} {Pk11Install_yylval.string = - putSimpleString(Pk11Install_yytext); - return STRING;} -{complex_string} {Pk11Install_yylval.string = - putComplexString(Pk11Install_yytext); - return STRING;} - -"\n" Pk11Install_yylinenum++; - -{whitespace} ; - -{other} {err = PR_smprintf("Invalid lexeme: %s",Pk11Install_yytext); - Pk11Install_yyerror(err); - PR_smprintf_free(err); - return 1; - } - -%% -/*------------------------ Program Section ----------------------------*/ - -PRFileDesc *Pk11Install_FD=NULL; - -/*************************************************************************/ -/* dummy function required by lex */ -int Pk11Install_yywrap(void) { return 1;} - -/*************************************************************************/ -/* Return a copy of the given string */ -static char* -putSimpleString(char *str) -{ - char *tmp = (char*) PR_Malloc(strlen(str)+1); - strcpy(tmp, str); - return tmp; -} - -/*************************************************************************/ -/* Strip out quotes, replace escaped characters with what they stand for. - This function assumes that what is passed in is actually a complex - string, so error checking is lax. */ -static char* -putComplexString(char *str) -{ - int size, i,j; - char *tmp; - - if(!str) { - return NULL; - } - size = strlen(str); - - /* Allocate the new space. This string will actually be too big, - since quotes and backslashes will be stripped out. But that's ok. */ - tmp = (char*) PR_Malloc(size+1); - - /* Copy it over */ - for(i=0, j=0; i < size; i++) { - if(str[i]=='\"') { - continue; /* skip un-escaped quotes */ - } else if(str[i]=='\\') { - ++i; /* escaped character. skip the backslash */ - } - tmp[j++] = str[i]; - } - tmp[j] = '\0'; - - return tmp; -} diff --git a/security/nss/cmd/modutil/installparse.y b/security/nss/cmd/modutil/installparse.y deleted file mode 100644 index 6a32e25ab..000000000 --- a/security/nss/cmd/modutil/installparse.y +++ /dev/null @@ -1,133 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -/* yacc file for parsing PKCS #11 module installation instructions */ -/*------------------------ Definition Section ---------------------------*/ - -%{ -#define yyparse Pk11Install_yyparse -#define yylex Pk11Install_yylex -#define yyerror Pk11Install_yyerror -#define yychar Pk11Install_yychar -#define yyval Pk11Install_yyval -#define yylval Pk11Install_yylval -#define yydebug Pk11Install_yydebug -#define yynerrs Pk11Install_yynerrs -#define yyerrflag Pk11Install_yyerrflag -#define yyss Pk11Install_yyss -#define yyssp Pk11Install_yyssp -#define yyvs Pk11Install_yyvs -#define yyvsp Pk11Install_yyvsp -#define yylhs Pk11Install_yylhs -#define yylen Pk11Install_yylen -#define yydefred Pk11Install_yydefred -#define yydgoto Pk11Install_yydgoto -#define yysindex Pk11Install_yysindex -#define yyrindex Pk11Install_yyrindex -#define yygindex Pk11Install_yygindex -#define yytable Pk11Install_yytable -#define yycheck Pk11Install_yycheck -#define yyname Pk11Install_yyname -#define yyrule Pk11Install_yyrule - -/* C Stuff */ -#include "install-ds.h" -#include <prprf.h> - -#define YYSTYPE Pk11Install_Pointer -extern char *Pk11Install_yytext; -char *Pk11Install_yyerrstr=NULL; - -%} - -/* Tokens */ -%token OPENBRACE -%token CLOSEBRACE -%token STRING -%start toplist - -%% - -/*--------------------------- Productions -------------------------------*/ - -toplist : valuelist -{ - Pk11Install_valueList = $1.list; -} - -valuelist : value valuelist -{ - Pk11Install_ValueList_AddItem($2.list,$1.value); - $$.list = $2.list; -} -| -{ - $$.list = Pk11Install_ValueList_new(); -}; - -value : key_value_pair -{ - $$.value= Pk11Install_Value_new(PAIR_VALUE,$1); -} -| STRING -{ - $$.value= Pk11Install_Value_new(STRING_VALUE, $1); -}; - -key_value_pair : key OPENBRACE valuelist CLOSEBRACE -{ - $$.pair = Pk11Install_Pair_new($1.string,$3.list); -}; - -key : STRING -{ - $$.string = $1.string; -}; - -%% -/*----------------------- Program Section --------------------------------*/ - -/*************************************************************************/ -void -Pk11Install_yyerror(char *message) -{ - char *tmp; - if(Pk11Install_yyerrstr) { - tmp=PR_smprintf("%sline %d: %s\n", Pk11Install_yyerrstr, - Pk11Install_yylinenum, message); - PR_smprintf_free(Pk11Install_yyerrstr); - } else { - tmp = PR_smprintf("line %d: %s\n", Pk11Install_yylinenum, message); - } - Pk11Install_yyerrstr=tmp; -} diff --git a/security/nss/cmd/modutil/instsec.c b/security/nss/cmd/modutil/instsec.c deleted file mode 100644 index e6eaa384b..000000000 --- a/security/nss/cmd/modutil/instsec.c +++ /dev/null @@ -1,178 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -#include <plarena.h> -#include <prio.h> -#include <prprf.h> -#include <seccomon.h> -#include <secmod.h> -#include <jar.h> -#include <secutil.h> - -/* These are installation functions that make calls to the security library. - * We don't want to include security include files in the C++ code too much. - */ - -static char* PR_fgets(char *buf, int size, PRFileDesc *file); - -/*************************************************************************** - * - * P k 1 1 I n s t a l l _ A d d N e w M o d u l e - */ -int -Pk11Install_AddNewModule(char* moduleName, char* dllPath, - unsigned long defaultMechanismFlags, - unsigned long cipherEnableFlags) -{ - return (SECMOD_AddNewModule(moduleName, dllPath, - SECMOD_PubMechFlagstoInternal(defaultMechanismFlags), - SECMOD_PubCipherFlagstoInternal(cipherEnableFlags)) - == SECSuccess) ? 0 : -1; -} - -/************************************************************************* - * - * P k 1 1 I n s t a l l _ U s e r V e r i f y J a r - * - * Gives the user feedback on the signatures of a JAR files, asks them - * whether they actually want to continue. - * Assumes the jar structure has already been created and is valid. - * Returns 0 if the user wants to continue the installation, nonzero - * if the user wishes to abort. - */ -short -Pk11Install_UserVerifyJar(JAR *jar, PRFileDesc *out, PRBool query) -{ - JAR_Context *ctx; - JAR_Cert *fing; - JAR_Item *item; - char stdinbuf[80]; - int count=0; - - CERTCertificate *cert, *prev=NULL; - - PR_fprintf(out, "\nThis installation JAR file was signed by:\n"); - - ctx = JAR_find(jar, NULL, jarTypeSign); - - while(JAR_find_next(ctx, &item) >= 0 ) { - fing = (JAR_Cert*) item->data; - cert = fing->cert; - if(cert==prev) { - continue; - } - - count++; - PR_fprintf(out, "----------------------------------------------\n"); - if(cert) { - if(cert->nickname) { - PR_fprintf(out, "**NICKNAME**\n%s\n", cert->nickname); - } - if(cert->subjectName) { - PR_fprintf(out, "**SUBJECT NAME**\n%s\n", cert->subjectName); } - if(cert->issuerName) { - PR_fprintf(out, "**ISSUER NAME**\n%s\n", cert->issuerName); - } - } else { - PR_fprintf(out, "No matching certificate could be found.\n"); - } - PR_fprintf(out, "----------------------------------------------\n\n"); - - prev=cert; - } - - JAR_find_end(ctx); - - if(count==0) { - PR_fprintf(out, "No signatures found: JAR FILE IS UNSIGNED.\n"); - } - - if(query) { - PR_fprintf(out, -"Do you wish to continue this installation? (y/n) "); - - if(PR_fgets(stdinbuf, 80, PR_STDIN) != NULL) { - char *response; - - if( (response=strtok(stdinbuf, " \t\n\r")) ) { - if( !PL_strcasecmp(response, "y") || - !PL_strcasecmp(response, "yes") ) { - return 0; - } - } - } - } - - return 1; -} - -/************************************************************************** - * - * P R _ f g e t s - * - * fgets implemented with NSPR. - */ -static char* -PR_fgets(char *buf, int size, PRFileDesc *file) -{ - int i; - int status; - char c; - - i=0; - while(i < size-1) { - status = PR_Read(file, (void*) &c, 1); - if(status==-1) { - return NULL; - } else if(status==0) { - break; - } - buf[i++] = c; - if(c=='\n') { - break; - } - } - buf[i]='\0'; - - return buf; -} - -/************************************************************************** - * - * m y S E C U _ E r r o r S t r i n g - * - */ -const char* mySECU_ErrorString(int16 errnum) -{ - return SECU_Strerror(errnum); -} diff --git a/security/nss/cmd/modutil/lex.Pk11Install_yy.c b/security/nss/cmd/modutil/lex.Pk11Install_yy.c deleted file mode 100644 index 3943503db..000000000 --- a/security/nss/cmd/modutil/lex.Pk11Install_yy.c +++ /dev/null @@ -1,1691 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -#define yy_create_buffer Pk11Install_yy_create_buffer -#define yy_delete_buffer Pk11Install_yy_delete_buffer -#define yy_scan_buffer Pk11Install_yy_scan_buffer -#define yy_scan_string Pk11Install_yy_scan_string -#define yy_scan_bytes Pk11Install_yy_scan_bytes -#define yy_flex_debug Pk11Install_yy_flex_debug -#define yy_init_buffer Pk11Install_yy_init_buffer -#define yy_flush_buffer Pk11Install_yy_flush_buffer -#define yy_load_buffer_state Pk11Install_yy_load_buffer_state -#define yy_switch_to_buffer Pk11Install_yy_switch_to_buffer -#define yyin Pk11Install_yyin -#define yyleng Pk11Install_yyleng -#define yylex Pk11Install_yylex -#define yyout Pk11Install_yyout -#define yyrestart Pk11Install_yyrestart -#define yytext Pk11Install_yytext -#define yywrap Pk11Install_yywrap - -#line 20 "lex.Pk11Install_yy.c" -/* A lexical scanner generated by flex */ - -/* Scanner skeleton version: - * $Header$ - */ - -#define FLEX_SCANNER -#define YY_FLEX_MAJOR_VERSION 2 -#define YY_FLEX_MINOR_VERSION 5 - -#include <stdio.h> - - -/* cfront 1.2 defines "c_plusplus" instead of "__cplusplus" */ -#ifdef c_plusplus -#ifndef __cplusplus -#define __cplusplus -#endif -#endif - - -#ifdef __cplusplus - -#include <stdlib.h> -//#include <unistd.h> - -/* Use prototypes in function declarations. */ -#define YY_USE_PROTOS - -/* The "const" storage-class-modifier is valid. */ -#define YY_USE_CONST - -#else /* ! __cplusplus */ - -#if __STDC__ - -#define YY_USE_PROTOS -#define YY_USE_CONST - -#endif /* __STDC__ */ -#endif /* ! __cplusplus */ - -#ifdef __TURBOC__ - #pragma warn -rch - #pragma warn -use -#include <io.h> -#include <stdlib.h> -#define YY_USE_CONST -#define YY_USE_PROTOS -#endif - -#ifdef YY_USE_CONST -#define yyconst const -#else -#define yyconst -#endif - - -#ifdef YY_USE_PROTOS -#define YY_PROTO(proto) proto -#else -#define YY_PROTO(proto) () -#endif - -/* Returned upon end-of-file. */ -#define YY_NULL 0 - -/* Promotes a possibly negative, possibly signed char to an unsigned - * integer for use as an array index. If the signed char is negative, - * we want to instead treat it as an 8-bit unsigned char, hence the - * double cast. - */ -#define YY_SC_TO_UI(c) ((unsigned int) (unsigned char) c) - -/* Enter a start condition. This macro really ought to take a parameter, - * but we do it the disgusting crufty way forced on us by the ()-less - * definition of BEGIN. - */ -#define BEGIN yy_start = 1 + 2 * - -/* Translate the current start state into a value that can be later handed - * to BEGIN to return to the state. The YYSTATE alias is for lex - * compatibility. - */ -#define YY_START ((yy_start - 1) / 2) -#define YYSTATE YY_START - -/* Action number for EOF rule of a given start state. */ -#define YY_STATE_EOF(state) (YY_END_OF_BUFFER + state + 1) - -/* Special action meaning "start processing a new file". */ -#define YY_NEW_FILE yyrestart( yyin ) - -#define YY_END_OF_BUFFER_CHAR 0 - -/* Size of default input buffer. */ -#define YY_BUF_SIZE 16384 - -typedef struct yy_buffer_state *YY_BUFFER_STATE; - -extern int yyleng; -extern FILE *yyin, *yyout; - -#define EOB_ACT_CONTINUE_SCAN 0 -#define EOB_ACT_END_OF_FILE 1 -#define EOB_ACT_LAST_MATCH 2 - -/* The funky do-while in the following #define is used to turn the definition - * int a single C statement (which needs a semi-colon terminator). This - * avoids problems with code like: - * - * if ( condition_holds ) - * yyless( 5 ); - * else - * do_something_else(); - * - * Prior to using the do-while the compiler would get upset at the - * "else" because it interpreted the "if" statement as being all - * done when it reached the ';' after the yyless() call. - */ - -/* Return all but the first 'n' matched characters back to the input stream. */ - -#define yyless(n) \ - do \ - { \ - /* Undo effects of setting up yytext. */ \ - *yy_cp = yy_hold_char; \ - YY_RESTORE_YY_MORE_OFFSET \ - yy_c_buf_p = yy_cp = yy_bp + n - YY_MORE_ADJ; \ - YY_DO_BEFORE_ACTION; /* set up yytext again */ \ - } \ - while ( 0 ) - -#define unput(c) yyunput( c, yytext_ptr ) - -/* The following is because we cannot portably get our hands on size_t - * (without autoconf's help, which isn't available because we want - * flex-generated scanners to compile on their own). - */ -typedef unsigned int yy_size_t; - - -struct yy_buffer_state - { - FILE *yy_input_file; - - char *yy_ch_buf; /* input buffer */ - char *yy_buf_pos; /* current position in input buffer */ - - /* Size of input buffer in bytes, not including room for EOB - * characters. - */ - yy_size_t yy_buf_size; - - /* Number of characters read into yy_ch_buf, not including EOB - * characters. - */ - int yy_n_chars; - - /* Whether we "own" the buffer - i.e., we know we created it, - * and can realloc() it to grow it, and should free() it to - * delete it. - */ - int yy_is_our_buffer; - - /* Whether this is an "interactive" input source; if so, and - * if we're using stdio for input, then we want to use getc() - * instead of fread(), to make sure we stop fetching input after - * each newline. - */ - int yy_is_interactive; - - /* Whether we're considered to be at the beginning of a line. - * If so, '^' rules will be active on the next match, otherwise - * not. - */ - int yy_at_bol; - - /* Whether to try to fill the input buffer when we reach the - * end of it. - */ - int yy_fill_buffer; - - int yy_buffer_status; -#define YY_BUFFER_NEW 0 -#define YY_BUFFER_NORMAL 1 - /* When an EOF's been seen but there's still some text to process - * then we mark the buffer as YY_EOF_PENDING, to indicate that we - * shouldn't try reading from the input source any more. We might - * still have a bunch of tokens to match, though, because of - * possible backing-up. - * - * When we actually see the EOF, we change the status to "new" - * (via yyrestart()), so that the user can continue scanning by - * just pointing yyin at a new input file. - */ -#define YY_BUFFER_EOF_PENDING 2 - }; - -static YY_BUFFER_STATE yy_current_buffer = 0; - -/* We provide macros for accessing buffer states in case in the - * future we want to put the buffer states in a more general - * "scanner state". - */ -#define YY_CURRENT_BUFFER yy_current_buffer - - -/* yy_hold_char holds the character lost when yytext is formed. */ -static char yy_hold_char; - -static int yy_n_chars; /* number of characters read into yy_ch_buf */ - - -int yyleng; - -/* Points to current character in buffer. */ -static char *yy_c_buf_p = (char *) 0; -static int yy_init = 1; /* whether we need to initialize */ -static int yy_start = 0; /* start state number */ - -/* Flag which is used to allow yywrap()'s to do buffer switches - * instead of setting up a fresh yyin. A bit of a hack ... - */ -static int yy_did_buffer_switch_on_eof; - -void yyrestart YY_PROTO(( FILE *input_file )); - -void yy_switch_to_buffer YY_PROTO(( YY_BUFFER_STATE new_buffer )); -void yy_load_buffer_state YY_PROTO(( void )); -YY_BUFFER_STATE yy_create_buffer YY_PROTO(( FILE *file, int size )); -void yy_delete_buffer YY_PROTO(( YY_BUFFER_STATE b )); -void yy_init_buffer YY_PROTO(( YY_BUFFER_STATE b, FILE *file )); -void yy_flush_buffer YY_PROTO(( YY_BUFFER_STATE b )); -#define YY_FLUSH_BUFFER yy_flush_buffer( yy_current_buffer ) - -YY_BUFFER_STATE yy_scan_buffer YY_PROTO(( char *base, yy_size_t size )); -YY_BUFFER_STATE yy_scan_string YY_PROTO(( yyconst char *yy_str )); -YY_BUFFER_STATE yy_scan_bytes YY_PROTO(( yyconst char *bytes, int len )); - -static void *yy_flex_alloc YY_PROTO(( yy_size_t )); -static void *yy_flex_realloc YY_PROTO(( void *, yy_size_t )); -static void yy_flex_free YY_PROTO(( void * )); - -#define yy_new_buffer yy_create_buffer - -#define yy_set_interactive(is_interactive) \ - { \ - if ( ! yy_current_buffer ) \ - yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE ); \ - yy_current_buffer->yy_is_interactive = is_interactive; \ - } - -#define yy_set_bol(at_bol) \ - { \ - if ( ! yy_current_buffer ) \ - yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE ); \ - yy_current_buffer->yy_at_bol = at_bol; \ - } - -#define YY_AT_BOL() (yy_current_buffer->yy_at_bol) - -typedef unsigned char YY_CHAR; -FILE *yyin = (FILE *) 0, *yyout = (FILE *) 0; -typedef int yy_state_type; -extern char *yytext; -#define yytext_ptr yytext - -static yy_state_type yy_get_previous_state YY_PROTO(( void )); -static yy_state_type yy_try_NUL_trans YY_PROTO(( yy_state_type current_state )); -static int yy_get_next_buffer YY_PROTO(( void )); -static void yy_fatal_error YY_PROTO(( yyconst char msg[] )); - -/* Done after the current pattern has been matched and before the - * corresponding action - sets up yytext. - */ -#define YY_DO_BEFORE_ACTION \ - yytext_ptr = yy_bp; \ - yyleng = (int) (yy_cp - yy_bp); \ - yy_hold_char = *yy_cp; \ - *yy_cp = '\0'; \ - yy_c_buf_p = yy_cp; - -#define YY_NUM_RULES 8 -#define YY_END_OF_BUFFER 9 -static yyconst short int yy_accept[16] = - { 0, - 0, 0, 9, 3, 6, 5, 7, 1, 2, 3, - 6, 0, 0, 4, 0 - } ; - -static yyconst int yy_ec[256] = - { 0, - 1, 1, 1, 1, 1, 1, 1, 1, 2, 3, - 1, 1, 4, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 2, 1, 5, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 6, 1, 1, 1, 1, 1, 1, 1, 1, - - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 7, 1, 8, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1 - } ; - -static yyconst int yy_meta[9] = - { 0, - 1, 2, 3, 4, 3, 1, 5, 5 - } ; - -static yyconst short int yy_base[19] = - { 0, - 0, 0, 19, 0, 0, 21, 12, 21, 21, 0, - 0, 4, 6, 21, 21, 13, 11, 15 - } ; - -static yyconst short int yy_def[19] = - { 0, - 15, 1, 15, 16, 17, 15, 18, 15, 15, 16, - 17, 18, 15, 15, 0, 15, 15, 15 - } ; - -static yyconst short int yy_nxt[30] = - { 0, - 4, 5, 6, 5, 7, 4, 8, 9, 14, 13, - 12, 12, 11, 10, 11, 12, 12, 13, 15, 12, - 3, 15, 15, 15, 15, 15, 15, 15, 15 - } ; - -static yyconst short int yy_chk[30] = - { 0, - 1, 1, 1, 1, 1, 1, 1, 1, 12, 12, - 13, 13, 17, 16, 17, 18, 18, 7, 3, 18, - 15, 15, 15, 15, 15, 15, 15, 15, 15 - } ; - -static yy_state_type yy_last_accepting_state; -static char *yy_last_accepting_cpos; - -/* The intent behind this definition is that it'll catch - * any uses of REJECT which flex missed. - */ -#define REJECT reject_used_but_not_detected -#define yymore() yymore_used_but_not_detected -#define YY_MORE_ADJ 0 -#define YY_RESTORE_YY_MORE_OFFSET -char *yytext; -#line 1 "installparse.l" -#define INITIAL 0 -/* lex file for analyzing PKCS #11 Module installation instructions */ -/*----------------------------- Definitions ---------------------------*/ -#line 5 "installparse.l" -#include <string.h> - -#include "install-ds.h" /* defines tokens and data structures */ -#include "installparse.h" /* produced by yacc -d */ -#include <prprf.h> -static char *putSimpleString(char*); /* return copy of string */ -static char *putComplexString(char*); /* strip out quotes, deal with */ - /* escaped characters */ - -void Pk11Install_yyerror(char *); - -/* Overrides to use NSPR */ -#define malloc PR_Malloc -#define realloc PR_Realloc -#define free PR_Free - -int Pk11Install_yylinenum=1; -static char *err; - -#define YY_NEVER_INTERACTIVE 1 -#define yyunput Pkcs11Install_yyunput - -/* This is the default YY_INPUT modified for NSPR */ -#define YY_INPUT(buf,result,max_size) \ - if ( yy_current_buffer->yy_is_interactive ) { \ - char c; \ - int n; \ - for ( n = 0; n < max_size && \ - PR_Read(Pk11Install_FD, &c, 1)==1 && c != '\n'; ++n ) { \ - buf[n] = c; \ - } \ - if ( c == '\n' ) { \ - buf[n++] = c; \ - } \ - result = n; \ - } else { \ - result = PR_Read(Pk11Install_FD, buf, max_size); \ - } - -/*** Regular expression definitions ***/ -/* simple_string has no whitespace, quotes, or braces */ -/* complex_string is enclosed in quotes. Inside the quotes, quotes and - backslashes must be backslash-escaped. Otherwise, anything goes. */ -/* Standard whitespace */ -/*---------------------------- Actions --------------------------------*/ -#line 437 "lex.Pk11Install_yy.cpp" - -/* Macros after this point can all be overridden by user definitions in - * section 1. - */ - -#ifndef YY_SKIP_YYWRAP -#ifdef __cplusplus -extern "C" int yywrap YY_PROTO(( void )); -#else -extern int yywrap YY_PROTO(( void )); -#endif -#endif - -#ifndef YY_NO_UNPUT -static void yyunput YY_PROTO(( int c, char *buf_ptr )); -#endif - -#ifndef yytext_ptr -static void yy_flex_strncpy YY_PROTO(( char *, yyconst char *, int )); -#endif - -#ifdef YY_NEED_STRLEN -static int yy_flex_strlen YY_PROTO(( yyconst char * )); -#endif - -#ifndef YY_NO_INPUT -#ifdef __cplusplus -static int yyinput YY_PROTO(( void )); -#else -static int input YY_PROTO(( void )); -#endif -#endif - -#if YY_STACK_USED -static int yy_start_stack_ptr = 0; -static int yy_start_stack_depth = 0; -static int *yy_start_stack = 0; -#ifndef YY_NO_PUSH_STATE -static void yy_push_state YY_PROTO(( int new_state )); -#endif -#ifndef YY_NO_POP_STATE -static void yy_pop_state YY_PROTO(( void )); -#endif -#ifndef YY_NO_TOP_STATE -static int yy_top_state YY_PROTO(( void )); -#endif - -#else -#define YY_NO_PUSH_STATE 1 -#define YY_NO_POP_STATE 1 -#define YY_NO_TOP_STATE 1 -#endif - -#ifdef YY_MALLOC_DECL -YY_MALLOC_DECL -#else -#if __STDC__ -#ifndef __cplusplus -#include <stdlib.h> -#endif -#else -/* Just try to get by without declaring the routines. This will fail - * miserably on non-ANSI systems for which sizeof(size_t) != sizeof(int) - * or sizeof(void*) != sizeof(int). - */ -#endif -#endif - -/* Amount of stuff to slurp up with each read. */ -#ifndef YY_READ_BUF_SIZE -#define YY_READ_BUF_SIZE 8192 -#endif - -/* Copy whatever the last rule matched to the standard output. */ - -#ifndef ECHO -/* This used to be an fputs(), but since the string might contain NUL's, - * we now use fwrite(). - */ -#define ECHO (void) fwrite( yytext, yyleng, 1, yyout ) -#endif - -/* Gets input and stuffs it into "buf". number of characters read, or YY_NULL, - * is returned in "result". - */ -#ifndef YY_INPUT -#define YY_INPUT(buf,result,max_size) \ - if ( yy_current_buffer->yy_is_interactive ) \ - { \ - int c = '*', n; \ - for ( n = 0; n < max_size && \ - (c = getc( yyin )) != EOF && c != '\n'; ++n ) \ - buf[n] = (char) c; \ - if ( c == '\n' ) \ - buf[n++] = (char) c; \ - if ( c == EOF && ferror( yyin ) ) \ - YY_FATAL_ERROR( "input in flex scanner failed" ); \ - result = n; \ - } \ - else if ( ((result = fread( buf, 1, max_size, yyin )) == 0) \ - && ferror( yyin ) ) \ - YY_FATAL_ERROR( "input in flex scanner failed" ); -#endif - -/* No semi-colon after return; correct usage is to write "yyterminate();" - - * we don't want an extra ';' after the "return" because that will cause - * some compilers to complain about unreachable statements. - */ -#ifndef yyterminate -#define yyterminate() return YY_NULL -#endif - -/* Number of entries by which start-condition stack grows. */ -#ifndef YY_START_STACK_INCR -#define YY_START_STACK_INCR 25 -#endif - -/* Report a fatal error. */ -#ifndef YY_FATAL_ERROR -#define YY_FATAL_ERROR(msg) yy_fatal_error( msg ) -#endif - -/* Default declaration of generated scanner - a define so the user can - * easily add parameters. - */ -#ifndef YY_DECL -#define YY_DECL int yylex YY_PROTO(( void )) -#endif - -/* Code executed at the beginning of each rule, after yytext and yyleng - * have been set up. - */ -#ifndef YY_USER_ACTION -#define YY_USER_ACTION -#endif - -/* Code executed at the end of each rule. */ -#ifndef YY_BREAK -#define YY_BREAK break; -#endif - -#define YY_RULE_SETUP \ - YY_USER_ACTION - -YY_DECL - { - register yy_state_type yy_current_state; - register char *yy_cp, *yy_bp; - register int yy_act; - -#line 60 "installparse.l" - - -#line 591 "lex.Pk11Install_yy.cpp" - - if ( yy_init ) - { - yy_init = 0; - -#ifdef YY_USER_INIT - YY_USER_INIT; -#endif - - if ( ! yy_start ) - yy_start = 1; /* first start state */ - - if ( ! yyin ) - yyin = stdin; - - if ( ! yyout ) - yyout = stdout; - - if ( ! yy_current_buffer ) - yy_current_buffer = - yy_create_buffer( yyin, YY_BUF_SIZE ); - - yy_load_buffer_state(); - } - - while ( 1 ) /* loops until end-of-file is reached */ - { - yy_cp = yy_c_buf_p; - - /* Support of yytext. */ - *yy_cp = yy_hold_char; - - /* yy_bp points to the position in yy_ch_buf of the start of - * the current run. - */ - yy_bp = yy_cp; - - yy_current_state = yy_start; -yy_match: - do - { - register YY_CHAR yy_c = yy_ec[YY_SC_TO_UI(*yy_cp)]; - if ( yy_accept[yy_current_state] ) - { - yy_last_accepting_state = yy_current_state; - yy_last_accepting_cpos = yy_cp; - } - while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) - { - yy_current_state = (int) yy_def[yy_current_state]; - if ( yy_current_state >= 16 ) - yy_c = yy_meta[(unsigned int) yy_c]; - } - yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; - ++yy_cp; - } - while ( yy_base[yy_current_state] != 21 ); - -yy_find_action: - yy_act = yy_accept[yy_current_state]; - if ( yy_act == 0 ) - { /* have to back up */ - yy_cp = yy_last_accepting_cpos; - yy_current_state = yy_last_accepting_state; - yy_act = yy_accept[yy_current_state]; - } - - YY_DO_BEFORE_ACTION; - - -do_action: /* This label is used only to access EOF actions. */ - - - switch ( yy_act ) - { /* beginning of action switch */ - case 0: /* must back up */ - /* undo the effects of YY_DO_BEFORE_ACTION */ - *yy_cp = yy_hold_char; - yy_cp = yy_last_accepting_cpos; - yy_current_state = yy_last_accepting_state; - goto yy_find_action; - -case 1: -YY_RULE_SETUP -#line 62 "installparse.l" -return OPENBRACE; - YY_BREAK -case 2: -YY_RULE_SETUP -#line 63 "installparse.l" -return CLOSEBRACE; - YY_BREAK -case 3: -YY_RULE_SETUP -#line 64 "installparse.l" -{Pk11Install_yylval.string = - putSimpleString(Pk11Install_yytext); - return STRING;} - YY_BREAK -case 4: -YY_RULE_SETUP -#line 67 "installparse.l" -{Pk11Install_yylval.string = - putComplexString(Pk11Install_yytext); - return STRING;} - YY_BREAK -case 5: -YY_RULE_SETUP -#line 71 "installparse.l" -Pk11Install_yylinenum++; - YY_BREAK -case 6: -YY_RULE_SETUP -#line 73 "installparse.l" -; - YY_BREAK -case 7: -YY_RULE_SETUP -#line 75 "installparse.l" -{err = PR_smprintf("Invalid lexeme: %s",Pk11Install_yytext); - Pk11Install_yyerror(err); - PR_smprintf_free(err); - return 1; - } - YY_BREAK -case 8: -YY_RULE_SETUP -#line 81 "installparse.l" -ECHO; - YY_BREAK -#line 722 "lex.Pk11Install_yy.cpp" -case YY_STATE_EOF(INITIAL): - yyterminate(); - - case YY_END_OF_BUFFER: - { - /* Amount of text matched not including the EOB char. */ - int yy_amount_of_matched_text = (int) (yy_cp - yytext_ptr) - 1; - - /* Undo the effects of YY_DO_BEFORE_ACTION. */ - *yy_cp = yy_hold_char; - YY_RESTORE_YY_MORE_OFFSET - - if ( yy_current_buffer->yy_buffer_status == YY_BUFFER_NEW ) - { - /* We're scanning a new file or input source. It's - * possible that this happened because the user - * just pointed yyin at a new source and called - * yylex(). If so, then we have to assure - * consistency between yy_current_buffer and our - * globals. Here is the right place to do so, because - * this is the first action (other than possibly a - * back-up) that will match for the new input source. - */ - yy_n_chars = yy_current_buffer->yy_n_chars; - yy_current_buffer->yy_input_file = yyin; - yy_current_buffer->yy_buffer_status = YY_BUFFER_NORMAL; - } - - /* Note that here we test for yy_c_buf_p "<=" to the position - * of the first EOB in the buffer, since yy_c_buf_p will - * already have been incremented past the NUL character - * (since all states make transitions on EOB to the - * end-of-buffer state). Contrast this with the test - * in input(). - */ - if ( yy_c_buf_p <= &yy_current_buffer->yy_ch_buf[yy_n_chars] ) - { /* This was really a NUL. */ - yy_state_type yy_next_state; - - yy_c_buf_p = yytext_ptr + yy_amount_of_matched_text; - - yy_current_state = yy_get_previous_state(); - - /* Okay, we're now positioned to make the NUL - * transition. We couldn't have - * yy_get_previous_state() go ahead and do it - * for us because it doesn't know how to deal - * with the possibility of jamming (and we don't - * want to build jamming into it because then it - * will run more slowly). - */ - - yy_next_state = yy_try_NUL_trans( yy_current_state ); - - yy_bp = yytext_ptr + YY_MORE_ADJ; - - if ( yy_next_state ) - { - /* Consume the NUL. */ - yy_cp = ++yy_c_buf_p; - yy_current_state = yy_next_state; - goto yy_match; - } - - else - { - yy_cp = yy_c_buf_p; - goto yy_find_action; - } - } - - else switch ( yy_get_next_buffer() ) - { - case EOB_ACT_END_OF_FILE: - { - yy_did_buffer_switch_on_eof = 0; - - if ( yywrap() ) - { - /* Note: because we've taken care in - * yy_get_next_buffer() to have set up - * yytext, we can now set up - * yy_c_buf_p so that if some total - * hoser (like flex itself) wants to - * call the scanner after we return the - * YY_NULL, it'll still work - another - * YY_NULL will get returned. - */ - yy_c_buf_p = yytext_ptr + YY_MORE_ADJ; - - yy_act = YY_STATE_EOF(YY_START); - goto do_action; - } - - else - { - if ( ! yy_did_buffer_switch_on_eof ) - YY_NEW_FILE; - } - break; - } - - case EOB_ACT_CONTINUE_SCAN: - yy_c_buf_p = - yytext_ptr + yy_amount_of_matched_text; - - yy_current_state = yy_get_previous_state(); - - yy_cp = yy_c_buf_p; - yy_bp = yytext_ptr + YY_MORE_ADJ; - goto yy_match; - - case EOB_ACT_LAST_MATCH: - yy_c_buf_p = - &yy_current_buffer->yy_ch_buf[yy_n_chars]; - - yy_current_state = yy_get_previous_state(); - - yy_cp = yy_c_buf_p; - yy_bp = yytext_ptr + YY_MORE_ADJ; - goto yy_find_action; - } - break; - } - - default: - YY_FATAL_ERROR( - "fatal flex scanner internal error--no action found" ); - } /* end of action switch */ - } /* end of scanning one token */ - } /* end of yylex */ - - -/* yy_get_next_buffer - try to read in a new buffer - * - * Returns a code representing an action: - * EOB_ACT_LAST_MATCH - - * EOB_ACT_CONTINUE_SCAN - continue scanning from current position - * EOB_ACT_END_OF_FILE - end of file - */ - -static int yy_get_next_buffer() - { - register char *dest = yy_current_buffer->yy_ch_buf; - register char *source = yytext_ptr; - register int number_to_move, i; - int ret_val; - - if ( yy_c_buf_p > &yy_current_buffer->yy_ch_buf[yy_n_chars + 1] ) - YY_FATAL_ERROR( - "fatal flex scanner internal error--end of buffer missed" ); - - if ( yy_current_buffer->yy_fill_buffer == 0 ) - { /* Don't try to fill the buffer, so this is an EOF. */ - if ( yy_c_buf_p - yytext_ptr - YY_MORE_ADJ == 1 ) - { - /* We matched a single character, the EOB, so - * treat this as a final EOF. - */ - return EOB_ACT_END_OF_FILE; - } - - else - { - /* We matched some text prior to the EOB, first - * process it. - */ - return EOB_ACT_LAST_MATCH; - } - } - - /* Try to read more data. */ - - /* First move last chars to start of buffer. */ - number_to_move = (int) (yy_c_buf_p - yytext_ptr) - 1; - - for ( i = 0; i < number_to_move; ++i ) - *(dest++) = *(source++); - - if ( yy_current_buffer->yy_buffer_status == YY_BUFFER_EOF_PENDING ) - /* don't do the read, it's not guaranteed to return an EOF, - * just force an EOF - */ - yy_current_buffer->yy_n_chars = yy_n_chars = 0; - - else - { - int num_to_read = - yy_current_buffer->yy_buf_size - number_to_move - 1; - - while ( num_to_read <= 0 ) - { /* Not enough room in the buffer - grow it. */ -#ifdef YY_USES_REJECT - YY_FATAL_ERROR( -"input buffer overflow, can't enlarge buffer because scanner uses REJECT" ); -#else - - /* just a shorter name for the current buffer */ - YY_BUFFER_STATE b = yy_current_buffer; - - int yy_c_buf_p_offset = - (int) (yy_c_buf_p - b->yy_ch_buf); - - if ( b->yy_is_our_buffer ) - { - int new_size = b->yy_buf_size * 2; - - if ( new_size <= 0 ) - b->yy_buf_size += b->yy_buf_size / 8; - else - b->yy_buf_size *= 2; - - b->yy_ch_buf = (char *) - /* Include room in for 2 EOB chars. */ - yy_flex_realloc( (void *) b->yy_ch_buf, - b->yy_buf_size + 2 ); - } - else - /* Can't grow it, we don't own it. */ - b->yy_ch_buf = 0; - - if ( ! b->yy_ch_buf ) - YY_FATAL_ERROR( - "fatal error - scanner input buffer overflow" ); - - yy_c_buf_p = &b->yy_ch_buf[yy_c_buf_p_offset]; - - num_to_read = yy_current_buffer->yy_buf_size - - number_to_move - 1; -#endif - } - - if ( num_to_read > YY_READ_BUF_SIZE ) - num_to_read = YY_READ_BUF_SIZE; - - /* Read in more data. */ - YY_INPUT( (&yy_current_buffer->yy_ch_buf[number_to_move]), - yy_n_chars, num_to_read ); - - yy_current_buffer->yy_n_chars = yy_n_chars; - } - - if ( yy_n_chars == 0 ) - { - if ( number_to_move == YY_MORE_ADJ ) - { - ret_val = EOB_ACT_END_OF_FILE; - yyrestart( yyin ); - } - - else - { - ret_val = EOB_ACT_LAST_MATCH; - yy_current_buffer->yy_buffer_status = - YY_BUFFER_EOF_PENDING; - } - } - - else - ret_val = EOB_ACT_CONTINUE_SCAN; - - yy_n_chars += number_to_move; - yy_current_buffer->yy_ch_buf[yy_n_chars] = YY_END_OF_BUFFER_CHAR; - yy_current_buffer->yy_ch_buf[yy_n_chars + 1] = YY_END_OF_BUFFER_CHAR; - - yytext_ptr = &yy_current_buffer->yy_ch_buf[0]; - - return ret_val; - } - - -/* yy_get_previous_state - get the state just before the EOB char was reached */ - -static yy_state_type yy_get_previous_state() - { - register yy_state_type yy_current_state; - register char *yy_cp; - - yy_current_state = yy_start; - - for ( yy_cp = yytext_ptr + YY_MORE_ADJ; yy_cp < yy_c_buf_p; ++yy_cp ) - { - register YY_CHAR yy_c = (*yy_cp ? yy_ec[YY_SC_TO_UI(*yy_cp)] : 1); - if ( yy_accept[yy_current_state] ) - { - yy_last_accepting_state = yy_current_state; - yy_last_accepting_cpos = yy_cp; - } - while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) - { - yy_current_state = (int) yy_def[yy_current_state]; - if ( yy_current_state >= 16 ) - yy_c = yy_meta[(unsigned int) yy_c]; - } - yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; - } - - return yy_current_state; - } - - -/* yy_try_NUL_trans - try to make a transition on the NUL character - * - * synopsis - * next_state = yy_try_NUL_trans( current_state ); - */ - -#ifdef YY_USE_PROTOS -static yy_state_type yy_try_NUL_trans( yy_state_type yy_current_state ) -#else -static yy_state_type yy_try_NUL_trans( yy_current_state ) -yy_state_type yy_current_state; -#endif - { - register int yy_is_jam; - register char *yy_cp = yy_c_buf_p; - - register YY_CHAR yy_c = 1; - if ( yy_accept[yy_current_state] ) - { - yy_last_accepting_state = yy_current_state; - yy_last_accepting_cpos = yy_cp; - } - while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) - { - yy_current_state = (int) yy_def[yy_current_state]; - if ( yy_current_state >= 16 ) - yy_c = yy_meta[(unsigned int) yy_c]; - } - yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; - yy_is_jam = (yy_current_state == 15); - - return yy_is_jam ? 0 : yy_current_state; - } - - -#ifndef YY_NO_UNPUT -#ifdef YY_USE_PROTOS -static void yyunput( int c, register char *yy_bp ) -#else -static void yyunput( c, yy_bp ) -int c; -register char *yy_bp; -#endif - { - register char *yy_cp = yy_c_buf_p; - - /* undo effects of setting up yytext */ - *yy_cp = yy_hold_char; - - if ( yy_cp < yy_current_buffer->yy_ch_buf + 2 ) - { /* need to shift things up to make room */ - /* +2 for EOB chars. */ - register int number_to_move = yy_n_chars + 2; - register char *dest = &yy_current_buffer->yy_ch_buf[ - yy_current_buffer->yy_buf_size + 2]; - register char *source = - &yy_current_buffer->yy_ch_buf[number_to_move]; - - while ( source > yy_current_buffer->yy_ch_buf ) - *--dest = *--source; - - yy_cp += (int) (dest - source); - yy_bp += (int) (dest - source); - yy_current_buffer->yy_n_chars = - yy_n_chars = yy_current_buffer->yy_buf_size; - - if ( yy_cp < yy_current_buffer->yy_ch_buf + 2 ) - YY_FATAL_ERROR( "flex scanner push-back overflow" ); - } - - *--yy_cp = (char) c; - - - yytext_ptr = yy_bp; - yy_hold_char = *yy_cp; - yy_c_buf_p = yy_cp; - } -#endif /* ifndef YY_NO_UNPUT */ - - -#ifdef __cplusplus -static int yyinput() -#else -static int input() -#endif - { - int c; - - *yy_c_buf_p = yy_hold_char; - - if ( *yy_c_buf_p == YY_END_OF_BUFFER_CHAR ) - { - /* yy_c_buf_p now points to the character we want to return. - * If this occurs *before* the EOB characters, then it's a - * valid NUL; if not, then we've hit the end of the buffer. - */ - if ( yy_c_buf_p < &yy_current_buffer->yy_ch_buf[yy_n_chars] ) - /* This was really a NUL. */ - *yy_c_buf_p = '\0'; - - else - { /* need more input */ - int offset = yy_c_buf_p - yytext_ptr; - ++yy_c_buf_p; - - switch ( yy_get_next_buffer() ) - { - case EOB_ACT_LAST_MATCH: - /* This happens because yy_g_n_b() - * sees that we've accumulated a - * token and flags that we need to - * try matching the token before - * proceeding. But for input(), - * there's no matching to consider. - * So convert the EOB_ACT_LAST_MATCH - * to EOB_ACT_END_OF_FILE. - */ - - /* Reset buffer status. */ - yyrestart( yyin ); - - /* fall through */ - - case EOB_ACT_END_OF_FILE: - { - if ( yywrap() ) - return EOF; - - if ( ! yy_did_buffer_switch_on_eof ) - YY_NEW_FILE; -#ifdef __cplusplus - return yyinput(); -#else - return input(); -#endif - } - - case EOB_ACT_CONTINUE_SCAN: - yy_c_buf_p = yytext_ptr + offset; - break; - } - } - } - - c = *(unsigned char *) yy_c_buf_p; /* cast for 8-bit char's */ - *yy_c_buf_p = '\0'; /* preserve yytext */ - yy_hold_char = *++yy_c_buf_p; - - - return c; - } - - -#ifdef YY_USE_PROTOS -void yyrestart( FILE *input_file ) -#else -void yyrestart( input_file ) -FILE *input_file; -#endif - { - if ( ! yy_current_buffer ) - yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE ); - - yy_init_buffer( yy_current_buffer, input_file ); - yy_load_buffer_state(); - } - - -#ifdef YY_USE_PROTOS -void yy_switch_to_buffer( YY_BUFFER_STATE new_buffer ) -#else -void yy_switch_to_buffer( new_buffer ) -YY_BUFFER_STATE new_buffer; -#endif - { - if ( yy_current_buffer == new_buffer ) - return; - - if ( yy_current_buffer ) - { - /* Flush out information for old buffer. */ - *yy_c_buf_p = yy_hold_char; - yy_current_buffer->yy_buf_pos = yy_c_buf_p; - yy_current_buffer->yy_n_chars = yy_n_chars; - } - - yy_current_buffer = new_buffer; - yy_load_buffer_state(); - - /* We don't actually know whether we did this switch during - * EOF (yywrap()) processing, but the only time this flag - * is looked at is after yywrap() is called, so it's safe - * to go ahead and always set it. - */ - yy_did_buffer_switch_on_eof = 1; - } - - -#ifdef YY_USE_PROTOS -void yy_load_buffer_state( void ) -#else -void yy_load_buffer_state() -#endif - { - yy_n_chars = yy_current_buffer->yy_n_chars; - yytext_ptr = yy_c_buf_p = yy_current_buffer->yy_buf_pos; - yyin = yy_current_buffer->yy_input_file; - yy_hold_char = *yy_c_buf_p; - } - - -#ifdef YY_USE_PROTOS -YY_BUFFER_STATE yy_create_buffer( FILE *file, int size ) -#else -YY_BUFFER_STATE yy_create_buffer( file, size ) -FILE *file; -int size; -#endif - { - YY_BUFFER_STATE b; - - b = (YY_BUFFER_STATE) yy_flex_alloc( sizeof( struct yy_buffer_state ) ); - if ( ! b ) - YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" ); - - b->yy_buf_size = size; - - /* yy_ch_buf has to be 2 characters longer than the size given because - * we need to put in 2 end-of-buffer characters. - */ - b->yy_ch_buf = (char *) yy_flex_alloc( b->yy_buf_size + 2 ); - if ( ! b->yy_ch_buf ) - YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" ); - - b->yy_is_our_buffer = 1; - - yy_init_buffer( b, file ); - - return b; - } - - -#ifdef YY_USE_PROTOS -void yy_delete_buffer( YY_BUFFER_STATE b ) -#else -void yy_delete_buffer( b ) -YY_BUFFER_STATE b; -#endif - { - if ( ! b ) - return; - - if ( b == yy_current_buffer ) - yy_current_buffer = (YY_BUFFER_STATE) 0; - - if ( b->yy_is_our_buffer ) - yy_flex_free( (void *) b->yy_ch_buf ); - - yy_flex_free( (void *) b ); - } - - -#ifndef YY_ALWAYS_INTERACTIVE -#ifndef YY_NEVER_INTERACTIVE -extern int isatty YY_PROTO(( int )); -#endif -#endif - -#ifdef YY_USE_PROTOS -void yy_init_buffer( YY_BUFFER_STATE b, FILE *file ) -#else -void yy_init_buffer( b, file ) -YY_BUFFER_STATE b; -FILE *file; -#endif - - - { - yy_flush_buffer( b ); - - b->yy_input_file = file; - b->yy_fill_buffer = 1; - -#if YY_ALWAYS_INTERACTIVE - b->yy_is_interactive = 1; -#else -#if YY_NEVER_INTERACTIVE - b->yy_is_interactive = 0; -#else - b->yy_is_interactive = file ? (isatty( fileno(file) ) > 0) : 0; -#endif -#endif - } - - -#ifdef YY_USE_PROTOS -void yy_flush_buffer( YY_BUFFER_STATE b ) -#else -void yy_flush_buffer( b ) -YY_BUFFER_STATE b; -#endif - - { - if ( ! b ) - return; - - b->yy_n_chars = 0; - - /* We always need two end-of-buffer characters. The first causes - * a transition to the end-of-buffer state. The second causes - * a jam in that state. - */ - b->yy_ch_buf[0] = YY_END_OF_BUFFER_CHAR; - b->yy_ch_buf[1] = YY_END_OF_BUFFER_CHAR; - - b->yy_buf_pos = &b->yy_ch_buf[0]; - - b->yy_at_bol = 1; - b->yy_buffer_status = YY_BUFFER_NEW; - - if ( b == yy_current_buffer ) - yy_load_buffer_state(); - } - - -#ifndef YY_NO_SCAN_BUFFER -#ifdef YY_USE_PROTOS -YY_BUFFER_STATE yy_scan_buffer( char *base, yy_size_t size ) -#else -YY_BUFFER_STATE yy_scan_buffer( base, size ) -char *base; -yy_size_t size; -#endif - { - YY_BUFFER_STATE b; - - if ( size < 2 || - base[size-2] != YY_END_OF_BUFFER_CHAR || - base[size-1] != YY_END_OF_BUFFER_CHAR ) - /* They forgot to leave room for the EOB's. */ - return 0; - - b = (YY_BUFFER_STATE) yy_flex_alloc( sizeof( struct yy_buffer_state ) ); - if ( ! b ) - YY_FATAL_ERROR( "out of dynamic memory in yy_scan_buffer()" ); - - b->yy_buf_size = size - 2; /* "- 2" to take care of EOB's */ - b->yy_buf_pos = b->yy_ch_buf = base; - b->yy_is_our_buffer = 0; - b->yy_input_file = 0; - b->yy_n_chars = b->yy_buf_size; - b->yy_is_interactive = 0; - b->yy_at_bol = 1; - b->yy_fill_buffer = 0; - b->yy_buffer_status = YY_BUFFER_NEW; - - yy_switch_to_buffer( b ); - - return b; - } -#endif - - -#ifndef YY_NO_SCAN_STRING -#ifdef YY_USE_PROTOS -YY_BUFFER_STATE yy_scan_string( yyconst char *yy_str ) -#else -YY_BUFFER_STATE yy_scan_string( yy_str ) -yyconst char *yy_str; -#endif - { - int len; - for ( len = 0; yy_str[len]; ++len ) - ; - - return yy_scan_bytes( yy_str, len ); - } -#endif - - -#ifndef YY_NO_SCAN_BYTES -#ifdef YY_USE_PROTOS -YY_BUFFER_STATE yy_scan_bytes( yyconst char *bytes, int len ) -#else -YY_BUFFER_STATE yy_scan_bytes( bytes, len ) -yyconst char *bytes; -int len; -#endif - { - YY_BUFFER_STATE b; - char *buf; - yy_size_t n; - int i; - - /* Get memory for full buffer, including space for trailing EOB's. */ - n = len + 2; - buf = (char *) yy_flex_alloc( n ); - if ( ! buf ) - YY_FATAL_ERROR( "out of dynamic memory in yy_scan_bytes()" ); - - for ( i = 0; i < len; ++i ) - buf[i] = bytes[i]; - - buf[len] = buf[len+1] = YY_END_OF_BUFFER_CHAR; - - b = yy_scan_buffer( buf, n ); - if ( ! b ) - YY_FATAL_ERROR( "bad buffer in yy_scan_bytes()" ); - - /* It's okay to grow etc. this buffer, and we should throw it - * away when we're done. - */ - b->yy_is_our_buffer = 1; - - return b; - } -#endif - - -#ifndef YY_NO_PUSH_STATE -#ifdef YY_USE_PROTOS -static void yy_push_state( int new_state ) -#else -static void yy_push_state( new_state ) -int new_state; -#endif - { - if ( yy_start_stack_ptr >= yy_start_stack_depth ) - { - yy_size_t new_size; - - yy_start_stack_depth += YY_START_STACK_INCR; - new_size = yy_start_stack_depth * sizeof( int ); - - if ( ! yy_start_stack ) - yy_start_stack = (int *) yy_flex_alloc( new_size ); - - else - yy_start_stack = (int *) yy_flex_realloc( - (void *) yy_start_stack, new_size ); - - if ( ! yy_start_stack ) - YY_FATAL_ERROR( - "out of memory expanding start-condition stack" ); - } - - yy_start_stack[yy_start_stack_ptr++] = YY_START; - - BEGIN(new_state); - } -#endif - - -#ifndef YY_NO_POP_STATE -static void yy_pop_state() - { - if ( --yy_start_stack_ptr < 0 ) - YY_FATAL_ERROR( "start-condition stack underflow" ); - - BEGIN(yy_start_stack[yy_start_stack_ptr]); - } -#endif - - -#ifndef YY_NO_TOP_STATE -static int yy_top_state() - { - return yy_start_stack[yy_start_stack_ptr - 1]; - } -#endif - -#ifndef YY_EXIT_FAILURE -#define YY_EXIT_FAILURE 2 -#endif - -#ifdef YY_USE_PROTOS -static void yy_fatal_error( yyconst char msg[] ) -#else -static void yy_fatal_error( msg ) -char msg[]; -#endif - { - (void) fprintf( stderr, "%s\n", msg ); - exit( YY_EXIT_FAILURE ); - } - - - -/* Redefine yyless() so it works in section 3 code. */ - -#undef yyless -#define yyless(n) \ - do \ - { \ - /* Undo effects of setting up yytext. */ \ - yytext[yyleng] = yy_hold_char; \ - yy_c_buf_p = yytext + n; \ - yy_hold_char = *yy_c_buf_p; \ - *yy_c_buf_p = '\0'; \ - yyleng = n; \ - } \ - while ( 0 ) - - -/* Internal utility routines. */ - -#ifndef yytext_ptr -#ifdef YY_USE_PROTOS -static void yy_flex_strncpy( char *s1, yyconst char *s2, int n ) -#else -static void yy_flex_strncpy( s1, s2, n ) -char *s1; -yyconst char *s2; -int n; -#endif - { - register int i; - for ( i = 0; i < n; ++i ) - s1[i] = s2[i]; - } -#endif - -#ifdef YY_NEED_STRLEN -#ifdef YY_USE_PROTOS -static int yy_flex_strlen( yyconst char *s ) -#else -static int yy_flex_strlen( s ) -yyconst char *s; -#endif - { - register int n; - for ( n = 0; s[n]; ++n ) - ; - - return n; - } -#endif - - -#ifdef YY_USE_PROTOS -static void *yy_flex_alloc( yy_size_t size ) -#else -static void *yy_flex_alloc( size ) -yy_size_t size; -#endif - { - return (void *) malloc( size ); - } - -#ifdef YY_USE_PROTOS -static void *yy_flex_realloc( void *ptr, yy_size_t size ) -#else -static void *yy_flex_realloc( ptr, size ) -void *ptr; -yy_size_t size; -#endif - { - /* The cast to (char *) in the following accommodates both - * implementations that use char* generic pointers, and those - * that use void* generic pointers. It works with the latter - * because both ANSI C and C++ allow castless assignment from - * any pointer type to void*, and deal with argument conversions - * as though doing an assignment. - */ - return (void *) realloc( (char *) ptr, size ); - } - -#ifdef YY_USE_PROTOS -static void yy_flex_free( void *ptr ) -#else -static void yy_flex_free( ptr ) -void *ptr; -#endif - { - free( ptr ); - } - -#if YY_MAIN -int main() - { - yylex(); - return 0; - } -#endif -#line 81 "installparse.l" - -/*------------------------ Program Section ----------------------------*/ - -PRFileDesc *Pk11Install_FD=NULL; - -/*************************************************************************/ -/* dummy function required by lex */ -int Pk11Install_yywrap(void) { return 1;} - -/*************************************************************************/ -/* Return a copy of the given string */ -static char* -putSimpleString(char *str) -{ - char *tmp = (char*) PR_Malloc(strlen(str)+1); - strcpy(tmp, str); - return tmp; -} - -/*************************************************************************/ -/* Strip out quotes, replace escaped characters with what they stand for. - This function assumes that what is passed in is actually a complex - string, so error checking is lax. */ -static char* -putComplexString(char *str) -{ - int size, i,j; - char *tmp; - - if(!str) { - return NULL; - } - size = strlen(str); - - /* Allocate the new space. This string will actually be too big, - since quotes and backslashes will be stripped out. But that's ok. */ - tmp = (char*) PR_Malloc(size+1); - - /* Copy it over */ - for(i=0, j=0; i < size; i++) { - if(str[i]=='\"') { - continue; /* skip un-escaped quotes */ - } else if(str[i]=='\\') { - ++i; /* escaped character. skip the backslash */ - } - tmp[j++] = str[i]; - } - tmp[j] = '\0'; - - return tmp; -} diff --git a/security/nss/cmd/modutil/manifest.mn b/security/nss/cmd/modutil/manifest.mn deleted file mode 100644 index b9ff7dc18..000000000 --- a/security/nss/cmd/modutil/manifest.mn +++ /dev/null @@ -1,62 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -CORE_DEPTH = ../../.. - -MODULE = sectools - -EXPORTS = - -CSRCS = modutil.c \ - pk11.c \ - instsec.c \ - install.c \ - installparse.c \ - install-ds.c \ - lex.Pk11Install_yy.c \ - $(NULL) - -CPPSRCS = - -PROGRAM = modutil - -REQUIRES = seccmd nss dbm - -DEFINES = -DNSPR20 - -# sigh -#INCLUDES += -I$(CORE_DEPTH)/nss/lib/pk11wrap - -# USE_STATIC_LIBS = 1 - -EXTRA_LIBS = $(JAR_LIBS) diff --git a/security/nss/cmd/modutil/modutil.c b/security/nss/cmd/modutil/modutil.c deleted file mode 100644 index 8cc99dd2d..000000000 --- a/security/nss/cmd/modutil/modutil.c +++ /dev/null @@ -1,971 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -/* To edit this file, set TABSTOPS to 4 spaces. - * This is not the normal NSS convention. - */ - -#include "modutil.h" -#include "install.h" -#include <plstr.h> -#include "certdb.h" /* for CERT_DB_FILE_VERSION */ -#include "nss.h" - -static void install_error(char *message); -static char* PR_fgets(char *buf, int size, PRFileDesc *file); -static char *progName; - - -/* This enum must be kept in sync with the commandNames list */ -typedef enum { - NO_COMMAND, - ADD_COMMAND, - CHANGEPW_COMMAND, - CREATE_COMMAND, - DEFAULT_COMMAND, - DELETE_COMMAND, - DISABLE_COMMAND, - ENABLE_COMMAND, - FIPS_COMMAND, - JAR_COMMAND, - LIST_COMMAND, - RAW_LIST_COMMAND, - RAW_ADD_COMMAND, - CHKFIPS_COMMAND, - UNDEFAULT_COMMAND -} Command; - -/* This list must be kept in sync with the Command enum */ -static char *commandNames[] = { - "(no command)", - "-add", - "-changepw", - "-create", - "-default", - "-delete", - "-disable", - "-enable", - "-fips", - "-jar", - "-list", - "-rawlist", - "-rawadd", - "-chkfips", - "-undefault" -}; - - -/* this enum must be kept in sync with the optionStrings list */ -typedef enum { - ADD_ARG=0, - RAW_ADD_ARG, - CHANGEPW_ARG, - CIPHERS_ARG, - CREATE_ARG, - DBDIR_ARG, - DBPREFIX_ARG, - DEFAULT_ARG, - DELETE_ARG, - DISABLE_ARG, - ENABLE_ARG, - FIPS_ARG, - FORCE_ARG, - JAR_ARG, - LIBFILE_ARG, - LIST_ARG, - RAW_LIST_ARG, - MECHANISMS_ARG, - NEWPWFILE_ARG, - PWFILE_ARG, - SLOT_ARG, - UNDEFAULT_ARG, - INSTALLDIR_ARG, - TEMPDIR_ARG, - SECMOD_ARG, - NOCERTDB_ARG, - STRING_ARG, - CHKFIPS_ARG, - - NUM_ARGS /* must be last */ -} Arg; - -/* This list must be kept in sync with the Arg enum */ -static char *optionStrings[] = { - "-add", - "-rawadd", - "-changepw", - "-ciphers", - "-create", - "-dbdir", - "-dbprefix", - "-default", - "-delete", - "-disable", - "-enable", - "-fips", - "-force", - "-jar", - "-libfile", - "-list", - "-rawlist", - "-mechanisms", - "-newpwfile", - "-pwfile", - "-slot", - "-undefault", - "-installdir", - "-tempdir", - "-secmod", - "-nocertdb", - "-string", - "-chkfips", -}; - -/* Increment i if doing so would have i still be less than j. If you - are able to do this, return 0. Otherwise return 1. */ -#define TRY_INC(i,j) ( ((i+1)<j) ? (++i, 0) : 1 ) - -/******************************************************************** - * - * file-wide variables obtained from the command line - */ -static Command command = NO_COMMAND; -static char* pwFile = NULL; -static char* newpwFile = NULL; -static char* moduleName = NULL; -static char* moduleSpec = NULL; -static char* slotName = NULL; -static char* secmodName = NULL; -static char* tokenName = NULL; -static char* libFile = NULL; -static char* dbdir = NULL; -static char* dbprefix = ""; -static char* secmodString = NULL; -static char* mechanisms = NULL; -static char* ciphers = NULL; -static char* fipsArg = NULL; -static char* jarFile = NULL; -static char* installDir = NULL; -static char* tempDir = NULL; -static short force = 0; -static PRBool nocertdb = PR_FALSE; - -/******************************************************************* - * - * p a r s e _ a r g s - */ -static Error -parse_args(int argc, char *argv[]) -{ - int i; - char *arg; - int optionType; - - /* Loop over all arguments */ - for(i=1; i < argc; i++) { - arg = argv[i]; - - /* Make sure this is an option and not some floating argument */ - if(arg[0] != '-') { - PR_fprintf(PR_STDERR, errStrings[UNEXPECTED_ARG_ERR], argv[i]); - return UNEXPECTED_ARG_ERR; - } - - /* Find which option this is */ - for(optionType=0; optionType < NUM_ARGS; optionType++) { - if(! strcmp(arg, optionStrings[optionType])) { - break; - } - } - - /* Deal with this specific option */ - switch(optionType) { - case NUM_ARGS: - default: - PR_fprintf(PR_STDERR, errStrings[UNKNOWN_OPTION_ERR], arg); - return UNKNOWN_OPTION_ERR; - break; - case ADD_ARG: - if(command != NO_COMMAND) { - PR_fprintf(PR_STDERR, errStrings[MULTIPLE_COMMAND_ERR], arg); - return MULTIPLE_COMMAND_ERR; - } - command = ADD_COMMAND; - if(TRY_INC(i, argc)) { - PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg); - return OPTION_NEEDS_ARG_ERR; - } - moduleName = argv[i]; - break; - case CHANGEPW_ARG: - if(command != NO_COMMAND) { - PR_fprintf(PR_STDERR, errStrings[MULTIPLE_COMMAND_ERR], arg); - return MULTIPLE_COMMAND_ERR; - } - command = CHANGEPW_COMMAND; - if(TRY_INC(i, argc)) { - PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg); - return OPTION_NEEDS_ARG_ERR; - } - tokenName = argv[i]; - break; - case CIPHERS_ARG: - if(ciphers != NULL) { - PR_fprintf(PR_STDERR, errStrings[DUPLICATE_OPTION_ERR], arg); - return DUPLICATE_OPTION_ERR; - } - if(TRY_INC(i, argc)) { - PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg); - return OPTION_NEEDS_ARG_ERR; - } - ciphers = argv[i]; - break; - case CREATE_ARG: - if(command != NO_COMMAND) { - PR_fprintf(PR_STDERR, errStrings[MULTIPLE_COMMAND_ERR], arg); - return MULTIPLE_COMMAND_ERR; - } - command = CREATE_COMMAND; - break; - case DBDIR_ARG: - if(dbdir != NULL) { - PR_fprintf(PR_STDERR, errStrings[DUPLICATE_OPTION_ERR], arg); - return DUPLICATE_OPTION_ERR; - } - if(TRY_INC(i, argc)) { - PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg); - return OPTION_NEEDS_ARG_ERR; - } - dbdir = argv[i]; - break; - case DBPREFIX_ARG: - if(TRY_INC(i, argc)) { - PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg); - return OPTION_NEEDS_ARG_ERR; - } - dbprefix = argv[i]; - break; - case UNDEFAULT_ARG: - case DEFAULT_ARG: - if(command != NO_COMMAND) { - PR_fprintf(PR_STDERR, errStrings[MULTIPLE_COMMAND_ERR], arg); - return MULTIPLE_COMMAND_ERR; - } - if(optionType == DEFAULT_ARG) { - command = DEFAULT_COMMAND; - } else { - command = UNDEFAULT_COMMAND; - } - if(TRY_INC(i, argc)) { - PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg); - return OPTION_NEEDS_ARG_ERR; - } - moduleName = argv[i]; - break; - case DELETE_ARG: - if(command != NO_COMMAND) { - PR_fprintf(PR_STDERR, errStrings[MULTIPLE_COMMAND_ERR], arg); - return MULTIPLE_COMMAND_ERR; - } - command = DELETE_COMMAND; - if(TRY_INC(i, argc)) { - PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg); - return OPTION_NEEDS_ARG_ERR; - } - moduleName = argv[i]; - break; - case DISABLE_ARG: - if(command != NO_COMMAND) { - PR_fprintf(PR_STDERR, errStrings[MULTIPLE_COMMAND_ERR], arg); - return MULTIPLE_COMMAND_ERR; - } - command = DISABLE_COMMAND; - if(TRY_INC(i, argc)) { - PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg); - return OPTION_NEEDS_ARG_ERR; - } - moduleName = argv[i]; - break; - case ENABLE_ARG: - if(command != NO_COMMAND) { - PR_fprintf(PR_STDERR, errStrings[MULTIPLE_COMMAND_ERR], arg); - return MULTIPLE_COMMAND_ERR; - } - command = ENABLE_COMMAND; - if(TRY_INC(i, argc)) { - PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg); - return OPTION_NEEDS_ARG_ERR; - } - moduleName = argv[i]; - break; - case FIPS_ARG: - if(command != NO_COMMAND) { - PR_fprintf(PR_STDERR, errStrings[MULTIPLE_COMMAND_ERR], arg); - return MULTIPLE_COMMAND_ERR; - } - command = FIPS_COMMAND; - if(TRY_INC(i, argc)) { - PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg); - return OPTION_NEEDS_ARG_ERR; - } - fipsArg = argv[i]; - break; - case CHKFIPS_ARG: - if(command != NO_COMMAND) { - PR_fprintf(PR_STDERR, errStrings[MULTIPLE_COMMAND_ERR], arg); - return MULTIPLE_COMMAND_ERR; - } - command = CHKFIPS_COMMAND; - if(TRY_INC(i, argc)) { - PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg); - return OPTION_NEEDS_ARG_ERR; - } - fipsArg = argv[i]; - break; - case FORCE_ARG: - force = 1; - break; - case NOCERTDB_ARG: - nocertdb = PR_TRUE; - break; - case INSTALLDIR_ARG: - if(installDir != NULL) { - PR_fprintf(PR_STDERR, errStrings[DUPLICATE_OPTION_ERR], arg); - return DUPLICATE_OPTION_ERR; - } - if(TRY_INC(i, argc)) { - PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg); - return OPTION_NEEDS_ARG_ERR; - } - installDir = argv[i]; - break; - case TEMPDIR_ARG: - if(tempDir != NULL) { - PR_fprintf(PR_STDERR, errStrings[DUPLICATE_OPTION_ERR], arg); - return DUPLICATE_OPTION_ERR; - } - if(TRY_INC(i, argc)) { - PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg); - return OPTION_NEEDS_ARG_ERR; - } - tempDir = argv[i]; - break; - case JAR_ARG: - if(command != NO_COMMAND) { - PR_fprintf(PR_STDERR, errStrings[MULTIPLE_COMMAND_ERR], arg); - return MULTIPLE_COMMAND_ERR; - } - command = JAR_COMMAND; - if(TRY_INC(i, argc)) { - PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg); - return OPTION_NEEDS_ARG_ERR; - } - jarFile = argv[i]; - break; - case LIBFILE_ARG: - if(libFile != NULL) { - PR_fprintf(PR_STDERR, errStrings[DUPLICATE_OPTION_ERR], arg); - return DUPLICATE_OPTION_ERR; - } - if(TRY_INC(i, argc)) { - PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg); - return OPTION_NEEDS_ARG_ERR; - } - libFile = argv[i]; - break; - case LIST_ARG: - if(command != NO_COMMAND) { - PR_fprintf(PR_STDERR, errStrings[MULTIPLE_COMMAND_ERR], arg); - return MULTIPLE_COMMAND_ERR; - } - command = LIST_COMMAND; - /* This option may or may not have an argument */ - if( (i+1 < argc) && (argv[i+1][0] != '-') ) { - moduleName = argv[++i]; - } - break; - case RAW_LIST_ARG: - if(command != NO_COMMAND) { - PR_fprintf(PR_STDERR, errStrings[MULTIPLE_COMMAND_ERR], arg); - return MULTIPLE_COMMAND_ERR; - } - command = RAW_LIST_COMMAND; - /* This option may or may not have an argument */ - if( (i+1 < argc) && (argv[i+1][0] != '-') ) { - moduleName = argv[++i]; - } - break; - case RAW_ADD_ARG: - if(command != NO_COMMAND) { - PR_fprintf(PR_STDERR, errStrings[MULTIPLE_COMMAND_ERR], arg); - return MULTIPLE_COMMAND_ERR; - } - command = RAW_ADD_COMMAND; - if(TRY_INC(i, argc)) { - PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg); - return OPTION_NEEDS_ARG_ERR; - } - moduleSpec = argv[i]; - break; - case MECHANISMS_ARG: - if(mechanisms != NULL) { - PR_fprintf(PR_STDERR, errStrings[DUPLICATE_OPTION_ERR], arg); - return DUPLICATE_OPTION_ERR; - } - if(TRY_INC(i, argc)) { - PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg); - return OPTION_NEEDS_ARG_ERR; - } - mechanisms = argv[i]; - break; - case NEWPWFILE_ARG: - if(newpwFile != NULL) { - PR_fprintf(PR_STDERR, errStrings[DUPLICATE_OPTION_ERR], arg); - return DUPLICATE_OPTION_ERR; - } - if(TRY_INC(i, argc)) { - PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg); - return OPTION_NEEDS_ARG_ERR; - } - newpwFile = argv[i]; - break; - case PWFILE_ARG: - if(pwFile != NULL) { - PR_fprintf(PR_STDERR, errStrings[DUPLICATE_OPTION_ERR], arg); - return DUPLICATE_OPTION_ERR; - } - if(TRY_INC(i, argc)) { - PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg); - return OPTION_NEEDS_ARG_ERR; - } - pwFile = argv[i]; - break; - case SLOT_ARG: - if(slotName != NULL) { - PR_fprintf(PR_STDERR, errStrings[DUPLICATE_OPTION_ERR], arg); - return DUPLICATE_OPTION_ERR; - } - if(TRY_INC(i, argc)) { - PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg); - return OPTION_NEEDS_ARG_ERR; - } - slotName = argv[i]; - break; - case SECMOD_ARG: - if(secmodName != NULL) { - PR_fprintf(PR_STDERR, errStrings[DUPLICATE_OPTION_ERR], arg); - return DUPLICATE_OPTION_ERR; - } - if(TRY_INC(i, argc)) { - PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg); - return OPTION_NEEDS_ARG_ERR; - } - secmodName = argv[i]; - break; - case STRING_ARG: - if(secmodString != NULL) { - PR_fprintf(PR_STDERR, errStrings[DUPLICATE_OPTION_ERR], arg); - return DUPLICATE_OPTION_ERR; - } - if(TRY_INC(i, argc)) { - PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg); - return OPTION_NEEDS_ARG_ERR; - } - secmodString = argv[i]; - break; - } - } - return SUCCESS; -} - -/************************************************************************ - * - * v e r i f y _ p a r a m s - */ -static Error -verify_params() -{ - switch(command) { - case ADD_COMMAND: - if(libFile == NULL) { - PR_fprintf(PR_STDERR, errStrings[MISSING_PARAM_ERR], - commandNames[ADD_COMMAND], optionStrings[LIBFILE_ARG]); - return MISSING_PARAM_ERR; - } - break; - case CHANGEPW_COMMAND: - break; - case CREATE_COMMAND: - break; - case DELETE_COMMAND: - break; - case DISABLE_COMMAND: - break; - case ENABLE_COMMAND: - break; - case FIPS_COMMAND: - case CHKFIPS_COMMAND: - if(PL_strcasecmp(fipsArg, "true") && - PL_strcasecmp(fipsArg, "false")) { - PR_fprintf(PR_STDERR, errStrings[INVALID_FIPS_ARG]); - return INVALID_FIPS_ARG; - } - break; - case JAR_COMMAND: - if(installDir == NULL) { - PR_fprintf(PR_STDERR, errStrings[MISSING_PARAM_ERR], - commandNames[JAR_COMMAND], optionStrings[INSTALLDIR_ARG]); - return MISSING_PARAM_ERR; - } - break; - case LIST_COMMAND: - case RAW_LIST_COMMAND: - break; - case RAW_ADD_COMMAND: - break; - case UNDEFAULT_COMMAND: - case DEFAULT_COMMAND: - if(mechanisms == NULL) { - PR_fprintf(PR_STDERR, errStrings[MISSING_PARAM_ERR], - commandNames[command], optionStrings[MECHANISMS_ARG]); - return MISSING_PARAM_ERR; - } - break; - default: - /* Ignore this here */ - break; - } - - return SUCCESS; -} - -/******************************************************************** - * - * i n i t _ c r y p t o - * - * Does crypto initialization that all commands will require. - * If -nocertdb option is specified, don't open key or cert db (we don't - * need them if we aren't going to be verifying signatures). This is - * because serverland doesn't always have cert and key database files - * available. - */ -static Error -check_crypto(PRBool create, PRBool readOnly) -{ - char *dir; - char *moddbname=NULL; - Error retval; - static const char multiaccess[] = { "multiaccess:" }; - - dir = SECU_ConfigDirectory(dbdir); /* dir is never NULL */ - if (dir[0] == '\0') { - PR_fprintf(PR_STDERR, errStrings[NO_DBDIR_ERR]); - retval=NO_DBDIR_ERR; - goto loser; - } - if (strncmp(dir, multiaccess, sizeof multiaccess - 1) == 0) { - /* won't attempt to handle the multiaccess case. */ - return SUCCESS; - } - - /* Make sure db directory exists and is readable */ - if(PR_Access(dir, PR_ACCESS_EXISTS) != PR_SUCCESS) { - PR_fprintf(PR_STDERR, errStrings[DIR_DOESNT_EXIST_ERR], dir); - retval = DIR_DOESNT_EXIST_ERR; - goto loser; - } else if(PR_Access(dir, PR_ACCESS_READ_OK) != PR_SUCCESS) { - PR_fprintf(PR_STDERR, errStrings[DIR_NOT_READABLE_ERR], dir); - retval = DIR_NOT_READABLE_ERR; - goto loser; - } - - if (secmodName == NULL) { - secmodName = "secmod.db"; - } - - moddbname = PR_smprintf("%s/%s", dir, secmodName); - if (!moddbname) - return OUT_OF_MEM_ERR; - - /* Check for the proper permissions on databases */ - if(create) { - /* Make sure dbs don't already exist, and the directory is - writeable */ - if(PR_Access(moddbname, PR_ACCESS_EXISTS)==PR_SUCCESS) { - PR_fprintf(PR_STDERR, errStrings[FILE_ALREADY_EXISTS_ERR], - moddbname); - retval=FILE_ALREADY_EXISTS_ERR; - goto loser; - } else - if(PR_Access(dir, PR_ACCESS_WRITE_OK) != PR_SUCCESS) { - PR_fprintf(PR_STDERR, errStrings[DIR_NOT_WRITEABLE_ERR], dir); - retval=DIR_NOT_WRITEABLE_ERR; - goto loser; - } - } else { - /* Make sure dbs are readable and writeable */ - if(PR_Access(moddbname, PR_ACCESS_READ_OK) != PR_SUCCESS) { - PR_fprintf(PR_STDERR, errStrings[FILE_NOT_READABLE_ERR], moddbname); - retval=FILE_NOT_READABLE_ERR; - goto loser; - } - - /* Check for write access if we'll be making changes */ - if( !readOnly ) { - if(PR_Access(moddbname, PR_ACCESS_WRITE_OK) != PR_SUCCESS) { - PR_fprintf(PR_STDERR, errStrings[FILE_NOT_WRITEABLE_ERR], - moddbname); - retval=FILE_NOT_WRITEABLE_ERR; - goto loser; - } - } - PR_fprintf(PR_STDOUT, msgStrings[USING_DBDIR_MSG], - SECU_ConfigDirectory(NULL)); - } - retval=SUCCESS; -loser: - if (moddbname) { - PR_Free(moddbname); - } - return retval; -} - -static Error -init_crypto(PRBool create, PRBool readOnly) -{ - - PRUint32 flags = 0; - SECStatus rv; - Error retval; - /* Open/create key database */ - - if (readOnly) flags |= NSS_INIT_READONLY; - if (nocertdb) flags |= NSS_INIT_NOCERTDB; - rv = NSS_Initialize(SECU_ConfigDirectory(NULL), dbprefix, dbprefix, - secmodName, flags); - if (rv != SECSuccess) { - SECU_PrintPRandOSError(progName); - retval=NSS_INITIALIZE_FAILED_ERR; - } else - retval=SUCCESS; - - return retval; -} - -/************************************************************************* - * - * u s a g e - */ -static void -usage() -{ - PR_fprintf(PR_STDOUT, -"\nNetscape Cryptographic Module Utility\n" -"Usage: modutil [command] [options]\n\n" -" COMMANDS\n" -"---------------------------------------------------------------------------\n" -"-add MODULE_NAME Add the named module to the module database\n" -" -libfile LIBRARY_FILE The name of the file (.so or .dll)\n" -" containing the implementation of PKCS #11\n" -" [-ciphers CIPHER_LIST] Enable the given ciphers on this module\n" -" [-mechanisms MECHANISM_LIST] Make the module a default provider of the\n" -" given mechanisms\n" -" [-string CONFIG_STRING] Pass a configuration string to this module\n" -"-changepw TOKEN Change the password on the named token\n" -" [-pwfile FILE] The old password is in this file\n" -" [-newpwfile FILE] The new password is in this file\n" -"-chkfips [ true | false ] If true, verify FIPS mode. If false,\n" -" verify not FIPS mode\n" -"-create Create a new set of security databases\n" -"-default MODULE Make the given module a default provider\n" -" -mechanisms MECHANISM_LIST of the given mechanisms\n" -" [-slot SLOT] limit change to only the given slot\n" -"-delete MODULE Remove the named module from the module\n" -" database\n" -"-disable MODULE Disable the named module\n" -" [-slot SLOT] Disable only the named slot on the module\n" -"-enable MODULE Enable the named module\n" -" [-slot SLOT] Enable only the named slot on the module\n" -"-fips [ true | false ] If true, enable FIPS mode. If false,\n" -" disable FIPS mode\n" -"-force Do not run interactively\n" -"-jar JARFILE Install a PKCS #11 module from the given\n" -" JAR file in the PKCS #11 JAR format\n" -" -installdir DIR Use DIR as the root directory of the\n" -" installation\n" -" [-tempdir DIR] Use DIR as the temporary installation\n" -" directory. If not specified, the current\n" -" directory is used\n" -"-list [MODULE] Lists information about the specified module\n" -" or about all modules if none is specified\n" -"-rawadd MODULESPEC Add module spec string to secmod DB\n" -"-rawlist [MODULE] Display module spec(s) for one or all\n" -" loadable modules\n" -"-undefault MODULE The given module is NOT a default provider\n" -" -mechanisms MECHANISM_LIST of the listed mechanisms\n" -" [-slot SLOT] limit change to only the given slot\n" -"---------------------------------------------------------------------------\n" -"\n" -" OPTIONS\n" -"---------------------------------------------------------------------------\n" -"-dbdir DIR Directory DIR contains the security databases\n" -"-dbprefix prefix Prefix for the security databases\n" -"-nocertdb Do not load certificate or key databases. No\n" -" verification will be performed on JAR files.\n" -"-secmod secmodName Name of the security modules file\n" -"---------------------------------------------------------------------------\n" -"\n" -"Mechanism lists are colon-separated. The following mechanisms are recognized:\n" -"RSA, DSA, RC2, RC4, RC5, DES, DH, FORTEZZA, SHA1, MD5, MD2, SSL, TLS, RANDOM,\n" -" FRIENDLY\n" -"\n" -"Cipher lists are colon-separated. The following ciphers are recognized:\n" -"FORTEZZA\n" -"\nQuestions or bug reports should be sent to modutil-support@netscape.com.\n" -); - -} - -/************************************************************************* - * - * m a i n - */ -int -main(int argc, char *argv[]) -{ - int errcode = SUCCESS; - PRBool createdb, readOnly; -#define STDINBUF_SIZE 80 - char stdinbuf[STDINBUF_SIZE]; - - progName = strrchr(argv[0], '/'); - progName = progName ? progName+1 : argv[0]; - - - PR_Init(PR_USER_THREAD, PR_PRIORITY_NORMAL, 0); - - if(parse_args(argc, argv) != SUCCESS) { - usage(); - errcode = INVALID_USAGE_ERR; - goto loser; - } - - if(verify_params() != SUCCESS) { - usage(); - errcode = INVALID_USAGE_ERR; - goto loser; - } - - if(command==NO_COMMAND) { - PR_fprintf(PR_STDERR, errStrings[NO_COMMAND_ERR]); - usage(); - errcode = INVALID_USAGE_ERR; - goto loser; - } - - /* Set up crypto stuff */ - createdb = command==CREATE_COMMAND; - readOnly = ((command == LIST_COMMAND) || - (command == CHKFIPS_COMMAND) || - (command == RAW_LIST_COMMAND)); - - /* Make sure browser is not running if we're writing to a database */ - /* Do this before initializing crypto */ - if(!readOnly && !force) { - char *response; - - PR_fprintf(PR_STDOUT, msgStrings[BROWSER_RUNNING_MSG]); - if( ! PR_fgets(stdinbuf, STDINBUF_SIZE, PR_STDIN)) { - PR_fprintf(PR_STDERR, errStrings[STDIN_READ_ERR]); - errcode = STDIN_READ_ERR; - goto loser; - } - if( (response=strtok(stdinbuf, " \r\n\t")) ) { - if(!PL_strcasecmp(response, "q")) { - PR_fprintf(PR_STDOUT, msgStrings[ABORTING_MSG]); - errcode = SUCCESS; - goto loser; - } - } - PR_fprintf(PR_STDOUT, "\n"); - } - - errcode = check_crypto(createdb, readOnly); - if( errcode != SUCCESS) { - goto loser; - } - - if ((command == RAW_LIST_COMMAND) || (command == RAW_ADD_COMMAND)) { - if(!moduleName) { - char *readOnlyStr, *noCertDBStr, *sep; - if (!secmodName) secmodName="secmod.db"; - if (!dbprefix) dbprefix = ""; - sep = ((command == RAW_LIST_COMMAND) && nocertdb) ? "," : " "; - readOnlyStr = (command == RAW_LIST_COMMAND) ? "readOnly" : "" ; - noCertDBStr = nocertdb ? "noCertDB" : ""; - SECU_ConfigDirectory(dbdir); - - moduleName=PR_smprintf( - "name=\"NSS default Module DB\" parameters=\"configdir=%s certPrefix=%s " - "keyPrefix=%s secmod=%s flags=%s%s%s\" NSS=\"flags=internal,moduleDB," - "moduleDBOnly,critical\"", - SECU_ConfigDirectory(NULL),dbprefix,dbprefix, - secmodName, readOnlyStr,sep, noCertDBStr); - } - if (command == RAW_LIST_COMMAND) { - errcode = RawListModule(moduleName); - } else { - PORT_Assert(moduleSpec); - errcode = RawAddModule(moduleName,moduleSpec); - } - goto loser; - } - - errcode = init_crypto(createdb, readOnly); - if( errcode != SUCCESS) { - goto loser; - } - - /* Execute the command */ - switch(command) { - case ADD_COMMAND: - errcode = AddModule(moduleName, libFile, ciphers, mechanisms, secmodString); - break; - case CHANGEPW_COMMAND: - errcode = ChangePW(tokenName, pwFile, newpwFile); - break; - case CREATE_COMMAND: - /* The work was already done in init_crypto() */ - break; - case DEFAULT_COMMAND: - errcode = SetDefaultModule(moduleName, slotName, mechanisms); - break; - case DELETE_COMMAND: - errcode = DeleteModule(moduleName); - break; - case DISABLE_COMMAND: - errcode = EnableModule(moduleName, slotName, PR_FALSE); - break; - case ENABLE_COMMAND: - errcode = EnableModule(moduleName, slotName, PR_TRUE); - break; - case FIPS_COMMAND: - errcode = FipsMode(fipsArg); - break; - case CHKFIPS_COMMAND: - errcode = ChkFipsMode(fipsArg); - break; - case JAR_COMMAND: - Pk11Install_SetErrorHandler(install_error); - errcode = Pk11Install_DoInstall(jarFile, installDir, tempDir, - PR_STDOUT, force, nocertdb); - break; - case LIST_COMMAND: - if(moduleName) { - errcode = ListModule(moduleName); - } else { - errcode = ListModules(); - } - break; - case UNDEFAULT_COMMAND: - errcode = UnsetDefaultModule(moduleName, slotName, mechanisms); - break; - default: - PR_fprintf(PR_STDERR, "This command is not supported yet.\n"); - errcode = INVALID_USAGE_ERR; - break; - } - - if (NSS_Shutdown() != SECSuccess) { - exit(1); - } - -loser: - PR_Cleanup(); - return errcode; -} - -/************************************************************************ - * - * i n s t a l l _ e r r o r - * - * Callback function to handle errors in PK11 JAR file installation. - */ -static void -install_error(char *message) -{ - PR_fprintf(PR_STDERR, "Install error: %s\n", message); -} - -/************************************************************************* - * - * o u t _ o f _ m e m o r y - */ -void -out_of_memory(void) -{ - PR_fprintf(PR_STDERR, errStrings[OUT_OF_MEM_ERR]); - exit(OUT_OF_MEM_ERR); -} - - -/************************************************************************** - * - * P R _ f g e t s - * - * fgets implemented with NSPR. - */ -static char* -PR_fgets(char *buf, int size, PRFileDesc *file) -{ - int i; - int status; - char c; - - i=0; - while(i < size-1) { - status = PR_Read(file, (void*) &c, 1); - if(status==-1) { - return NULL; - } else if(status==0) { - break; - } - buf[i++] = c; - if(c=='\n') { - break; - } - } - buf[i]='\0'; - - return buf; -} diff --git a/security/nss/cmd/modutil/modutil.h b/security/nss/cmd/modutil/modutil.h deleted file mode 100644 index e6a0eeb13..000000000 --- a/security/nss/cmd/modutil/modutil.h +++ /dev/null @@ -1,67 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -#ifndef MODUTIL_H -#define MODUTIL_H - -#include <stdio.h> -#include <prio.h> -#include <prprf.h> -#include <prinit.h> -#include <prmem.h> -#include <plarena.h> -#include <string.h> -#include <seccomon.h> -#include <secmod.h> -#include <secutil.h> - -#include <prlock.h> - -#include "error.h" - -Error FipsMode(char *arg); -Error ChkFipsMode(char *arg); -Error AddModule(char *moduleName, char *libFile, char *ciphers, - char *mechanisms, char* modparms); -Error DeleteModule(char *moduleName); -Error ListModule(char *moduleName); -Error ListModules(); -Error ChangePW(char *tokenName, char *pwFile, char *newpwFile); -Error EnableModule(char *moduleName, char *slotName, PRBool enable); -Error RawAddModule(char *dbmodulespec, char *modulespec); -Error RawListModule(char *modulespec); -Error SetDefaultModule(char *moduleName, char *slotName, char *mechanisms); -Error UnsetDefaultModule(char *moduleName, char *slotName, char *mechanisms); -void out_of_memory(void); - -#endif /*MODUTIL_H*/ diff --git a/security/nss/cmd/modutil/pk11.c b/security/nss/cmd/modutil/pk11.c deleted file mode 100644 index ca4e36678..000000000 --- a/security/nss/cmd/modutil/pk11.c +++ /dev/null @@ -1,946 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -/* To edit this file, set TABSTOPS to 4 spaces. - * This is not the normal NSS convention. - */ - -#include "modutil.h" -/* #include "secmodti.h" */ -#include "pk11func.h" - -static PK11DefaultArrayEntry *pk11_DefaultArray = NULL; -static int pk11_DefaultArraySize = 0; - -/************************************************************************* - * - * F i p s M o d e - * If arg=="true", enable FIPS mode on the internal module. If arg=="false", - * disable FIPS mode on the internal module. - */ -Error -FipsMode(char *arg) -{ - char *internal_name; - - if(!PORT_Strcasecmp(arg, "true")) { - if(!PK11_IsFIPS()) { - internal_name = PR_smprintf("%s", - SECMOD_GetInternalModule()->commonName); - if(SECMOD_DeleteInternalModule(internal_name) != SECSuccess) { - PR_fprintf(PR_STDERR, "%s\n", SECU_Strerror(PORT_GetError())); - PR_smprintf_free(internal_name); - PR_fprintf(PR_STDERR, errStrings[FIPS_SWITCH_FAILED_ERR]); - return FIPS_SWITCH_FAILED_ERR; - } - PR_smprintf_free(internal_name); - if (!PK11_IsFIPS()) { - PR_fprintf(PR_STDERR, errStrings[FIPS_SWITCH_FAILED_ERR]); - return FIPS_SWITCH_FAILED_ERR; - } - PR_fprintf(PR_STDOUT, msgStrings[FIPS_ENABLED_MSG]); - } else { - PR_fprintf(PR_STDERR, errStrings[FIPS_ALREADY_ON_ERR]); - return FIPS_ALREADY_ON_ERR; - } - } else if(!PORT_Strcasecmp(arg, "false")) { - if(PK11_IsFIPS()) { - internal_name = PR_smprintf("%s", - SECMOD_GetInternalModule()->commonName); - if(SECMOD_DeleteInternalModule(internal_name) != SECSuccess) { - PR_fprintf(PR_STDERR, "%s\n", SECU_Strerror(PORT_GetError())); - PR_smprintf_free(internal_name); - PR_fprintf(PR_STDERR, errStrings[FIPS_SWITCH_FAILED_ERR]); - return FIPS_SWITCH_FAILED_ERR; - } - PR_smprintf_free(internal_name); - if (PK11_IsFIPS()) { - PR_fprintf(PR_STDERR, errStrings[FIPS_SWITCH_FAILED_ERR]); - return FIPS_SWITCH_FAILED_ERR; - } - PR_fprintf(PR_STDOUT, msgStrings[FIPS_DISABLED_MSG]); - } else { - PR_fprintf(PR_STDERR, errStrings[FIPS_ALREADY_OFF_ERR]); - return FIPS_ALREADY_OFF_ERR; - } - } else { - PR_fprintf(PR_STDERR, errStrings[INVALID_FIPS_ARG]); - return INVALID_FIPS_ARG; - } - - return SUCCESS; -} - -/************************************************************************* - * - * C h k F i p s M o d e - * If arg=="true", verify FIPS mode is enabled on the internal module. - * If arg=="false", verify FIPS mode is disabled on the internal module. - */ -Error -ChkFipsMode(char *arg) -{ - if(!PORT_Strcasecmp(arg, "true")) { - if (PK11_IsFIPS()) { - PR_fprintf(PR_STDOUT, msgStrings[FIPS_ENABLED_MSG]); - } else { - PR_fprintf(PR_STDOUT, msgStrings[FIPS_DISABLED_MSG]); - return FIPS_SWITCH_FAILED_ERR; - } - - } else if(!PORT_Strcasecmp(arg, "false")) { - if(!PK11_IsFIPS()) { - PR_fprintf(PR_STDOUT, msgStrings[FIPS_DISABLED_MSG]); - } else { - PR_fprintf(PR_STDOUT, msgStrings[FIPS_ENABLED_MSG]); - return FIPS_SWITCH_FAILED_ERR; - } - } else { - PR_fprintf(PR_STDERR, errStrings[INVALID_FIPS_ARG]); - return INVALID_FIPS_ARG; - } - - return SUCCESS; -} - -/************************************************************************ - * Cipher and Mechanism name-bitmask translation tables - */ - -typedef struct { - char *name; - unsigned long mask; -} MaskString; - -static MaskString mechanismStrings[] = { - {"RSA", PUBLIC_MECH_RSA_FLAG}, - {"DSA", PUBLIC_MECH_DSA_FLAG}, - {"RC2", PUBLIC_MECH_RC2_FLAG}, - {"RC4", PUBLIC_MECH_RC4_FLAG}, - {"RC5", PUBLIC_MECH_RC5_FLAG}, - {"DES", PUBLIC_MECH_DES_FLAG}, - {"DH", PUBLIC_MECH_DH_FLAG}, - {"FORTEZZA", PUBLIC_MECH_FORTEZZA_FLAG}, - {"SHA1", PUBLIC_MECH_SHA1_FLAG}, - {"MD5", PUBLIC_MECH_MD5_FLAG}, - {"MD2", PUBLIC_MECH_MD2_FLAG}, - {"SSL", PUBLIC_MECH_SSL_FLAG}, - {"TLS", PUBLIC_MECH_TLS_FLAG}, - {"RANDOM", PUBLIC_MECH_RANDOM_FLAG}, - {"FRIENDLY", PUBLIC_MECH_FRIENDLY_FLAG} -}; -static int numMechanismStrings = - sizeof(mechanismStrings) / sizeof(mechanismStrings[0]); - -static MaskString cipherStrings[] = { - {"FORTEZZA", PUBLIC_CIPHER_FORTEZZA_FLAG} -}; -static int numCipherStrings = - sizeof(cipherStrings) / sizeof(cipherStrings[0]); - -/* Maximum length of a colon-separated list of all the strings in an - * array. */ -#define MAX_STRING_LIST_LEN 240 /* or less */ - -/************************************************************************ - * - * g e t F l a g s F r o m S t r i n g - * - * Parses a mechanism list passed on the command line and converts it - * to an unsigned long bitmask. - * string is a colon-separated string of constants - * array is an array of MaskStrings. - * elements is the number of elements in array. - */ -static unsigned long -getFlagsFromString(char *string, MaskString array[], int elements) -{ - unsigned long ret = 0; - short i = 0; - char *cp; - char *buf; - char *end; - - if(!string || !string[0]) { - return ret; - } - - /* Make a temporary copy of the string */ - buf = PR_Malloc(strlen(string)+1); - if(!buf) { - out_of_memory(); - } - strcpy(buf, string); - - /* Look at each element of the list passed in */ - for(cp=buf; cp && *cp; cp = (end ? end+1 : NULL) ) { - /* Look at the string up to the next colon */ - end = strchr(cp, ':'); - if(end) { - *end = '\0'; - } - - /* Find which element this is */ - for(i=0; i < elements; i++) { - if( !PORT_Strcasecmp(cp, array[i].name) ) { - break; - } - } - if(i == elements) { - /* Skip a bogus string, but print a warning message */ - PR_fprintf(PR_STDERR, errStrings[INVALID_CONSTANT_ERR], cp); - continue; - } - ret |= array[i].mask; - } - - PR_Free(buf); - return ret; -} - -/********************************************************************** - * - * g e t S t r i n g F r o m F l a g s - * - * The return string's memory is owned by this function. Copy it - * if you need it permanently or you want to change it. - */ -static char * -getStringFromFlags(unsigned long flags, MaskString array[], int elements) -{ - static char buf[MAX_STRING_LIST_LEN]; - int i; - int count=0; - - buf[0] = '\0'; - for(i=0; i<elements; i++) { - if( flags & array[i].mask ) { - ++count; - if(count!=1) { - strcat(buf, ":"); - } - strcat(buf, array[i].name); - } - } - return buf; -} - -/********************************************************************** - * - * A d d M o d u l e - * - * Add the named module, with the given library file, ciphers, and - * default mechanism flags - */ -Error -AddModule(char *moduleName, char *libFile, char *cipherString, - char *mechanismString, char* modparms) -{ - unsigned long ciphers; - unsigned long mechanisms; - SECStatus status; - - mechanisms = - getFlagsFromString(mechanismString, mechanismStrings, - numMechanismStrings); - ciphers = - getFlagsFromString(cipherString, cipherStrings, numCipherStrings); - - status = - SECMOD_AddNewModuleEx(moduleName, libFile, - SECMOD_PubMechFlagstoInternal(mechanisms), - SECMOD_PubCipherFlagstoInternal(ciphers), - modparms, NULL ); - - if(status != SECSuccess) { - char* errtxt=NULL; - PRInt32 copied = 0; - if (PR_GetErrorTextLength()) { - errtxt = PR_Malloc(PR_GetErrorTextLength()); - copied = PR_GetErrorText(errtxt); - } - if (copied && errtxt) { - PR_fprintf(PR_STDERR, errStrings[ADD_MODULE_FAILED_STATUS_ERR], - moduleName, errtxt); - PR_Free(errtxt); - } else { - PR_fprintf(PR_STDERR, errStrings[ADD_MODULE_FAILED_ERR], - moduleName); - } - return ADD_MODULE_FAILED_ERR; - } else { - PR_fprintf(PR_STDOUT, msgStrings[ADD_MODULE_SUCCESS_MSG], moduleName); - return SUCCESS; - } -} - -/*********************************************************************** - * - * D e l e t e M o d u l e - * - * Deletes the named module from the database. - */ -Error -DeleteModule(char *moduleName) -{ - SECStatus status; - int type; - - status = SECMOD_DeleteModule(moduleName, &type); - - if(status != SECSuccess) { - if(type == SECMOD_FIPS || type == SECMOD_INTERNAL) { - PR_fprintf(PR_STDERR, errStrings[DELETE_INTERNAL_ERR]); - return DELETE_INTERNAL_ERR; - } else { - PR_fprintf(PR_STDERR, errStrings[DELETE_FAILED_ERR], moduleName); - return DELETE_FAILED_ERR; - } - } - - PR_fprintf(PR_STDOUT, msgStrings[DELETE_SUCCESS_MSG], moduleName); - return SUCCESS; -} - -/************************************************************************ - * - * R a w L i s t M o d u l e s - * - * Lists all the modules in the database, along with their slots and tokens. - */ -Error -RawListModule(char *modulespec) -{ - SECMODModule *module; - char **moduleSpecList; - - module = SECMOD_LoadModule(modulespec,NULL,PR_FALSE); - if (module == NULL) { - /* handle error */ - return NO_SUCH_MODULE_ERR; - } - - moduleSpecList = SECMOD_GetModuleSpecList(module); - if (!moduleSpecList || !moduleSpecList[0]) { - SECU_PrintError("modutil", - "no specs in secmod DB"); - return NO_SUCH_MODULE_ERR; - } - - for ( ;*moduleSpecList; moduleSpecList++) { - printf("%s\n\n",*moduleSpecList); - } - - return SUCCESS; -} - -Error -RawAddModule(char *dbmodulespec, char *modulespec) -{ - SECMODModule *module; - SECMODModule *dbmodule; - - - dbmodule = SECMOD_LoadModule(dbmodulespec,NULL,PR_TRUE); - if (dbmodule == NULL) { - /* handle error */ - return NO_SUCH_MODULE_ERR; - } - - module = SECMOD_LoadModule(modulespec,dbmodule,PR_FALSE); - if (module == NULL) { - /* handle error */ - return NO_SUCH_MODULE_ERR; - } - - if( SECMOD_UpdateModule(module) != SECSuccess ) { - PR_fprintf(PR_STDERR, errStrings[UPDATE_MOD_FAILED_ERR], modulespec); - return UPDATE_MOD_FAILED_ERR; - } - return SUCCESS; -} - -static void -printModule(SECMODModule *module, int *count) -{ - int slotCount = module->loaded ? module->slotCount : 0; - int i; - - if ((*count)++) { - PR_fprintf(PR_STDOUT,"\n"); - } - PR_fprintf(PR_STDOUT, "%3d. %s\n", *count, module->commonName); - - if (module->dllName) { - PR_fprintf(PR_STDOUT, "\tlibrary name: %s\n", module->dllName); - } - - if (slotCount == 0) { - PR_fprintf(PR_STDOUT, - "\t slots: There are no slots attached to this module\n"); - } else { - PR_fprintf(PR_STDOUT, "\t slots: %d slot%s attached\n", - slotCount, (slotCount==1 ? "" : "s") ); - } - - if (module->loaded == 0) { - PR_fprintf(PR_STDOUT, "\tstatus: Not loaded\n"); - } else { - PR_fprintf(PR_STDOUT, "\tstatus: loaded\n"); - } - - /* Print slot and token names */ - for (i = 0; i < slotCount; i++) { - PK11SlotInfo *slot = module->slots[i]; - - PR_fprintf(PR_STDOUT, "\n"); - PR_fprintf(PR_STDOUT, "\t slot: %s\n", PK11_GetSlotName(slot)); - PR_fprintf(PR_STDOUT, "\ttoken: %s\n", PK11_GetTokenName(slot)); - } - return; -} - -/************************************************************************ - * - * L i s t M o d u l e s - * - * Lists all the modules in the database, along with their slots and tokens. - */ -Error -ListModules() -{ - SECMODListLock *lock; - SECMODModuleList *list; - SECMODModuleList *deadlist; - SECMODModuleList *mlp; - Error ret=UNSPECIFIED_ERR; - int count = 0; - - lock = SECMOD_GetDefaultModuleListLock(); - if(!lock) { - PR_fprintf(PR_STDERR, errStrings[NO_LIST_LOCK_ERR]); - return NO_LIST_LOCK_ERR; - } - - SECMOD_GetReadLock(lock); - - list = SECMOD_GetDefaultModuleList(); - deadlist = SECMOD_GetDeadModuleList(); - if (!list && !deadlist) { - PR_fprintf(PR_STDERR, errStrings[NO_MODULE_LIST_ERR]); - ret = NO_MODULE_LIST_ERR; - goto loser; - } - - PR_fprintf(PR_STDOUT, - "\nListing of PKCS #11 Modules\n" - "-----------------------------------------------------------\n"); - - for(mlp=list; mlp != NULL; mlp = mlp->next) { - printModule(mlp->module, &count); - } - for (mlp=deadlist; mlp != NULL; mlp = mlp->next) { - printModule(mlp->module, &count); - } - - - PR_fprintf(PR_STDOUT, - "-----------------------------------------------------------\n"); - - ret = SUCCESS; - -loser: - SECMOD_ReleaseReadLock(lock); - return ret; -} - -/* Strings describing PK11DisableReasons */ -static char *disableReasonStr[] = { - "no reason", - "user disabled", - "could not initialize token", - "could not verify token", - "token not present" -}; -static int numDisableReasonStr = - sizeof(disableReasonStr) / sizeof(disableReasonStr[0]); - -/*********************************************************************** - * - * L i s t M o d u l e - * - * Lists detailed information about the named module. - */ -Error -ListModule(char *moduleName) -{ - SECMODModule *module; - PK11SlotInfo *slot; - int slotnum; - CK_INFO modinfo; - CK_SLOT_INFO slotinfo; - CK_TOKEN_INFO tokeninfo; - char *ciphers, *mechanisms; - PK11DisableReasons reason; - Error rv = SUCCESS; - - if(!moduleName) { - return SUCCESS; - } - - module = SECMOD_FindModule(moduleName); - if(!module) { - PR_fprintf(PR_STDERR, errStrings[NO_SUCH_MODULE_ERR], moduleName); - return NO_SUCH_MODULE_ERR; - } - - if ((module->loaded) && - (PK11_GetModInfo(module, &modinfo) != SECSuccess)) { - PR_fprintf(PR_STDERR, errStrings[MOD_INFO_ERR], moduleName); - return MOD_INFO_ERR; - } - - /* Module info */ - PR_fprintf(PR_STDOUT, - "\n-----------------------------------------------------------\n"); - PR_fprintf(PR_STDOUT, "Name: %s\n", module->commonName); - if(module->internal || !module->dllName) { - PR_fprintf(PR_STDOUT, "Library file: **Internal ONLY module**\n"); - } else { - PR_fprintf(PR_STDOUT, "Library file: %s\n", module->dllName); - } - - if (module->loaded) { - PR_fprintf(PR_STDOUT, "Manufacturer: %.32s\n", modinfo.manufacturerID); - PR_fprintf(PR_STDOUT, "Description: %.32s\n", modinfo.libraryDescription); - PR_fprintf(PR_STDOUT, "PKCS #11 Version %d.%d\n", - modinfo.cryptokiVersion.major, modinfo.cryptokiVersion.minor); - PR_fprintf(PR_STDOUT, "Library Version: %d.%d\n", - modinfo.libraryVersion.major, modinfo.libraryVersion.minor); - } else { - PR_fprintf(PR_STDOUT, "* Module not loaded\n"); - } - /* Get cipher and mechanism flags */ - ciphers = getStringFromFlags(module->ssl[0], cipherStrings, - numCipherStrings); - if(ciphers[0] == '\0') { - ciphers = "None"; - } - PR_fprintf(PR_STDOUT, "Cipher Enable Flags: %s\n", ciphers); - mechanisms = NULL; - if (module->slotCount > 0) { - mechanisms = getStringFromFlags( - PK11_GetDefaultFlags(module->slots[0]), - mechanismStrings, numMechanismStrings); - } - if ((mechanisms==NULL) || (mechanisms[0] =='\0')) { - mechanisms = "None"; - } - PR_fprintf(PR_STDOUT, "Default Mechanism Flags: %s\n", mechanisms); - -#define PAD " " - - /* Loop over each slot */ - for (slotnum=0; slotnum < module->slotCount; slotnum++) { - slot = module->slots[slotnum]; - if (PK11_GetSlotInfo(slot, &slotinfo) != SECSuccess) { - PR_fprintf(PR_STDERR, errStrings[SLOT_INFO_ERR], - PK11_GetSlotName(slot)); - rv = SLOT_INFO_ERR; - continue; - } - - /* Slot Info */ - PR_fprintf(PR_STDOUT, "\n"PAD"Slot: %s\n", PK11_GetSlotName(slot)); - mechanisms = getStringFromFlags(PK11_GetDefaultFlags(slot), - mechanismStrings, numMechanismStrings); - if(mechanisms[0] =='\0') { - mechanisms = "None"; - } - PR_fprintf(PR_STDOUT, PAD"Slot Mechanism Flags: %s\n", mechanisms); - PR_fprintf(PR_STDOUT, PAD"Manufacturer: %.32s\n", - slotinfo.manufacturerID); - if (PK11_IsHW(slot)) { - PR_fprintf(PR_STDOUT, PAD"Type: Hardware\n"); - } else { - PR_fprintf(PR_STDOUT, PAD"Type: Software\n"); - } - PR_fprintf(PR_STDOUT, PAD"Version Number: %d.%d\n", - slotinfo.hardwareVersion.major, slotinfo.hardwareVersion.minor); - PR_fprintf(PR_STDOUT, PAD"Firmware Version: %d.%d\n", - slotinfo.firmwareVersion.major, slotinfo.firmwareVersion.minor); - if (PK11_IsDisabled(slot)) { - reason = PK11_GetDisabledReason(slot); - if(reason < numDisableReasonStr) { - PR_fprintf(PR_STDOUT, PAD"Status: DISABLED (%s)\n", - disableReasonStr[reason]); - } else { - PR_fprintf(PR_STDOUT, PAD"Status: DISABLED\n"); - } - } else { - PR_fprintf(PR_STDOUT, PAD"Status: Enabled\n"); - } - - if(PK11_GetTokenInfo(slot, &tokeninfo) != SECSuccess) { - PR_fprintf(PR_STDERR, errStrings[TOKEN_INFO_ERR], - PK11_GetTokenName(slot)); - rv = TOKEN_INFO_ERR; - continue; - } - - /* Token Info */ - PR_fprintf(PR_STDOUT, PAD"Token Name: %.32s\n", - tokeninfo.label); - PR_fprintf(PR_STDOUT, PAD"Token Manufacturer: %.32s\n", - tokeninfo.manufacturerID); - PR_fprintf(PR_STDOUT, PAD"Token Model: %.16s\n", tokeninfo.model); - PR_fprintf(PR_STDOUT, PAD"Token Serial Number: %.16s\n", - tokeninfo.serialNumber); - PR_fprintf(PR_STDOUT, PAD"Token Version: %d.%d\n", - tokeninfo.hardwareVersion.major, tokeninfo.hardwareVersion.minor); - PR_fprintf(PR_STDOUT, PAD"Token Firmware Version: %d.%d\n", - tokeninfo.firmwareVersion.major, tokeninfo.firmwareVersion.minor); - if(tokeninfo.flags & CKF_WRITE_PROTECTED) { - PR_fprintf(PR_STDOUT, PAD"Access: Write Protected\n"); - } else { - PR_fprintf(PR_STDOUT, PAD"Access: NOT Write Protected\n"); - } - if(tokeninfo.flags & CKF_LOGIN_REQUIRED) { - PR_fprintf(PR_STDOUT, PAD"Login Type: Login required\n"); - } else { - PR_fprintf(PR_STDOUT, PAD - "Login Type: Public (no login required)\n"); - } - if(tokeninfo.flags & CKF_USER_PIN_INITIALIZED) { - PR_fprintf(PR_STDOUT, PAD"User Pin: Initialized\n"); - } else { - PR_fprintf(PR_STDOUT, PAD"User Pin: NOT Initialized\n"); - } - } - PR_fprintf(PR_STDOUT, - "\n-----------------------------------------------------------\n"); - return rv; -} - -/************************************************************************ - * - * C h a n g e P W - */ -Error -ChangePW(char *tokenName, char *pwFile, char *newpwFile) -{ - char *oldpw=NULL, *newpw=NULL, *newpw2=NULL; - PK11SlotInfo *slot; - Error ret=UNSPECIFIED_ERR; - PRBool matching; - - slot = PK11_FindSlotByName(tokenName); - if(!slot) { - PR_fprintf(PR_STDERR, errStrings[NO_SUCH_TOKEN_ERR], tokenName); - return NO_SUCH_TOKEN_ERR; - } - - PK11_SetPasswordFunc(SECU_GetModulePassword); - - /* Get old password */ - if(! PK11_NeedUserInit(slot)) { - if(pwFile) { - oldpw = SECU_FilePasswd(NULL, PR_FALSE, pwFile); - if(PK11_CheckUserPassword(slot, oldpw) != SECSuccess) { - PR_fprintf(PR_STDERR, errStrings[BAD_PW_ERR]); - ret=BAD_PW_ERR; - goto loser; - } - } else { - for(matching=PR_FALSE; !matching; ) { - oldpw = SECU_GetPasswordString(NULL, "Enter old password: "); - if(PK11_CheckUserPassword(slot, oldpw) == SECSuccess) { - matching = PR_TRUE; - } else { - PR_fprintf(PR_STDOUT, msgStrings[BAD_PW_MSG]); - } - } - } - } - - /* Get new password */ - if(newpwFile) { - newpw = SECU_FilePasswd(NULL, PR_FALSE, newpwFile); - } else { - for(matching=PR_FALSE; !matching; ) { - newpw = SECU_GetPasswordString(NULL, "Enter new password: "); - newpw2 = SECU_GetPasswordString(NULL, "Re-enter new password: "); - if(strcmp(newpw, newpw2)) { - PR_fprintf(PR_STDOUT, msgStrings[PW_MATCH_MSG]); - } else { - matching = PR_TRUE; - } - } - } - - /* Change the password */ - if(PK11_NeedUserInit(slot)) { - if(PK11_InitPin(slot, NULL /*ssopw*/, newpw) != SECSuccess) { - PR_fprintf(PR_STDERR, errStrings[CHANGEPW_FAILED_ERR], tokenName); - ret = CHANGEPW_FAILED_ERR; - goto loser; - } - } else { - if(PK11_ChangePW(slot, oldpw, newpw) != SECSuccess) { - PR_fprintf(PR_STDERR, errStrings[CHANGEPW_FAILED_ERR], tokenName); - ret = CHANGEPW_FAILED_ERR; - goto loser; - } - } - - PR_fprintf(PR_STDOUT, msgStrings[CHANGEPW_SUCCESS_MSG], tokenName); - ret = SUCCESS; - -loser: - if(oldpw) { - memset(oldpw, 0, strlen(oldpw)); - PORT_Free(oldpw); - } - if(newpw) { - memset(newpw, 0, strlen(newpw)); - PORT_Free(newpw); - } - if(newpw2) { - memset(newpw2, 0, strlen(newpw)); - PORT_Free(newpw2); - } - return ret; -} - -/*********************************************************************** - * - * E n a b l e M o d u l e - * - * If enable==PR_TRUE, enables the module or slot. - * If enable==PR_FALSE, disables the module or slot. - * moduleName is the name of the module. - * slotName is the name of the slot. It is optional. - */ -Error -EnableModule(char *moduleName, char *slotName, PRBool enable) -{ - int i; - SECMODModule *module; - PK11SlotInfo *slot = NULL; - PRBool found = PR_FALSE; - - module = SECMOD_FindModule(moduleName); - if(!module) { - PR_fprintf(PR_STDERR, errStrings[NO_SUCH_MODULE_ERR], moduleName); - return NO_SUCH_MODULE_ERR; - } - - for(i=0; i < module->slotCount; i++) { - slot = module->slots[i]; - if(slotName && strcmp(PK11_GetSlotName(slot), slotName)) { - /* Not the right slot */ - continue; - } - if(enable) { - if(! PK11_UserEnableSlot(slot)) { - PR_fprintf(PR_STDERR, errStrings[ENABLE_FAILED_ERR], - "enable", PK11_GetSlotName(slot)); - return ENABLE_FAILED_ERR; - } else { - found = PR_TRUE; - PR_fprintf(PR_STDOUT, msgStrings[ENABLE_SUCCESS_MSG], - PK11_GetSlotName(slot), "enabled"); - } - } else { - if(! PK11_UserDisableSlot(slot)) { - PR_fprintf(PR_STDERR, errStrings[ENABLE_FAILED_ERR], - "disable", PK11_GetSlotName(slot)); - return ENABLE_FAILED_ERR; - } else { - found = PR_TRUE; - PR_fprintf(PR_STDOUT, msgStrings[ENABLE_SUCCESS_MSG], - PK11_GetSlotName(slot), "disabled"); - } - } - } - - if(slotName && !found) { - PR_fprintf(PR_STDERR, errStrings[NO_SUCH_SLOT_ERR], slotName); - return NO_SUCH_SLOT_ERR; - } - - /* Delete and re-add module to save changes */ - if( SECMOD_UpdateModule(module) != SECSuccess ) { - PR_fprintf(PR_STDERR, errStrings[UPDATE_MOD_FAILED_ERR], moduleName); - return UPDATE_MOD_FAILED_ERR; - } - - return SUCCESS; -} - -/************************************************************************* - * - * S e t D e f a u l t M o d u l e - * - */ -Error -SetDefaultModule(char *moduleName, char *slotName, char *mechanisms) -{ - SECMODModule *module; - PK11SlotInfo *slot; - int s, i; - unsigned long mechFlags = getFlagsFromString(mechanisms, mechanismStrings, - numMechanismStrings); - PRBool found = PR_FALSE; - Error errcode = UNSPECIFIED_ERR; - - if (pk11_DefaultArray == NULL) { - pk11_DefaultArray = PK11_GetDefaultArray(&pk11_DefaultArraySize); - if (pk11_DefaultArray == NULL) { - /* should assert. This shouldn't happen */ - goto loser; - } - } - - mechFlags = SECMOD_PubMechFlagstoInternal(mechFlags); - - module = SECMOD_FindModule(moduleName); - if(!module) { - PR_fprintf(PR_STDERR, errStrings[NO_SUCH_MODULE_ERR], moduleName); - errcode = NO_SUCH_MODULE_ERR; - goto loser; - } - - /* Go through each slot */ - for(s=0; s < module->slotCount; s++) { - slot = module->slots[s]; - - if ((slotName != NULL) && - !((strcmp(PK11_GetSlotName(slot),slotName) == 0) || - (strcmp(PK11_GetTokenName(slot),slotName) == 0)) ) { - /* we are only interested in changing the one slot */ - continue; - } - - found = PR_TRUE; - - /* Go through each mechanism */ - for(i=0; i < pk11_DefaultArraySize; i++) { - if(pk11_DefaultArray[i].flag & mechFlags) { - /* Enable this default mechanism */ - PK11_UpdateSlotAttribute(slot, &(pk11_DefaultArray[i]), - PR_TRUE); - } - } - } - if (slotName && !found) { - PR_fprintf(PR_STDERR, errStrings[NO_SUCH_SLOT_ERR], slotName); - errcode = NO_SUCH_SLOT_ERR; - goto loser; - } - - /* Delete and re-add module to save changes */ - if( SECMOD_UpdateModule(module) != SECSuccess ) { - PR_fprintf(PR_STDERR, errStrings[DEFAULT_FAILED_ERR], - moduleName); - errcode = DEFAULT_FAILED_ERR; - goto loser; - } - - PR_fprintf(PR_STDOUT, msgStrings[DEFAULT_SUCCESS_MSG]); - - errcode = SUCCESS; -loser: - return errcode; -} - -/************************************************************************ - * - * U n s e t D e f a u l t M o d u l e - */ -Error -UnsetDefaultModule(char *moduleName, char *slotName, char *mechanisms) -{ - SECMODModule * module; - PK11SlotInfo *slot; - int s, i; - unsigned long mechFlags = getFlagsFromString(mechanisms, - mechanismStrings, numMechanismStrings); - PRBool found = PR_FALSE; - - if (pk11_DefaultArray == NULL) { - pk11_DefaultArray = PK11_GetDefaultArray(&pk11_DefaultArraySize); - if (pk11_DefaultArray == NULL) { - /* should assert. This shouldn't happen */ - return UNSPECIFIED_ERR; - } - } - - mechFlags = SECMOD_PubMechFlagstoInternal(mechFlags); - - module = SECMOD_FindModule(moduleName); - if(!module) { - PR_fprintf(PR_STDERR, errStrings[NO_SUCH_MODULE_ERR], moduleName); - return NO_SUCH_MODULE_ERR; - } - - for(s=0; s < module->slotCount; s++) { - slot = module->slots[s]; - if ((slotName != NULL) && - !((strcmp(PK11_GetSlotName(slot),slotName) == 0) || - (strcmp(PK11_GetTokenName(slot),slotName) == 0)) ) { - /* we are only interested in changing the one slot */ - continue; - } - for(i=0; i < pk11_DefaultArraySize ; i++) { - if(pk11_DefaultArray[i].flag & mechFlags) { - PK11_UpdateSlotAttribute(slot, &(pk11_DefaultArray[i]), - PR_FALSE); - } - } - } - if (slotName && !found) { - PR_fprintf(PR_STDERR, errStrings[NO_SUCH_SLOT_ERR], slotName); - return NO_SUCH_SLOT_ERR; - } - - /* Delete and re-add module to save changes */ - if( SECMOD_UpdateModule(module) != SECSuccess ) { - PR_fprintf(PR_STDERR, errStrings[UNDEFAULT_FAILED_ERR], - moduleName); - return UNDEFAULT_FAILED_ERR; - } - - PR_fprintf(PR_STDOUT, msgStrings[UNDEFAULT_SUCCESS_MSG]); - return SUCCESS; -} diff --git a/security/nss/cmd/modutil/pk11jar.html b/security/nss/cmd/modutil/pk11jar.html deleted file mode 100644 index 9440db014..000000000 --- a/security/nss/cmd/modutil/pk11jar.html +++ /dev/null @@ -1,309 +0,0 @@ -<html> -<!-- - - The contents of this file are subject to the Mozilla Public - - License Version 1.1 (the "License"); you may not use this file - - except in compliance with the License. You may obtain a copy of - - the License at http://www.mozilla.org/MPL/ - - - - Software distributed under the License is distributed on an "AS - - IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - - implied. See the License for the specific language governing - - rights and limitations under the License. - - - - The Original Code is the Netscape security libraries. - - - - The Initial Developer of the Original Code is Netscape - - Communications Corporation. Portions created by Netscape are - - Copyright (C) 1994-2000 Netscape Communications Corporation. All - - Rights Reserved. - - - - Contributor(s): - - - - Alternatively, the contents of this file may be used under the - - terms of the GNU General Public License Version 2 or later (the - - "GPL"), in which case the provisions of the GPL are applicable - - instead of those above. If you wish to allow use of your - - version of this file only under the terms of the GPL and not to - - allow others to use your version of this file under the MPL, - - indicate your decision by deleting the provisions above and - - replace them with the notice and other provisions required by - - the GPL. If you do not delete the provisions above, a recipient - - may use your version of this file under either the MPL or the - - GPL. - --> -<head> -<title>PKCS #11 JAR Format</title> -</head> -<body bgcolor=white text=black link=blue vlink=purple alink=red> -<center><h1>PKCS #11 JAR Format</h1></center> - -<p>PKCS #11 modules can be packaged into JAR files that support automatic -installation onto the filesystem and into the security module database. -The JAR file should contain: -<ul> -<li>All files that will be installed onto the target machine. This will -include at least the PKCS #11 module library file (.DLL or .so), and -may also include any other file that should be installed (such as -documentation). -<li>A script to perform the installation. -</ul> -The script can be in one of two forms. If the JAR file is to be -run by Communicator (or any program that interprets Javascript), the -instructions will be in the form of a SmartUpdate script. -<a href="http://devedge/library/documentation/security/jmpkcs/">Documentation -</a> on creating this script can be found on DevEdge. - -<p>If the -JAR file is to be run by a server, modutil, or any other program that -doesn't interpret Javascript, a special information file must be included -in the format described in this document. - -<h2>Declaring the Script in the Manifest File</h2> -The script can have any name, but it must be declared in the manifest file -of the JAR archive. The metainfo tag for this is -<code>Pkcs11_install_script</code>. Meta-information is put in the manifest -file by putting it in a file which is passed to -<a href="http://developer.netscape.com/software/index_frame.html?content=signedobj/jarpack.html#signtool1.3">Signtool</a>. For example, -suppose the PKCS #11 installer script is in the file <code>pk11install</code>. -In Signtool's metainfo file, you would have a line like this: -<blockquote><pre> -+ Pkcs11_install_script: pk11install -</pre></blockquote> - -<h2>Sample Script File</h2> -<blockquote><pre> -ForwardCompatible { IRIX:6.2:mips Solaris:5.5.1:sparc } -Platforms { - WINNT::x86 { - ModuleName { "Fortezza Module" } - ModuleFile { win32/fort32.dll } - DefaultMechanismFlags{0x0001} - DefaultCipherFlags{0x0001} - Files { - win32/setup.exe { - Executable - RelativePath { %temp%/setup.exe } - } - win32/setup.hlp { - RelativePath { %temp%/setup.hlp } - } - win32/setup.cab { - RelativePath { %temp%/setup.cab } - } - } - } - WIN95::x86 { - EquivalentPlatform {WINNT::x86} - } - Solaris:5.5.1:sparc { - ModuleName { "Fortezza UNIX Module" } - ModuleFile { unix/fort.so } - DefaultMechanismFlags{0x0001} - CipherEnableFlags{0x0001} - Files { - unix/fort.so { - RelativePath{%root%/lib/fort.so} - AbsolutePath{/usr/local/netscape/lib/fort.so} - FilePermissions{555} - } - xplat/instr.html { - RelativePath{%root%/docs/inst.html} - AbsolutePath{/usr/local/netscape/docs/inst.html} - FilePermissions{555} - } - } - } - IRIX:6.2:mips { - EquivalentPlatform { Solaris:5.5.1:sparc } - } -} -</pre></blockquote> - -<hr> - -<h2>Script File Grammar</h2> -<blockquote><pre> ---> <i>valuelist</i> - -<i>valuelist</i> --> <i>value</i> <i>valuelist</i> -<i> </i> <i><null></i> - -<i>value</i> --> <i>key_value_pair</i> -<i> </i> <i>string</i> - -<i>key_value_pair</i> --> <i>key</i> { <i>valuelist</i> } - -<i>key</i> --> <i>string</i> - -<i>string</i> --> <i>simple_string</i> -<i> </i> "<i>complex_string</i>" - -<i>simple_string</i> --> [^ \t\n\""{""}"]+ <font size=-1><i>(no whitespace, quotes, or braces)</i></font> - -<i>complex_string</i> --> ([^\"\\\r\n]|(\\\")|(\\\\))+ <font size=-1><i>(quotes and backslashes must be escaped with a backslash, no newlines or carriage returns are allowed in the string)</i></font> -</pre></blockquote> -Outside of complex strings, all whitespace (space, tab, newline) is considered -equal and is used only to delimit tokens. - -<hr> - -<h2>Keys</h2> -Keys are case-insensitive. -<h3>Global Keys</h3> -<dl> -<dt><code>ForwardCompatible</code> -<dd>Gives a list of platforms that are forward compatible. If the current -platform cannot be found in the list of supported platforms, then the -ForwardCompatible list will be checked for any platforms that have the same -OS and architecture and an earlier version. If one is found, its -attributes will be used for the current platform. -<dt><code>Platforms</code> (<i>required</i>) -<dd>Gives a list of platforms. Each entry in the list is itself a key-value -pair: -the key is the name of the platform, and the valuelist contains various -attributes of the platform. The ModuleName, ModuleFile, and Files attributes -must be specified, unless an EquivalentPlatform attribute is specified. -The platform string is in the following -format: <u><i>system name</i></u>:<u><i>os release</i></u>:<u><i>architecture</i></u>. The installer -will obtain these values from NSPR. <u><i>os release</i></u> is an empty -string on non-UNIX operating systems. The following system names and platforms -are currently defined by NSPR:<code> -<ul> -<li>AIX (rs6000) -<li>BSDI (x86) -<li>FREEBSD (x86) -<li>HPUX (hppa1.1) -<li>IRIX (mips) -<li>LINUX (ppc, alpha, x86) -<li>MacOS (PowerPC) </code>(<i>Note: NSPR actually defines the OS as -"</i><code>Mac OS</code><i>". The -space makes the name unsuitable for being embedded in identifiers. Until -NSPR changes, you will have to add some special code to deal with this case. -</i>)<code> -<li>NCR (x86) -<li>NEC (mips) -<li>OS2 (x86) -<li>OSF (alpha) -<li>ReliantUNIX (mips) -<li>SCO (x86) -<li>SOLARIS (sparc) -<li>SONY (mips) -<li>SUNOS (sparc) -<li>UnixWare (x86) -<li>WIN16 (x86) -<li>WIN95 (x86) -<li>WINNT (x86) -</ul> -</code> -Examples of valid platform strings: <code>IRIX:6.2:mips, Solaris:5.5.1:sparc, -Linux:2.0.32:x86, WIN95::x86</code>. -</dl> - -<h3>Per-Platform Keys</h3> -These keys only have meaning within the value list of an entry in -the <code>Platforms</code> list. -<dl> -<dt><code>ModuleName</code> (<i>required</i>) -<dd>Gives the common name for the module. This name will be used to -reference the module from Communicator, modutil, servers, or any other -program that uses the Netscape security module database. -<dt><code>ModuleFile</code> (<i>required</i>) -<dd>Names the PKCS #11 module file (DLL or .so) for this platform. The name -is given as the relative path of the file within the JAR archive. -<dt><code>Files</code> (<i>required</i>) -<dd>Lists the files that should be installed for this module. Each entry -in the file list is a key-value pair: the key is the path of the file in -the JAR archive, and -the valuelist contains attributes of the file. At least RelativePath and -AbsoluteDir must be specified in this valuelist. -<dt><code>DefaultMechanismFlags</code> -<dd>This key-value pair specifies -of which mechanisms this module will be a default provider. It is a bitstring -specified in hexadecimal (0x) format. It is constructed as a bitwise OR -of the following constants. If the <code>DefaultMechanismFlags</code> -entry is omitted, the value will default to 0x0. -<blockquote><pre> -RSA: 0x0000 0001 -DSA: 0x0000 0002 -RC2: 0x0000 0004 -RC4: 0x0000 0008 -DES: 0x0000 0010 -DH: 0x0000 0020 -FORTEZZA: 0x0000 0040 -RC5: 0x0000 0080 -SHA1: 0x0000 0100 -MD5: 0x0000 0200 -MD2: 0x0000 0400 -RANDOM: 0x0800 0000 -FRIENDLY: 0x1000 0000 -OWN_PW_DEFAULTS: 0x2000 0000 -DISABLE: 0x4000 0000 -</pre></blockquote> -<dt><code>CipherEnableFlags</code> -<dd>This key-value pair specifies -which SSL ciphers will be enabled. It is a bitstring specified in -hexadecimal (0x) format. It is constructed as a bitwise OR of the following -constants. If the <code>CipherEnableFlags</code> entry is omitted, the -value will default to 0x0. -<blockquote><pre> -FORTEZZA: 0x0000 0001 -</pre></blockquote> -<dt><code>EquivalentPlatform</code> -<dd>Specifies that the attributes of the named platform should also be used -for the current platform. Saves typing when there is more than one platform -that uses the same settings. -</dl> - -<h3>Per-File Keys</h3> -These keys only have meaning within the valuelist of an entry in a -<code>Files</code> list. At least one of <code>RelativePath</code> and -<code>AbsolutePath</code> must be specified. If both are specified, the -relative path will be tried first and the absolute path used only if no -relative root directory is provided by the installer program. -<dl> -<dt><code>RelativePath</code> -<dd>Specifies the destination directory of the file, relative to some directory -decided at install-time. Two variables can be used in the relative -path, "%root%" and "%temp%". "%root%" will be replaced at run-time with -the directory relative to which files should be installed; for -example, it may be the server's root directory or Communicator's root -directory. "%temp%" is a directory that will be created at the beginning -of the installation and destroyed at the end of the installation. Its purpose -is to hold executable files (such as setup programs), or files that are -used by these programs. For example, a Windows installation might consist -of a <code>setup.exe</code> installation program, a help file, and a .cab file -containing compressed information. All these files could be installed into the -temporary directory. Files destined for the temporary directory are guaranteed -to be in place before any executable file is run, and will not be deleted -until all executable files have finished. -<dt><code>AbsoluteDir</code> -<dd>Specifies the destination directory of the file as an absolute path. -This will only be used if the installer is unable to determine a -relative directory. -<dt><code>Executable</code> -<dd>This string specifies that the file is to be executed during the -course of the -installation. Typically this would be used for a setup program provided -by a module vendor, such as a self-extracting <code>setup.exe</code>. -More than one file can be specified as executable, in which case they will -be run in the order they are specified in the script file. -<dt><code>FilePermissions</code> -<dd>This string is interpreted as a string of octal digits, according to the -standard UNIX format. It is a bitwise OR of the following constants: -<blockquote><pre> -user read: 400 -user write: 200 -user execute: 100 -group read: 040 -group write: 020 -group execute: 010 -other read: 004 -other write: 002 -other execute: 001 -</pre></blockquote> -Some platforms may not understand these permissions. They will only be -applied insofar as makes sense for the current platform. If this attribute -is omitted, a default of 777 is assumed. - -</body> -</html> diff --git a/security/nss/cmd/modutil/rules.mk b/security/nss/cmd/modutil/rules.mk deleted file mode 100644 index b34662513..000000000 --- a/security/nss/cmd/modutil/rules.mk +++ /dev/null @@ -1,54 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -# -# Some versions of yacc generate files that include platform-specific -# system headers. For example, the yacc in Solaris 2.6 inserts -# #include <values.h> -# which does not exist on NT. For portability, always use Berkeley -# yacc (such as the yacc in Linux) to generate files. -# - -generate: installparse.c installparse.l - -installparse.c: - yacc -p Pk11Install_yy -d installparse.y - mv y.tab.c installparse.c - mv y.tab.h installparse.h - -installparse.l: - lex -olex.Pk11Install_yy.c -PPk11Install_yy installparse.l - @echo - @echo "**YOU MUST COMMENT OUT UNISTD.H FROM lex.Pk11Install_yy.cpp**" - -install.c: install-ds.h install.h diff --git a/security/nss/cmd/modutil/specification.html b/security/nss/cmd/modutil/specification.html deleted file mode 100644 index 48a1ab7cd..000000000 --- a/security/nss/cmd/modutil/specification.html +++ /dev/null @@ -1,351 +0,0 @@ -<html> -<!-- - - The contents of this file are subject to the Mozilla Public - - License Version 1.1 (the "License"); you may not use this file - - except in compliance with the License. You may obtain a copy of - - the License at http://www.mozilla.org/MPL/ - - - - Software distributed under the License is distributed on an "AS - - IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - - implied. See the License for the specific language governing - - rights and limitations under the License. - - - - The Original Code is the Netscape security libraries. - - - - The Initial Developer of the Original Code is Netscape - - Communications Corporation. Portions created by Netscape are - - Copyright (C) 1994-2000 Netscape Communications Corporation. All - - Rights Reserved. - - - - Contributor(s): - - - - Alternatively, the contents of this file may be used under the - - terms of the GNU General Public License Version 2 or later (the - - "GPL"), in which case the provisions of the GPL are applicable - - instead of those above. If you wish to allow use of your - - version of this file only under the terms of the GPL and not to - - allow others to use your version of this file under the MPL, - - indicate your decision by deleting the provisions above and - - replace them with the notice and other provisions required by - - the GPL. If you do not delete the provisions above, a recipient - - may use your version of this file under either the MPL or the - - GPL. - --> -<head> -<title>Modutil Specification</title> -</head> -<body bgcolor=white fgcolor=black> -<center><h1>PKCS #11 Module Management Utility -<br><i>Specification</i></h1></center> - -<!----------------------------------------------------------------------> -<!-------------------------- capabilities ------------------------------> -<!----------------------------------------------------------------------> -<h2>Capabilities</h2> -<ul> -<li>Add a PKCS #11 module, specifying a name and library file. -(<a href="#add">-add</a>) -<li>Add a PKCS #11 module from a server-formatted JAR file. -(<a href="#jar">-jar</a>) -<li>Change the password on or initialize a token. -(<a href="#changepw">-changepw</a>) -<li>Create databases (secmod[ule].db, key3.db, cert7.db) from scratch. -(<a href="#create">-create</a>) -<li>Switch to and from FIPS-140-1 compliant mode. -(<a href="#fips">-fips</a>) -<li>Delete a PKCS #11 module. (<a href="#delete">-delete</a>) -<li>List installed PKCS #11 modules. (<a href="#list">-list</a>) -<li>List detailed info on a particular module and its tokens, including -whether needs login, is hardware, needs user init -(<a href="#list">-list</a>) -<li>Specify which modules should be the default provider of various -cryptographic operations.(<a href="#default">-default</a>, -<a href="#undefault">-undefault</a>) -<li>Disable and enable slots, find out whether and why they are disabled. -(<a href="#disable">-disable</a>, <a href="#enable">-enable</a>, -<a href="#list">-list</a>) -</ul> - -<hr> - -<!----------------------------------------------------------------------> -<!-------------------------- Usage -------------------------------------> -<!----------------------------------------------------------------------> -<h2>Usage</h2> -<code>modutil [<i>command</i>] [<i>options</i>]</code> -<p>At most one command can be specified. With no arguments, -<code>modutil</code> prints a usage message. -<h3>Commands:</h3> -<table border> -<tr bgcolor="#cccccc"> -<th>Command</th><th>Description</th> -</tr> - -<!---------------------------- -add ------------------------------> -<tr> -<td> <a name="add"></a> -<code>-add <u><i>module name</i></u> -libfile <u><i>library file</i></u> - [-ciphers <u><i>cipher enable list</i></u>] - [-mechanisms <u><i>default mechanism list</i></u>] -</code></td> -<td>Adds a new module to the database with the given name. - -<p><u><i>library file</i></u> is the path of the DLL or other library file -containing the module's implementation of the PKCS #11 interface. - -<p><u><i>cipher enable flags</i></u> is a colon-separated list of ciphers -that will be enabled on this module. The list should be enclosed within quotes -if necessary to prevent shell interpretation. The following ciphers are -currently available: -<ul> -<li>FORTEZZA -</ul> - -<p><u><i>default mechanism flags</i></u> is a colon-separated list of -mechanisms for which this module should be the default provider. The -list should be enclosed within quotes if necessary to prevent shell -interpretation. <b>This -list does not enable the mechanisms; it only specifies that this module -will be a default provider for the listed mechanisms.</b> If more than -one module claims to be a default provider for a given mechanism, it is -undefined which will actually be chosen to provide that mechanism. The -following mechanisms are currently available: -<ul> -<li>RSA -<li>DSA -<li>RC2 -<li>RC4 -<li>RC5 -<li>DES -<li>DH -<li>FORTEZZA -<li>SHA1 -<li>MD5 -<li>MD2 -<li>RANDOM <i>(random number generation)</i> -<li>FRIENDLY <i>(certificates are publicly-readable)</i> -</ul> -</td> -</tr> - -<!-------------------------- -changepw -------------------------------------> -<tr> -<td><a name="changepw"></a><code>-changepw <u><i>token name</i></u> -[-pwfile <u><i>old password file</i></u>] -[-newpwfile <u><i>new password file</i></u>]</code></td> -<td>Changes the password on the named token. If the token has not been -initialized, this command will initialize the PIN. -If a password file is given, the password will be read from that file; -otherwise, the password will be obtained interactively. -<b>Storing passwords in a file is much less secure than supplying them -interactively.</b> -<p>The password on the Netscape internal module cannot be changed if -the <code>-nocertdb</code> option is specified. -</td> -</tr> - -<!-------------------------- -create -------------------------------------> -<tr> -<td><a name="create"></a><code>-create</code></td> -<td>Creates a new secmod[ule].db, key3.db, and cert7.db in the directory -specified with the -<code>-dbdir</code> option, if one is specified. If no directory is -specified, UNIX systems will use the user's .netscape directory, while other -systems will return with an error message. If any of these databases already -exist in the chosen directory, an error message is returned. -<p>If used with <code>-nocertdb</code>, only secmod[ule].db will be created; -cert7.db and key3.db will not be created. -</td> -</tr> - -<!------------------------------ -default --------------------------------> -<tr> -<td> <a name="default"></a> <code>-default <u><i>module name</i></u> --mechanisms <u><i>mechanism list</i></u></code> -</td> -<td>Specifies that the given module will be a default provider of the -listed mechanisms. The mechanism list is the same as in the <code>-add</code> -command. -</td> -</tr> - -<!-------------------------- -delete -------------------------------------> -<tr> -<td><a name="delete"></a><code>-delete <u><i>module name</i></u></code></td> -<td>Deletes the named module from the database</td> -</tr> - -<!-------------------------- -disable -------------------------------------> -<tr> -<td> <a name="disable"></a> <code>-disable <u><i>module name</i></u> -[-slot <u><i>slot name</i></u>]</code></td> -<td>Disables the named slot. If no slot is specified, all slots on -the module are disabled.</td> -</tr> - -<!-------------------------- -enable -------------------------------------> -<tr> -<td> <a name="enable"></a> <code>-enable <u><i>module name</i></u> -[-slot <u><i>slot name</i></u>]</code></td> -<td>Enables the named slot. If no slot is specified, all slots on -the module are enabled.</td> -</tr> - -<!-------------------------- -fips -------------------------------------> -<tr> -<td><a name="fips"></a><code>-fips [true | false]</code></td> -<td>Enables or disables FIPS mode on the internal module. Passing -<code>true</code> enables FIPS mode, passing <code>false</code> disables -FIPS mode.</td> -</tr> - -<!-------------------------- -force -------------------------------------> -<tr> -<td><a name="force"></a><code>-force</code></td> -<td>Disables interactive prompts, so modutil can be run in a script. -Should only be used by experts, since the prompts may relate to security -or database integrity. Before using this option, test the command -interactively once to see the warnings that are produced.</td> -</tr> - -<!-------------------------- -jar -------------------------------------> -<tr> -<td><a name="jar"></a><code>-jar <u><i>JAR file</i></u> --installdir <u><i>root installation directory</i></u> -[-tempdir <u><i>temporary directory</i></u>]</code></td> -<td>Adds a new module from the given JAR file. The JAR file uses the -server <a href="pk11jar.html">PKCS #11 JAR format</a> to describe the names of -any files that need to be installed, the name of the module, mechanism flags, -and cipher flags. The <u><i>root installation directory</i></u> -is the directory relative to which files will be installed. This should be a - directory -under which it would be natural to store dynamic library files, such as -a server's root directory, or Communicator's root directory. -The <u><i>temporary directory</i></u> is where temporary modutil files -will be created in the course of the installation. If no temporary directory -is specified, the current directory will be used. -<p>If used with the <code>-nocertdb</code> option, the signatures on the JAR -file will not be checked.</td> -</tr> - -<!----------------------------- -list ------------------------------> -<tr> -<td><a name="list"></a><code>-list [<u><i>module name</i></u>]</code></td> -<td>Without an argument, lists the PKCS #11 modules present in the module -database. -<blockquote> -<pre> -% <b>modutil -list</b> -Using database directory /u/nicolson/.netscape... - -Listing of PKCS #11 Modules ------------------------------------------------------------ - 1. Netscape Internal PKCS #11 Module - slots: 2 slots attached - status: loaded - - slot: Communicator Internal Cryptographic Services Version 4.0 - token: Communicator Generic Crypto Svcs - - slot: Communicator User Private Key and Certificate Services - token: Communicator Certificate DB ------------------------------------------------------------ -</pre> -</blockquote> -<p>With an argument, provides a detailed description of the named module -and its slots and tokens. -<blockquote> -<pre> -% <b>modutil -list "Netscape Internal PKCS #11 Module"</b> -Using database directory /u/nicolson/.netscape... - ------------------------------------------------------------ -Name: Netscape Internal PKCS #11 Module -Library file: **Internal ONLY module** -Manufacturer: Netscape Communications Corp -Description: Communicator Internal Crypto Svc -PKCS #11 Version 2.0 -Library Version: 4.0 -Cipher Enable Flags: None -Default Mechanism Flags: RSA:DSA:RC2:RC4:DES:SHA1:MD5:MD2 - - Slot: Communicator Internal Cryptographic Services Version 4.0 - Manufacturer: Netscape Communications Corp - Type: Software - Version Number: 4.1 - Firmware Version: 0.0 - Status: Enabled - Token Name: Communicator Generic Crypto Svcs - Token Manufacturer: Netscape Communications Corp - Token Model: Libsec 4.0 - Token Serial Number: 0000000000000000 - Token Version: 4.0 - Token Firmware Version: 0.0 - Access: Write Protected - Login Type: Public (no login required) - User Pin: NOT Initialized - - Slot: Communicator User Private Key and Certificate Services - Manufacturer: Netscape Communications Corp - Type: Software - Version Number: 3.0 - Firmware Version: 0.0 - Status: Enabled - Token Name: Communicator Certificate DB - Token Manufacturer: Netscape Communications Corp - Token Model: Libsec 4.0 - Token Serial Number: 0000000000000000 - Token Version: 7.0 - Token Firmware Version: 0.0 - Access: NOT Write Protected - Login Type: Login required - User Pin: Initialized - ------------------------------------------------------------ -</pre> -</blockquote> -</td> -</tr> - -<!------------------------------ Undefault -------------------------------> -<tr> -<td><a name="undefault"></a><code>-undefault <u><i>module name</i></u> --mechanisms <u><i>mechanism list</i></u></code></td> -<td>Specifies that the given module will NOT be a default provider of -the listed mechanisms. This command clears the default mechanism flags -for the given module.</td> -</tr> - -</table> - -<!------------------------------------------------------------------------> -<!------------------------------ Options ---------------------------------> -<!------------------------------------------------------------------------> -<h3>Options:</h3> -<table border> -<tr bgcolor="#cccccc"><th>Option</th><th>Description</th> </tr> - -<!------------------------------ -dbdir ----------------------------------> -<tr> -<td><code>-dbdir <u><i>directory</i></u></code></td> -<td>Specifies which directory holds the module database. On UNIX systems, -the user's netscape directory is the default. On other systems, there is -no default, and this option must be used.</td> -</tr> - -<!------------------------------ -dbdir ----------------------------------> -<tr> -<td><code>-nocertdb</code></td> -<td>Do not open the certificate or key databases. This has several effects. -With the <code>-create</code> command, this means that only a secmod.db file -will be created; cert7.db and key3.db will not be created. With the -<code>-jar</code> command, signatures on the JAR file will not be checked. -With the <code>-changepw</code> command, the password on the Netscape internal -module cannot be set or changed, since this password is stored in key3.db. -</td> -</tr> - -</table> - -</body> -</html> diff --git a/security/nss/cmd/ocspclnt/Makefile b/security/nss/cmd/ocspclnt/Makefile deleted file mode 100644 index 490f738e5..000000000 --- a/security/nss/cmd/ocspclnt/Makefile +++ /dev/null @@ -1,73 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - -include ../platlibs.mk - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - - -include ../platrules.mk diff --git a/security/nss/cmd/ocspclnt/manifest.mn b/security/nss/cmd/ocspclnt/manifest.mn deleted file mode 100644 index 68a84b8c7..000000000 --- a/security/nss/cmd/ocspclnt/manifest.mn +++ /dev/null @@ -1,54 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -CORE_DEPTH = ../../.. - -# MODULE public and private header directories are implicitly REQUIRED. -MODULE = nss - -CSRCS = \ - ocspclnt.c \ - $(NULL) - -# headers for the MODULE (defined above) are implicitly required. -REQUIRES = dbm seccmd - -# WINNT uses EXTRA_LIBS as the list of libs to link in. -# Unix uses OS_LIBS for that purpose. -# We can solve this via conditional makefile code, but -# can't do this in manifest.mn because OS_ARCH isn't defined there. -# So, look in the local Makefile for the defines for the list of libs. - -PROGRAM = ocspclnt - -USE_STATIC_LIBS = 1 diff --git a/security/nss/cmd/ocspclnt/ocspclnt.c b/security/nss/cmd/ocspclnt/ocspclnt.c deleted file mode 100644 index 309d08538..000000000 --- a/security/nss/cmd/ocspclnt/ocspclnt.c +++ /dev/null @@ -1,1221 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -/* - * Test program for client-side OCSP. - * - * $Id$ - */ - -#include "secutil.h" -#include "nspr.h" -#include "plgetopt.h" -#include "nss.h" -#include "cert.h" -#include "ocsp.h" -#include "xconst.h" /* - * XXX internal header file; needed to get at - * cert_DecodeAuthInfoAccessExtension -- would be - * nice to not need this, but that would require - * better/different APIs. - */ - -#ifndef NO_PP /* - * Compile with this every once in a while to be - * sure that no dependencies on it get added - * outside of the pretty-printing routines. - */ -#include "ocspti.h" /* internals for pretty-printing routines *only* */ -#endif /* NO_PP */ - -#define DEFAULT_DB_DIR "~/.netscape" - - -static void -synopsis (char *program_name) -{ - PRFileDesc *pr_stderr; - - pr_stderr = PR_STDERR; - PR_fprintf (pr_stderr, "Usage:"); - PR_fprintf (pr_stderr, - "\t%s -p [-d <dir>]\n", - program_name); - PR_fprintf (pr_stderr, - "\t%s -P [-d <dir>]\n", - program_name); - PR_fprintf (pr_stderr, - "\t%s -r <name> [-L] [-s <name>] [-d <dir>]\n", - program_name); - PR_fprintf (pr_stderr, - "\t%s -R <name> [-l <location>] [-s <name>] [-d <dir>]\n", - program_name); - PR_fprintf (pr_stderr, - "\t%s -S <name> [-l <location> -t <name>]\n", - program_name); - PR_fprintf (pr_stderr, - "\t\t [-s <name>] [-w <time>] [-d <dir>]\n"); - PR_fprintf (pr_stderr, - "\t%s -V <name> -u <usage> [-l <location> -t <name>]\n", - program_name); - PR_fprintf (pr_stderr, - "\t\t [-s <name>] [-w <time>] [-d <dir>]\n"); -} - - -static void -short_usage (char *program_name) -{ - PR_fprintf (PR_STDERR, - "Type %s -H for more detailed descriptions\n", - program_name); - synopsis (program_name); -} - - -static void -long_usage (char *program_name) -{ - PRFileDesc *pr_stderr; - - pr_stderr = PR_STDERR; - synopsis (program_name); - PR_fprintf (pr_stderr, "\nCommands (must specify exactly one):\n"); - PR_fprintf (pr_stderr, - " %-13s Pretty-print a binary request read from stdin\n", - "-p"); - PR_fprintf (pr_stderr, - " %-13s Pretty-print a binary response read from stdin\n", - "-P"); - PR_fprintf (pr_stderr, - " %-13s Create a request for cert \"nickname\" on stdout\n", - "-r nickname"); - PR_fprintf (pr_stderr, - " %-13s Get response for cert \"nickname\", dump to stdout\n", - "-R nickname"); - PR_fprintf (pr_stderr, - " %-13s Get status for cert \"nickname\"\n", - "-S nickname"); - PR_fprintf (pr_stderr, - " %-13s Fully verify cert \"nickname\", w/ status check\n", - "-V nickname"); - PR_fprintf (pr_stderr, "Options:\n"); - PR_fprintf (pr_stderr, - " %-13s Add the service locator extension to the request\n", - "-L"); - PR_fprintf (pr_stderr, - " %-13s Find security databases in \"dbdir\" (default %s)\n", - "-d dbdir", DEFAULT_DB_DIR); - PR_fprintf (pr_stderr, - " %-13s Use \"location\" as URL of responder\n", - "-l location"); - PR_fprintf (pr_stderr, - " %-13s Trust cert \"nickname\" as response signer\n", - "-t nickname"); - PR_fprintf (pr_stderr, - " %-13s Sign requests with cert \"nickname\"\n", - "-s nickname"); - PR_fprintf (pr_stderr, - " %-13s Type of certificate usage for verification:\n", - "-u usage"); - PR_fprintf (pr_stderr, - "%-17s c SSL Client\n", ""); - PR_fprintf (pr_stderr, - "%-17s s SSL Server\n", ""); - PR_fprintf (pr_stderr, - "%-17s e Email Recipient\n", ""); - PR_fprintf (pr_stderr, - "%-17s E Email Signer\n", ""); - PR_fprintf (pr_stderr, - "%-17s S Object Signer\n", ""); - PR_fprintf (pr_stderr, - "%-17s C CA\n", ""); - PR_fprintf (pr_stderr, - " %-13s Validity time (default current time), one of:\n", - "-w time"); - PR_fprintf (pr_stderr, - "%-17s %-25s (GMT)\n", "", "YYMMDDhhmm[ss]Z"); - PR_fprintf (pr_stderr, - "%-17s %-25s (later than GMT)\n", "", "YYMMDDhhmm[ss]+hhmm"); - PR_fprintf (pr_stderr, - "%-17s %-25s (earlier than GMT)\n", "", "YYMMDDhhmm[ss]-hhmm"); -} - - -/* - * XXX This is a generic function that would probably make a good - * replacement for SECU_DER_Read (which is not at all specific to DER, - * despite its name), but that requires fixing all of the tools... - * Still, it should be done, whenenver I/somebody has the time. - * (Also, consider whether this actually belongs in the security - * library itself, not just in the command library.) - * - * This function takes an open file (a PRFileDesc *) and reads the - * entire file into a SECItem. (Obviously, the file is intended to - * be small enough that such a thing is advisable.) Both the SECItem - * and the buffer it points to are allocated from the heap; the caller - * is expected to free them. ("SECITEM_FreeItem(item, PR_TRUE)") - */ -static SECItem * -read_file_into_item (PRFileDesc *in_file, SECItemType si_type) -{ - PRStatus prv; - SECItem *item; - PRFileInfo file_info; - PRInt32 bytes_read; - - prv = PR_GetOpenFileInfo (in_file, &file_info); - if (prv != PR_SUCCESS) - return NULL; - - if (file_info.size == 0) { - /* XXX Need a better error; just grabbed this one for expediency. */ - PORT_SetError (SEC_ERROR_INPUT_LEN); - return NULL; - } - - if (file_info.size > 0xffff) { /* I think this is too big. */ - PORT_SetError (SEC_ERROR_NO_MEMORY); - return NULL; - } - - item = PORT_Alloc (sizeof (SECItem)); - if (item == NULL) - return NULL; - - item->type = si_type; - item->len = (unsigned int) file_info.size; - item->data = PORT_Alloc ((size_t)item->len); - if (item->data == NULL) - goto loser; - - bytes_read = PR_Read (in_file, item->data, (PRInt32) item->len); - if (bytes_read < 0) { - /* Something went wrong; error is already set for us. */ - goto loser; - } else if (bytes_read == 0) { - /* Something went wrong; we read nothing. But no system/nspr error. */ - /* XXX Need to set an error here. */ - goto loser; - } else if (item->len != (unsigned int)bytes_read) { - /* Something went wrong; we read less (or more!?) than we expected. */ - /* XXX Need to set an error here. */ - goto loser; - } - - return item; - -loser: - SECITEM_FreeItem (item, PR_TRUE); - return NULL; -} - - -/* - * Create a DER-encoded OCSP request (for the certificate whose nickname - * is "name") and dump it out. - */ -static SECStatus -create_request (FILE *out_file, CERTCertDBHandle *handle, const char *cert_name, - PRBool add_service_locator, PRBool add_acceptable_responses) -{ - CERTCertificate *cert = NULL; - CERTCertList *certs = NULL; - CERTOCSPRequest *request = NULL; - int64 now = PR_Now(); - SECItem *encoding = NULL; - SECStatus rv = SECFailure; - - if (handle == NULL || cert_name == NULL) - goto loser; - - cert = CERT_FindCertByNicknameOrEmailAddr (handle, (char *) cert_name); - if (cert == NULL) - goto loser; - - /* - * We need to create a list of one. - */ - certs = CERT_NewCertList(); - if (certs == NULL) - goto loser; - - if (CERT_AddCertToListTail (certs, cert) != SECSuccess) - goto loser; - - /* - * Now that cert is included in the list, we need to be careful - * that we do not try to destroy it twice. This will prevent that. - */ - cert = NULL; - - request = CERT_CreateOCSPRequest (certs, now, add_service_locator, NULL); - if (request == NULL) - goto loser; - - if (add_acceptable_responses) { - rv = CERT_AddOCSPAcceptableResponses(request, - SEC_OID_PKIX_OCSP_BASIC_RESPONSE); - if (rv != SECSuccess) - goto loser; - } - - encoding = CERT_EncodeOCSPRequest (NULL, request, NULL); - if (encoding == NULL) - goto loser; - - if (fwrite (encoding->data, encoding->len, 1, out_file) != 1) - goto loser; - - rv = SECSuccess; - -loser: - if (encoding != NULL) - SECITEM_FreeItem(encoding, PR_TRUE); - if (request != NULL) - CERT_DestroyOCSPRequest(request); - if (certs != NULL) - CERT_DestroyCertList (certs); - if (cert != NULL) - CERT_DestroyCertificate (cert); - - return rv; -} - - -/* - * Create a DER-encoded OCSP request (for the certificate whose nickname is - * "cert_name"), then get and dump a corresponding response. The responder - * location is either specified explicitly (as "responder_url") or found - * via the AuthorityInfoAccess URL in the cert. - */ -static SECStatus -dump_response (FILE *out_file, CERTCertDBHandle *handle, const char *cert_name, - const char *responder_url) -{ - CERTCertificate *cert = NULL; - CERTCertList *certs = NULL; - char *loc = NULL; - int64 now = PR_Now(); - SECItem *response = NULL; - SECStatus rv = SECFailure; - PRBool includeServiceLocator; - - if (handle == NULL || cert_name == NULL) - goto loser; - - cert = CERT_FindCertByNicknameOrEmailAddr (handle, (char *) cert_name); - if (cert == NULL) - goto loser; - - if (responder_url != NULL) { - loc = (char *) responder_url; - includeServiceLocator = PR_TRUE; - } else { - loc = CERT_GetOCSPAuthorityInfoAccessLocation (cert); - if (loc == NULL) - goto loser; - includeServiceLocator = PR_FALSE; - } - - /* - * We need to create a list of one. - */ - certs = CERT_NewCertList(); - if (certs == NULL) - goto loser; - - if (CERT_AddCertToListTail (certs, cert) != SECSuccess) - goto loser; - - /* - * Now that cert is included in the list, we need to be careful - * that we do not try to destroy it twice. This will prevent that. - */ - cert = NULL; - - response = CERT_GetEncodedOCSPResponse (NULL, certs, loc, now, - includeServiceLocator, - NULL, NULL, NULL); - if (response == NULL) - goto loser; - - if (fwrite (response->data, response->len, 1, out_file) != 1) - goto loser; - - rv = SECSuccess; - -loser: - if (response != NULL) - SECITEM_FreeItem (response, PR_TRUE); - if (certs != NULL) - CERT_DestroyCertList (certs); - if (loc != NULL && loc != responder_url) - PORT_Free (loc); - if (cert != NULL) - CERT_DestroyCertificate (cert); - - return rv; -} - - -/* - * Get the status for the specified certificate (whose nickname is "cert_name"). - * Directly use the OCSP function rather than doing a full verification. - */ -static SECStatus -get_cert_status (FILE *out_file, CERTCertDBHandle *handle, - const char *cert_name, int64 verify_time) -{ - CERTCertificate *cert = NULL; - SECStatus rv = SECFailure; - - if (handle == NULL || cert_name == NULL) - goto loser; - - cert = CERT_FindCertByNicknameOrEmailAddr (handle, (char *) cert_name); - if (cert == NULL) - goto loser; - - rv = CERT_CheckOCSPStatus (handle, cert, verify_time, NULL); - - fprintf (out_file, "Check of certificate \"%s\" ", cert_name); - if (rv == SECSuccess) { - fprintf (out_file, "succeeded.\n"); - } else { - const char *error_string = SECU_Strerror(PORT_GetError()); - fprintf (out_file, "failed. Reason:\n"); - if (error_string != NULL && PORT_Strlen(error_string) > 0) - fprintf (out_file, "%s\n", error_string); - else - fprintf (out_file, "Unknown\n"); - } - - rv = SECSuccess; - -loser: - if (cert != NULL) - CERT_DestroyCertificate (cert); - - return rv; -} - - -/* - * Verify the specified certificate (whose nickname is "cert_name"). - * OCSP is already turned on, so we just need to call the standard - * certificate verification API and let it do all the work. - */ -static SECStatus -verify_cert (FILE *out_file, CERTCertDBHandle *handle, const char *cert_name, - SECCertUsage cert_usage, int64 verify_time) -{ - CERTCertificate *cert = NULL; - SECStatus rv = SECFailure; - - if (handle == NULL || cert_name == NULL) - goto loser; - - cert = CERT_FindCertByNicknameOrEmailAddr (handle, (char *) cert_name); - if (cert == NULL) - goto loser; - - rv = CERT_VerifyCert (handle, cert, PR_TRUE, cert_usage, verify_time, - NULL, NULL); - - fprintf (out_file, "Verification of certificate \"%s\" ", cert_name); - if (rv == SECSuccess) { - fprintf (out_file, "succeeded.\n"); - } else { - const char *error_string = SECU_Strerror(PORT_GetError()); - fprintf (out_file, "failed. Reason:\n"); - if (error_string != NULL && PORT_Strlen(error_string) > 0) - fprintf (out_file, "%s\n", error_string); - else - fprintf (out_file, "Unknown\n"); - } - - rv = SECSuccess; - -loser: - if (cert != NULL) - CERT_DestroyCertificate (cert); - - return rv; -} - - -#ifdef NO_PP - -static SECStatus -print_request (FILE *out_file, SECItem *data) -{ - fprintf (out_file, "Cannot pretty-print request compiled with NO_PP.\n"); - return SECSuccess; -} - -static SECStatus -print_response (FILE *out_file, SECItem *data, CERTCertDBHandle *handle) -{ - fprintf (out_file, "Cannot pretty-print response compiled with NO_PP.\n"); - return SECSuccess; -} - -#else /* NO_PP */ - -static void -print_ocsp_version (FILE *out_file, SECItem *version, int level) -{ - if (version->len > 0) { - SECU_PrintInteger (out_file, version, "Version", level); - } else { - SECU_Indent (out_file, level); - fprintf (out_file, "Version: DEFAULT\n"); - } -} - - -static void -print_ocsp_cert_id (FILE *out_file, CERTOCSPCertID *cert_id, int level) -{ - SECU_Indent (out_file, level); - fprintf (out_file, "Cert ID:\n"); - level++; - - SECU_PrintAlgorithmID (out_file, &(cert_id->hashAlgorithm), - "Hash Algorithm", level); - SECU_PrintAsHex (out_file, &(cert_id->issuerNameHash), - "Issuer Name Hash", level); - SECU_PrintAsHex (out_file, &(cert_id->issuerKeyHash), - "Issuer Key Hash", level); - SECU_PrintInteger (out_file, &(cert_id->serialNumber), - "Serial Number", level); - /* XXX lookup the cert; if found, print something nice (nickname?) */ -} - - -static void -print_raw_certificates (FILE *out_file, SECItem **raw_certs, int level) -{ - SECItem *raw_cert; - int i = 0; - char cert_label[50]; - - SECU_Indent (out_file, level); - - if (raw_certs == NULL) { - fprintf (out_file, "No Certificates.\n"); - return; - } - - fprintf (out_file, "Certificate List:\n"); - while ((raw_cert = raw_certs[i++]) != NULL) { - sprintf (cert_label, "Certificate (%d)", i); - (void) SECU_PrintSignedData (out_file, raw_cert, cert_label, level + 1, - SECU_PrintCertificate); - } -} - - -static void -print_ocsp_extensions (FILE *out_file, CERTCertExtension **extensions, - char *msg, int level) -{ - if (extensions) { - SECU_PrintExtensions (out_file, extensions, msg, level); - } else { - SECU_Indent (out_file, level); - fprintf (out_file, "No %s\n", msg); - } -} - - -static void -print_single_request (FILE *out_file, ocspSingleRequest *single, int level) -{ - print_ocsp_cert_id (out_file, single->reqCert, level); - print_ocsp_extensions (out_file, single->singleRequestExtensions, - "Single Request Extensions", level); -} - - -/* - * Decode the DER/BER-encoded item "data" as an OCSP request - * and pretty-print the subfields. - */ -static SECStatus -print_request (FILE *out_file, SECItem *data) -{ - CERTOCSPRequest *request; - ocspTBSRequest *tbsRequest; - int level = 0; - - PORT_Assert (out_file != NULL); - PORT_Assert (data != NULL); - if (out_file == NULL || data == NULL) { - PORT_SetError (SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - - request = CERT_DecodeOCSPRequest (data); - if (request == NULL || request->tbsRequest == NULL) - return SECFailure; - - tbsRequest = request->tbsRequest; - - fprintf (out_file, "TBS Request:\n"); - level++; - - print_ocsp_version (out_file, &(tbsRequest->version), level); - - /* - * XXX Probably should be an interface to get the signer name - * without looking inside the tbsRequest at all. - */ - if (tbsRequest->requestorName != NULL) { - SECU_Indent (out_file, level); - fprintf (out_file, "XXX print the requestorName\n"); - } else { - SECU_Indent (out_file, level); - fprintf (out_file, "No Requestor Name.\n"); - } - - if (tbsRequest->requestList != NULL) { - int i; - - for (i = 0; tbsRequest->requestList[i] != NULL; i++) { - SECU_Indent (out_file, level); - fprintf (out_file, "Request %d:\n", i); - print_single_request (out_file, tbsRequest->requestList[i], - level + 1); - } - } else { - fprintf (out_file, "Request list is empty.\n"); - } - - print_ocsp_extensions (out_file, tbsRequest->requestExtensions, - "Request Extensions", level); - - if (request->optionalSignature != NULL) { - ocspSignature *whole_sig; - SECItem rawsig; - - fprintf (out_file, "Signature:\n"); - - whole_sig = request->optionalSignature; - SECU_PrintAlgorithmID (out_file, &(whole_sig->signatureAlgorithm), - "Signature Algorithm", level); - - rawsig = whole_sig->signature; - DER_ConvertBitString (&rawsig); - SECU_PrintAsHex (out_file, &rawsig, "Signature", level); - - print_raw_certificates (out_file, whole_sig->derCerts, level); - - fprintf (out_file, "XXX verify the sig and print result\n"); - } else { - fprintf (out_file, "No Signature\n"); - } - - CERT_DestroyOCSPRequest (request); - return SECSuccess; -} - - -static void -print_revoked_info (FILE *out_file, ocspRevokedInfo *revoked_info, int level) -{ - SECU_PrintGeneralizedTime (out_file, &(revoked_info->revocationTime), - "Revocation Time", level); - - if (revoked_info->revocationReason != NULL) { - SECU_PrintAsHex (out_file, revoked_info->revocationReason, - "Revocation Reason", level); - } else { - SECU_Indent (out_file, level); - fprintf (out_file, "No Revocation Reason.\n"); - } -} - - -static void -print_cert_status (FILE *out_file, ocspCertStatus *status, int level) -{ - SECU_Indent (out_file, level); - fprintf (out_file, "Status: "); - - switch (status->certStatusType) { - case ocspCertStatus_good: - fprintf (out_file, "Cert is good.\n"); - break; - case ocspCertStatus_revoked: - fprintf (out_file, "Cert has been revoked.\n"); - print_revoked_info (out_file, status->certStatusInfo.revokedInfo, - level + 1); - break; - case ocspCertStatus_unknown: - fprintf (out_file, "Cert is unknown to responder.\n"); - break; - default: - fprintf (out_file, "Unrecognized status.\n"); - break; - } -} - - -static void -print_single_response (FILE *out_file, CERTOCSPSingleResponse *single, - int level) -{ - print_ocsp_cert_id (out_file, single->certID, level); - - print_cert_status (out_file, single->certStatus, level); - - SECU_PrintGeneralizedTime (out_file, &(single->thisUpdate), - "This Update", level); - - if (single->nextUpdate != NULL) { - SECU_PrintGeneralizedTime (out_file, single->nextUpdate, - "Next Update", level); - } else { - SECU_Indent (out_file, level); - fprintf (out_file, "No Next Update\n"); - } - - print_ocsp_extensions (out_file, single->singleExtensions, - "Single Response Extensions", level); -} - - -static void -print_responder_id (FILE *out_file, ocspResponderID *responderID, int level) -{ - SECU_Indent (out_file, level); - fprintf (out_file, "Responder ID "); - - switch (responderID->responderIDType) { - case ocspResponderID_byName: - fprintf (out_file, "(byName):\n"); - SECU_PrintName (out_file, &(responderID->responderIDValue.name), - "Name", level + 1); - break; - case ocspResponderID_byKey: - fprintf (out_file, "(byKey):\n"); - SECU_PrintAsHex (out_file, &(responderID->responderIDValue.keyHash), - "Key Hash", level + 1); - break; - default: - fprintf (out_file, "Unrecognized Responder ID Type\n"); - break; - } -} - - -static void -print_response_data (FILE *out_file, ocspResponseData *responseData, int level) -{ - SECU_Indent (out_file, level); - fprintf (out_file, "Response Data:\n"); - level++; - - print_ocsp_version (out_file, &(responseData->version), level); - - print_responder_id (out_file, responseData->responderID, level); - - SECU_PrintGeneralizedTime (out_file, &(responseData->producedAt), - "Produced At", level); - - if (responseData->responses != NULL) { - int i; - - for (i = 0; responseData->responses[i] != NULL; i++) { - SECU_Indent (out_file, level); - fprintf (out_file, "Response %d:\n", i); - print_single_response (out_file, responseData->responses[i], - level + 1); - } - } else { - fprintf (out_file, "Response list is empty.\n"); - } - - print_ocsp_extensions (out_file, responseData->responseExtensions, - "Response Extensions", level); -} - - -static void -print_basic_response (FILE *out_file, ocspBasicOCSPResponse *basic, int level) -{ - SECItem rawsig; - - SECU_Indent (out_file, level); - fprintf (out_file, "Basic OCSP Response:\n"); - level++; - - print_response_data (out_file, basic->tbsResponseData, level); - - SECU_PrintAlgorithmID (out_file, - &(basic->responseSignature.signatureAlgorithm), - "Signature Algorithm", level); - - rawsig = basic->responseSignature.signature; - DER_ConvertBitString (&rawsig); - SECU_PrintAsHex (out_file, &rawsig, "Signature", level); - - print_raw_certificates (out_file, basic->responseSignature.derCerts, level); -} - - -/* - * Note this must match (exactly) the enumeration ocspResponseStatus. - */ -static char *responseStatusNames[] = { - "successful (Response has valid confirmations)", - "malformedRequest (Illegal confirmation request)", - "internalError (Internal error in issuer)", - "tryLater (Try again later)", - "unused ((4) is not used)", - "sigRequired (Must sign the request)", - "unauthorized (Request unauthorized)", - "other (Status value out of defined range)" -}; - -/* - * Decode the DER/BER-encoded item "data" as an OCSP response - * and pretty-print the subfields. - */ -static SECStatus -print_response (FILE *out_file, SECItem *data, CERTCertDBHandle *handle) -{ - CERTOCSPResponse *response; - int level = 0; - - PORT_Assert (out_file != NULL); - PORT_Assert (data != NULL); - if (out_file == NULL || data == NULL) { - PORT_SetError (SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - - response = CERT_DecodeOCSPResponse (data); - if (response == NULL) - return SECFailure; - - PORT_Assert (response->statusValue <= ocspResponse_other); - fprintf (out_file, "Response Status: %s\n", - responseStatusNames[response->statusValue]); - - if (response->statusValue == ocspResponse_successful) { - ocspResponseBytes *responseBytes = response->responseBytes; - SECStatus sigStatus; - CERTCertificate *signerCert = NULL; - - PORT_Assert (responseBytes != NULL); - - level++; - fprintf (out_file, "Response Bytes:\n"); - SECU_PrintObjectID (out_file, &(responseBytes->responseType), - "Response Type", level); - switch (response->responseBytes->responseTypeTag) { - case SEC_OID_PKIX_OCSP_BASIC_RESPONSE: - print_basic_response (out_file, - responseBytes->decodedResponse.basic, - level); - break; - default: - SECU_Indent (out_file, level); - fprintf (out_file, "Unknown response syntax\n"); - break; - } - - sigStatus = CERT_VerifyOCSPResponseSignature (response, handle, - NULL, &signerCert, NULL); - SECU_Indent (out_file, level); - fprintf (out_file, "Signature verification "); - if (sigStatus != SECSuccess) { - fprintf (out_file, "failed: %s\n", SECU_Strerror (PORT_GetError())); - } else { - fprintf (out_file, "succeeded.\n"); - if (signerCert != NULL) { - SECU_PrintName (out_file, &signerCert->subject, "Signer", - level); - CERT_DestroyCertificate (signerCert); - } else { - SECU_Indent (out_file, level); - fprintf (out_file, "No signer cert returned?\n"); - } - } - } else { - SECU_Indent (out_file, level); - fprintf (out_file, "Unsuccessful response, no more information.\n"); - } - - CERT_DestroyOCSPResponse (response); - return SECSuccess; -} - -#endif /* NO_PP */ - - -static SECStatus -cert_usage_from_char (const char *cert_usage_str, SECCertUsage *cert_usage) -{ - PORT_Assert (cert_usage_str != NULL); - PORT_Assert (cert_usage != NULL); - - if (PORT_Strlen (cert_usage_str) != 1) - return SECFailure; - - switch (*cert_usage_str) { - case 'c': - *cert_usage = certUsageSSLClient; - break; - case 's': - *cert_usage = certUsageSSLServer; - break; - case 'e': - *cert_usage = certUsageEmailRecipient; - break; - case 'E': - *cert_usage = certUsageEmailSigner; - break; - case 'S': - *cert_usage = certUsageObjectSigner; - break; - case 'C': - *cert_usage = certUsageVerifyCA; - break; - default: - return SECFailure; - } - - return SECSuccess; -} - - -int -main (int argc, char **argv) -{ - int retval; - char *program_name; - PRFileDesc *in_file; - FILE *out_file; /* not PRFileDesc until SECU accepts it */ - int crequest, dresponse; - int prequest, presponse; - int ccert, vcert; - const char *db_dir, *date_str, *cert_usage_str, *name; - const char *responder_name, *responder_url, *signer_name; - PRBool add_acceptable_responses, add_service_locator; - SECItem *data = NULL; - PLOptState *optstate; - SECStatus rv; - CERTCertDBHandle *handle = NULL; - SECCertUsage cert_usage; - int64 verify_time; - - retval = -1; /* what we return/exit with on error */ - - program_name = PL_strrchr(argv[0], '/'); - program_name = program_name ? (program_name + 1) : argv[0]; - - in_file = PR_STDIN; - out_file = stdout; - - crequest = 0; - dresponse = 0; - prequest = 0; - presponse = 0; - ccert = 0; - vcert = 0; - - db_dir = NULL; - date_str = NULL; - cert_usage_str = NULL; - name = NULL; - responder_name = NULL; - responder_url = NULL; - signer_name = NULL; - - add_acceptable_responses = PR_FALSE; - add_service_locator = PR_FALSE; - - optstate = PL_CreateOptState (argc, argv, "AHLPR:S:V:d:l:pr:s:t:u:w:"); - if (optstate == NULL) { - SECU_PrintError (program_name, "PL_CreateOptState failed"); - return retval; - } - - while (PL_GetNextOpt (optstate) == PL_OPT_OK) { - switch (optstate->option) { - case '?': - short_usage (program_name); - return retval; - - case 'A': - add_acceptable_responses = PR_TRUE; - break; - - case 'H': - long_usage (program_name); - return retval; - - case 'L': - add_service_locator = PR_TRUE; - break; - - case 'P': - presponse = 1; - break; - - case 'R': - dresponse = 1; - name = optstate->value; - break; - - case 'S': - ccert = 1; - name = optstate->value; - break; - - case 'V': - vcert = 1; - name = optstate->value; - break; - - case 'd': - db_dir = optstate->value; - break; - - case 'l': - responder_url = optstate->value; - break; - - case 'p': - prequest = 1; - break; - - case 'r': - crequest = 1; - name = optstate->value; - break; - - case 's': - signer_name = optstate->value; - break; - - case 't': - responder_name = optstate->value; - break; - - case 'u': - cert_usage_str = optstate->value; - break; - - case 'w': - date_str = optstate->value; - break; - } - } - - if ((crequest + dresponse + prequest + presponse + ccert + vcert) != 1) { - PR_fprintf (PR_STDERR, "%s: must specify exactly one command\n\n", - program_name); - short_usage (program_name); - return retval; - } - - if (vcert) { - if (cert_usage_str == NULL) { - PR_fprintf (PR_STDERR, "%s: verification requires cert usage\n\n", - program_name); - short_usage (program_name); - return retval; - } - - rv = cert_usage_from_char (cert_usage_str, &cert_usage); - if (rv != SECSuccess) { - PR_fprintf (PR_STDERR, "%s: invalid cert usage (\"%s\")\n\n", - program_name, cert_usage_str); - long_usage (program_name); - return retval; - } - } - - if (ccert + vcert) { - if (responder_url != NULL || responder_name != NULL) { - /* - * To do a full status check, both the URL and the cert name - * of the responder must be specified if either one is. - */ - if (responder_url == NULL || responder_name == NULL) { - if (responder_url == NULL) - PR_fprintf (PR_STDERR, - "%s: must also specify responder location\n\n", - program_name); - else - PR_fprintf (PR_STDERR, - "%s: must also specify responder name\n\n", - program_name); - short_usage (program_name); - return retval; - } - } - - if (date_str != NULL) { - rv = DER_AsciiToTime (&verify_time, (char *) date_str); - if (rv != SECSuccess) { - SECU_PrintError (program_name, "error converting time string"); - PR_fprintf (PR_STDERR, "\n"); - long_usage (program_name); - return retval; - } - } else { - verify_time = PR_Now(); - } - } - - retval = -2; /* errors change from usage to runtime */ - - /* - * Initialize the NSPR and Security libraries. - */ - PR_Init (PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1); - db_dir = SECU_ConfigDirectory (db_dir); - rv = NSS_Init (db_dir); - if (rv != SECSuccess) { - SECU_PrintError (program_name, "NSS_Init failed"); - goto prdone; - } - - if (prequest + presponse) { - data = read_file_into_item (in_file, siBuffer); - if (data == NULL) { - SECU_PrintError (program_name, "problem reading input"); - goto nssdone; - } - } - - if (crequest + dresponse + presponse + ccert + vcert) { - handle = CERT_GetDefaultCertDB(); - if (handle == NULL) { - SECU_PrintError (program_name, "problem getting certdb handle"); - goto nssdone; - } - - /* - * It would be fine to do the enable for all of these commands, - * but this way we check that everything but an overall verify - * can be done without it. That is, that the individual pieces - * work on their own. - */ - if (vcert) { - rv = CERT_EnableOCSPChecking (handle); - if (rv != SECSuccess) { - SECU_PrintError (program_name, "error enabling OCSP checking"); - goto nssdone; - } - } - - if ((ccert + vcert) && (responder_name != NULL)) { - rv = CERT_SetOCSPDefaultResponder (handle, responder_url, - responder_name); - if (rv != SECSuccess) { - SECU_PrintError (program_name, - "error setting default responder"); - goto nssdone; - } - - rv = CERT_EnableOCSPDefaultResponder (handle); - if (rv != SECSuccess) { - SECU_PrintError (program_name, - "error enabling default responder"); - goto nssdone; - } - } - } - -#define NOTYET(opt) \ - { \ - PR_fprintf (PR_STDERR, "%s not yet working\n", opt); \ - exit (-1); \ - } - - if (crequest) { - if (signer_name != NULL) { - NOTYET("-s"); - } - rv = create_request (out_file, handle, name, add_service_locator, - add_acceptable_responses); - } else if (dresponse) { - if (signer_name != NULL) { - NOTYET("-s"); - } - rv = dump_response (out_file, handle, name, responder_url); - } else if (prequest) { - rv = print_request (out_file, data); - } else if (presponse) { - rv = print_response (out_file, data, handle); - } else if (ccert) { - if (signer_name != NULL) { - NOTYET("-s"); - } - rv = get_cert_status (out_file, handle, name, verify_time); - } else if (vcert) { - if (signer_name != NULL) { - NOTYET("-s"); - } - rv = verify_cert (out_file, handle, name, cert_usage, verify_time); - } - - if (rv != SECSuccess) - SECU_PrintError (program_name, "error performing requested operation"); - else - retval = 0; - -nssdone: - if (data != NULL) { - SECITEM_FreeItem (data, PR_TRUE); - } - - if (handle != NULL) { - (void) CERT_DisableOCSPChecking (handle); - } - - if (NSS_Shutdown () != SECSuccess) { - exit(1); - } - -prdone: - PR_Cleanup (); - return retval; -} diff --git a/security/nss/cmd/oidcalc/Makefile b/security/nss/cmd/oidcalc/Makefile deleted file mode 100644 index 689240abd..000000000 --- a/security/nss/cmd/oidcalc/Makefile +++ /dev/null @@ -1,76 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - -include ../platlibs.mk - - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - - -include ../platrules.mk - diff --git a/security/nss/cmd/oidcalc/manifest.mn b/security/nss/cmd/oidcalc/manifest.mn deleted file mode 100644 index 7e1c3fad6..000000000 --- a/security/nss/cmd/oidcalc/manifest.mn +++ /dev/null @@ -1,47 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -CORE_DEPTH = ../../.. - -# MODULE public and private header directories are implicitly REQUIRED. -MODULE = nss - -# This next line is used by .mk files -# and gets translated into $LINCS in manifest.mnw -REQUIRES = seccmd dbm - -DEFINES = -DNSPR20 - -CSRCS = oidcalc.c - -PROGRAM = oidcalc diff --git a/security/nss/cmd/oidcalc/oidcalc.c b/security/nss/cmd/oidcalc/oidcalc.c deleted file mode 100644 index cadc425a4..000000000 --- a/security/nss/cmd/oidcalc/oidcalc.c +++ /dev/null @@ -1,117 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -#include <stdio.h> -#include <stdlib.h> -#include <string.h> - -int -main(int argc, char **argv) -{ - char *curstr; - char *nextstr; - unsigned int firstval; - unsigned int secondval; - unsigned int val; - unsigned char buf[5]; - int count; - - if ( argc != 2 ) { - fprintf(stderr, "wrong number of args\n"); - exit(-1); - } - - curstr = argv[1]; - - nextstr = strchr(curstr, '.'); - - if ( nextstr == NULL ) { - fprintf(stderr, "only one component\n"); - exit(-1); - } - - *nextstr = '\0'; - firstval = atoi(curstr); - - curstr = nextstr + 1; - - nextstr = strchr(curstr, '.'); - - if ( nextstr ) { - *nextstr = '\0'; - } - - secondval = atoi(curstr); - - if ( ( firstval < 0 ) || ( firstval > 2 ) ) { - fprintf(stderr, "first component out of range\n"); - exit(-1); - - } - - if ( ( secondval < 0 ) || ( secondval > 39 ) ) { - fprintf(stderr, "second component out of range\n"); - exit(-1); - } - - printf("0x%x, ", ( firstval * 40 ) + secondval ); - while ( nextstr ) { - curstr = nextstr + 1; - - nextstr = strchr(curstr, '.'); - - if ( nextstr ) { - *nextstr = '\0'; - } - - memset(buf, 0, sizeof(buf)); - val = atoi(curstr); - count = 0; - while ( val ) { - buf[count] = ( val & 0x7f ); - val = val >> 7; - count++; - } - - while ( count-- ) { - if ( count ) { - printf("0x%x, ", buf[count] | 0x80 ); - } else { - printf("0x%x, ", buf[count] ); - } - } - } - printf("\n"); - return 0; -} - diff --git a/security/nss/cmd/p7content/Makefile b/security/nss/cmd/p7content/Makefile deleted file mode 100644 index 4e39ffc3f..000000000 --- a/security/nss/cmd/p7content/Makefile +++ /dev/null @@ -1,75 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - -include ../platlibs.mk - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - - -include ../platrules.mk - diff --git a/security/nss/cmd/p7content/manifest.mn b/security/nss/cmd/p7content/manifest.mn deleted file mode 100644 index 3ebd21743..000000000 --- a/security/nss/cmd/p7content/manifest.mn +++ /dev/null @@ -1,43 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -CORE_DEPTH = ../../.. - -MODULE = nss - -CSRCS = p7content.c - -REQUIRES = seccmd - -PROGRAM = p7content - diff --git a/security/nss/cmd/p7content/p7content.c b/security/nss/cmd/p7content/p7content.c deleted file mode 100644 index 38466b337..000000000 --- a/security/nss/cmd/p7content/p7content.c +++ /dev/null @@ -1,271 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -/* - * p7content -- A command to display pkcs7 content. - * - * $Id$ - */ - -#include "nspr.h" -#include "secutil.h" -#include "plgetopt.h" -#include "secpkcs7.h" -#include "cert.h" -#include "certdb.h" -#include "nss.h" - -#if defined(XP_UNIX) -#include <unistd.h> -#endif - -#include <stdio.h> -#include <string.h> - -#if (defined(XP_WIN) && !defined(WIN32)) || (defined(__sun) && !defined(SVR4)) -extern int fwrite(char *, size_t, size_t, FILE*); -extern int fprintf(FILE *, char *, ...); -#endif - - - -static void -Usage(char *progName) -{ - fprintf(stderr, - "Usage: %s [-d dbdir] [-i input] [-o output]\n", - progName); - fprintf(stderr, - "%-20s Key/Cert database directory (default is ~/.netscape)\n", - "-d dbdir"); - fprintf(stderr, "%-20s Define an input file to use (default is stdin)\n", - "-i input"); - fprintf(stderr, "%-20s Define an output file to use (default is stdout)\n", - "-o output"); - exit(-1); -} - -static PRBool saw_content; - -static void -PrintBytes(void *arg, const char *buf, unsigned long len) -{ - FILE *out; - - out = arg; - fwrite (buf, len, 1, out); - - saw_content = PR_TRUE; -} - -/* - * XXX Someday we may want to do real policy stuff here. This allows - * anything to be decrypted, which is okay for a test program but does - * not set an example of how a real client with a real policy would - * need to do it. - */ -static PRBool -decryption_allowed(SECAlgorithmID *algid, PK11SymKey *key) -{ - return PR_TRUE; -} - -int -DecodeAndPrintFile(FILE *out, PRFileDesc *in, char *progName) -{ - SECItem derdata; - SEC_PKCS7ContentInfo *cinfo = NULL; - SEC_PKCS7DecoderContext *dcx; - - if (SECU_ReadDERFromFile(&derdata, in, PR_FALSE)) { - SECU_PrintError(progName, "error converting der"); - return -1; - } - - fprintf(out, - "Content printed between bars (newline added before second bar):"); - fprintf(out, "\n---------------------------------------------\n"); - - saw_content = PR_FALSE; - dcx = SEC_PKCS7DecoderStart(PrintBytes, out, NULL, NULL, - NULL, NULL, decryption_allowed); - if (dcx != NULL) { -#if 0 /* Test that decoder works when data is really streaming in. */ - { - unsigned long i; - for (i = 0; i < derdata.len; i++) - SEC_PKCS7DecoderUpdate(dcx, derdata.data + i, 1); - } -#else - SEC_PKCS7DecoderUpdate(dcx, (char *)derdata.data, derdata.len); -#endif - cinfo = SEC_PKCS7DecoderFinish(dcx); - } - - fprintf(out, "\n---------------------------------------------\n"); - - if (cinfo == NULL) - return -1; - - fprintf(out, "Content was%s encrypted.\n", - SEC_PKCS7ContentIsEncrypted(cinfo) ? "" : " not"); - - if (SEC_PKCS7ContentIsSigned(cinfo)) { - char *signer_cname, *signer_ename; - SECItem *signing_time; - - if (saw_content) { - fprintf(out, "Signature is "); - PORT_SetError(0); - if (SEC_PKCS7VerifySignature(cinfo, certUsageEmailSigner, PR_FALSE)) - fprintf(out, "valid.\n"); - else - fprintf(out, "invalid (Reason: %s).\n", - SECU_Strerror(PORT_GetError())); - } else { - fprintf(out, - "Content is detached; signature cannot be verified.\n"); - } - - signer_cname = SEC_PKCS7GetSignerCommonName(cinfo); - if (signer_cname != NULL) { - fprintf(out, "The signer's common name is %s\n", signer_cname); - PORT_Free(signer_cname); - } else { - fprintf(out, "No signer common name.\n"); - } - - signer_ename = SEC_PKCS7GetSignerEmailAddress(cinfo); - if (signer_ename != NULL) { - fprintf(out, "The signer's email address is %s\n", signer_ename); - PORT_Free(signer_ename); - } else { - fprintf(out, "No signer email address.\n"); - } - - signing_time = SEC_PKCS7GetSigningTime(cinfo); - if (signing_time != NULL) { - SECU_PrintTimeChoice(out, signing_time, "Signing time", 0); - } else { - fprintf(out, "No signing time included.\n"); - } - } else { - fprintf(out, "Content was not signed.\n"); - } - - fprintf(out, "There were%s certs or crls included.\n", - SEC_PKCS7ContainsCertsOrCrls(cinfo) ? "" : " no"); - - SEC_PKCS7DestroyContentInfo(cinfo); - return 0; -} - - -/* - * Print the contents of a PKCS7 message, indicating signatures, etc. - */ - -int -main(int argc, char **argv) -{ - char *progName; - FILE *outFile; - PRFileDesc *inFile; - PLOptState *optstate; - PLOptStatus status; - SECStatus rv; - - progName = strrchr(argv[0], '/'); - progName = progName ? progName+1 : argv[0]; - - inFile = NULL; - outFile = NULL; - - /* - * Parse command line arguments - */ - optstate = PL_CreateOptState(argc, argv, "d:i:o:"); - while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) { - switch (optstate->option) { - case 'd': - SECU_ConfigDirectory(optstate->value); - break; - - case 'i': - inFile = PR_Open(optstate->value, PR_RDONLY, 0); - if (!inFile) { - fprintf(stderr, "%s: unable to open \"%s\" for reading\n", - progName, optstate->value); - return -1; - } - break; - - case 'o': - outFile = fopen(optstate->value, "w"); - if (!outFile) { - fprintf(stderr, "%s: unable to open \"%s\" for writing\n", - progName, optstate->value); - return -1; - } - break; - - default: - Usage(progName); - break; - } - } - if (status == PL_OPT_BAD) - Usage(progName); - - if (!inFile) inFile = PR_STDIN; - if (!outFile) outFile = stdout; - - /* Call the initialization routines */ - PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1); - rv = NSS_Init(SECU_ConfigDirectory(NULL)); - if (rv != SECSuccess) { - SECU_PrintPRandOSError(progName); - return -1; - } - - if (DecodeAndPrintFile(outFile, inFile, progName)) { - SECU_PrintError(progName, "problem decoding data"); - return -1; - } - - if (NSS_Shutdown() != SECSuccess) { - exit(1); - } - - return 0; -} diff --git a/security/nss/cmd/p7env/Makefile b/security/nss/cmd/p7env/Makefile deleted file mode 100644 index 4e39ffc3f..000000000 --- a/security/nss/cmd/p7env/Makefile +++ /dev/null @@ -1,75 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - -include ../platlibs.mk - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - - -include ../platrules.mk - diff --git a/security/nss/cmd/p7env/manifest.mn b/security/nss/cmd/p7env/manifest.mn deleted file mode 100644 index 7d51282f9..000000000 --- a/security/nss/cmd/p7env/manifest.mn +++ /dev/null @@ -1,43 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -CORE_DEPTH = ../../.. - -MODULE = nss - -CSRCS = p7env.c - -REQUIRES = seccmd - -PROGRAM = p7env - diff --git a/security/nss/cmd/p7env/p7env.c b/security/nss/cmd/p7env/p7env.c deleted file mode 100644 index 54d79fbfc..000000000 --- a/security/nss/cmd/p7env/p7env.c +++ /dev/null @@ -1,273 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -/* - * p7env -- A command to create a pkcs7 enveloped data. - * - * $Id$ - */ - -#include "nspr.h" -#include "secutil.h" -#include "plgetopt.h" -#include "secpkcs7.h" -#include "cert.h" -#include "certdb.h" -#include "nss.h" - -#if defined(XP_UNIX) -#include <unistd.h> -#endif - -#include <stdio.h> -#include <string.h> - -#if (defined(XP_WIN) && !defined(WIN32)) || (defined(__sun) && !defined(SVR4)) -extern int fread(char *, size_t, size_t, FILE*); -extern int fwrite(char *, size_t, size_t, FILE*); -extern int fprintf(FILE *, char *, ...); -#endif - -extern void SEC_Init(void); /* XXX */ - - -static void -Usage(char *progName) -{ - fprintf(stderr, - "Usage: %s -r recipient [-d dbdir] [-i input] [-o output]\n", - progName); - fprintf(stderr, "%-20s Nickname of cert to use for encryption\n", - "-r recipient"); - fprintf(stderr, "%-20s Cert database directory (default is ~/.netscape)\n", - "-d dbdir"); - fprintf(stderr, "%-20s Define an input file to use (default is stdin)\n", - "-i input"); - fprintf(stderr, "%-20s Define an output file to use (default is stdout)\n", - "-o output"); - exit(-1); -} - -struct recipient { - struct recipient *next; - char *nickname; - CERTCertificate *cert; -}; - -static void -EncryptOut(void *arg, const char *buf, unsigned long len) -{ - FILE *out; - - out = arg; - fwrite (buf, len, 1, out); -} - -static int -EncryptFile(FILE *outFile, FILE *inFile, struct recipient *recipients, - char *progName) -{ - SEC_PKCS7ContentInfo *cinfo; - SEC_PKCS7EncoderContext *ecx; - struct recipient *rcpt; - SECStatus rv; - - if (outFile == NULL || inFile == NULL || recipients == NULL) - return -1; - - /* XXX Need a better way to handle that certUsage stuff! */ - /* XXX keysize? */ - cinfo = SEC_PKCS7CreateEnvelopedData (recipients->cert, - certUsageEmailRecipient, - NULL, SEC_OID_DES_EDE3_CBC, 0, - NULL, NULL); - if (cinfo == NULL) - return -1; - - for (rcpt = recipients->next; rcpt != NULL; rcpt = rcpt->next) { - rv = SEC_PKCS7AddRecipient (cinfo, rcpt->cert, certUsageEmailRecipient, - NULL); - if (rv != SECSuccess) { - SECU_PrintError(progName, "error adding recipient \"%s\"", - rcpt->nickname); - return -1; - } - } - - ecx = SEC_PKCS7EncoderStart (cinfo, EncryptOut, outFile, NULL); - if (ecx == NULL) - return -1; - - for (;;) { - char ibuf[1024]; - int nb; - - if (feof(inFile)) - break; - nb = fread(ibuf, 1, sizeof(ibuf), inFile); - if (nb == 0) { - if (ferror(inFile)) { - PORT_SetError(SEC_ERROR_IO); - rv = SECFailure; - } - break; - } - rv = SEC_PKCS7EncoderUpdate(ecx, ibuf, nb); - if (rv != SECSuccess) - break; - } - - if (SEC_PKCS7EncoderFinish(ecx, NULL, NULL) != SECSuccess) - rv = SECFailure; - - SEC_PKCS7DestroyContentInfo (cinfo); - - if (rv != SECSuccess) - return -1; - - return 0; -} - -int -main(int argc, char **argv) -{ - char *progName; - FILE *inFile, *outFile; - char *certName; - CERTCertDBHandle *certHandle; - CERTCertificate *cert; - struct recipient *recipients, *rcpt; - PLOptState *optstate; - PLOptStatus status; - SECStatus rv; - - progName = strrchr(argv[0], '/'); - progName = progName ? progName+1 : argv[0]; - - inFile = NULL; - outFile = NULL; - certName = NULL; - recipients = NULL; - rcpt = NULL; - - /* - * Parse command line arguments - * XXX This needs to be enhanced to allow selection of algorithms - * and key sizes (or to look up algorithms and key sizes for each - * recipient in the magic database). - */ - optstate = PL_CreateOptState(argc, argv, "d:i:o:r:"); - while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) { - switch (optstate->option) { - case '?': - Usage(progName); - break; - - case 'd': - SECU_ConfigDirectory(optstate->value); - break; - - case 'i': - inFile = fopen(optstate->value, "r"); - if (!inFile) { - fprintf(stderr, "%s: unable to open \"%s\" for reading\n", - progName, optstate->value); - return -1; - } - break; - - case 'o': - outFile = fopen(optstate->value, "w"); - if (!outFile) { - fprintf(stderr, "%s: unable to open \"%s\" for writing\n", - progName, optstate->value); - return -1; - } - break; - - case 'r': - if (rcpt == NULL) { - recipients = rcpt = PORT_Alloc (sizeof(struct recipient)); - } else { - rcpt->next = PORT_Alloc (sizeof(struct recipient)); - rcpt = rcpt->next; - } - if (rcpt == NULL) { - fprintf(stderr, "%s: unable to allocate recipient struct\n", - progName); - return -1; - } - rcpt->nickname = strdup(optstate->value); - rcpt->cert = NULL; - rcpt->next = NULL; - break; - } - } - - if (!recipients) Usage(progName); - - if (!inFile) inFile = stdin; - if (!outFile) outFile = stdout; - - /* Call the libsec initialization routines */ - PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1); - rv = NSS_Init(SECU_ConfigDirectory(NULL)); - if (rv != SECSuccess) { - SECU_PrintPRandOSError(progName); - return -1; - } - - /* open cert database */ - certHandle = CERT_GetDefaultCertDB(); - if (certHandle == NULL) { - return -1; - } - - /* find certs */ - for (rcpt = recipients; rcpt != NULL; rcpt = rcpt->next) { - rcpt->cert = CERT_FindCertByNickname(certHandle, rcpt->nickname); - if (rcpt->cert == NULL) { - SECU_PrintError(progName, - "the cert for name \"%s\" not found in database", - rcpt->nickname); - return -1; - } - } - - if (EncryptFile(outFile, inFile, recipients, progName)) { - SECU_PrintError(progName, "problem encrypting data"); - return -1; - } - - return 0; -} diff --git a/security/nss/cmd/p7sign/Makefile b/security/nss/cmd/p7sign/Makefile deleted file mode 100644 index 4e39ffc3f..000000000 --- a/security/nss/cmd/p7sign/Makefile +++ /dev/null @@ -1,75 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - -include ../platlibs.mk - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - - -include ../platrules.mk - diff --git a/security/nss/cmd/p7sign/manifest.mn b/security/nss/cmd/p7sign/manifest.mn deleted file mode 100644 index d5134df48..000000000 --- a/security/nss/cmd/p7sign/manifest.mn +++ /dev/null @@ -1,43 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -CORE_DEPTH = ../../.. - -MODULE = nss - -CSRCS = p7sign.c - -REQUIRES = seccmd - -PROGRAM = p7sign - diff --git a/security/nss/cmd/p7sign/p7sign.c b/security/nss/cmd/p7sign/p7sign.c deleted file mode 100644 index 09cbd8dcd..000000000 --- a/security/nss/cmd/p7sign/p7sign.c +++ /dev/null @@ -1,292 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -/* - * p7sign -- A command to create a *detached* pkcs7 signature (over a given - * input file). - * - * $Id$ - */ - -#include "nspr.h" -#include "plgetopt.h" -#include "secutil.h" -#include "secpkcs7.h" -#include "cert.h" -#include "certdb.h" -#include "sechash.h" /* for HASH_GetHashObject() */ -#include "nss.h" -#include "pk11func.h" - -#if defined(XP_UNIX) -#include <unistd.h> -#endif - -#include <stdio.h> -#include <string.h> - -#if (defined(XP_WIN) && !defined(WIN32)) || (defined(__sun) && !defined(SVR4)) -extern int fread(char *, size_t, size_t, FILE*); -extern int fwrite(char *, size_t, size_t, FILE*); -extern int fprintf(FILE *, char *, ...); -#endif - -char* KeyDbPassword = 0; - - -char* MyPK11PasswordFunc (PK11SlotInfo *slot, PRBool retry, void* arg) -{ - char *ret=0; - - if (retry == PR_TRUE) - return NULL; - ret = PL_strdup (KeyDbPassword); - return ret; -} - - -static void -Usage(char *progName) -{ - fprintf(stderr, - "Usage: %s -k keyname [-d keydir] [-i input] [-o output]\n", - progName); - fprintf(stderr, "%-20s Nickname of key to use for signature\n", - "-k keyname"); - fprintf(stderr, "%-20s Key database directory (default is ~/.netscape)\n", - "-d keydir"); - fprintf(stderr, "%-20s Define an input file to use (default is stdin)\n", - "-i input"); - fprintf(stderr, "%-20s Define an output file to use (default is stdout)\n", - "-o output"); - fprintf(stderr, "%-20s Encapsulate content in signature message\n", - "-e"); - fprintf(stderr, "%-20s Password to the key databse\n", "-p"); - exit(-1); -} - -static void -SignOut(void *arg, const char *buf, unsigned long len) -{ - FILE *out; - - out = (FILE*) arg; - fwrite (buf, len, 1, out); -} - -static int -CreateDigest(SECItem *data, char *digestdata, unsigned int *len, unsigned int maxlen) -{ - const SECHashObject *hashObj; - void *hashcx; - - /* XXX probably want to extend interface to allow other hash algorithms */ - hashObj = HASH_GetHashObject(HASH_AlgSHA1); - - hashcx = (* hashObj->create)(); - if (hashcx == NULL) - return -1; - - (* hashObj->begin)(hashcx); - (* hashObj->update)(hashcx, data->data, data->len); - (* hashObj->end)(hashcx, (unsigned char *)digestdata, len, maxlen); - (* hashObj->destroy)(hashcx, PR_TRUE); - return 0; -} - -static int -SignFile(FILE *outFile, PRFileDesc *inFile, CERTCertificate *cert, - PRBool encapsulated) -{ - int nb; - char digestdata[32]; - unsigned int len; - SECItem digest, data2sign; - SEC_PKCS7ContentInfo *cinfo; - SECStatus rv; - - if (outFile == NULL || inFile == NULL || cert == NULL) - return -1; - - /* suck the file in */ - if (SECU_ReadDERFromFile(&data2sign, inFile, PR_FALSE) != SECSuccess) - return -1; - - if (!encapsulated) { - /* unfortunately, we must create the digest ourselves */ - /* SEC_PKCS7CreateSignedData should have a flag to not include */ - /* the content for non-encapsulated content at encode time, but */ - /* should always compute the hash itself */ - if (CreateDigest(&data2sign, digestdata, &len, 32) < 0) - return -1; - digest.data = (unsigned char *)digestdata; - digest.len = len; - } - - /* XXX Need a better way to handle that usage stuff! */ - cinfo = SEC_PKCS7CreateSignedData (cert, certUsageEmailSigner, NULL, - SEC_OID_SHA1, - encapsulated ? NULL : &digest, - NULL, NULL); - if (cinfo == NULL) - return -1; - - if (encapsulated) { - SEC_PKCS7SetContent(cinfo, (char *)data2sign.data, data2sign.len); - } - - rv = SEC_PKCS7IncludeCertChain (cinfo, NULL); - if (rv != SECSuccess) { - SEC_PKCS7DestroyContentInfo (cinfo); - return -1; - } - - rv = SEC_PKCS7Encode (cinfo, SignOut, outFile, NULL, - NULL, NULL); - - SEC_PKCS7DestroyContentInfo (cinfo); - - if (rv != SECSuccess) - return -1; - - return 0; -} - -int -main(int argc, char **argv) -{ - char *progName; - FILE *outFile; - PRFileDesc *inFile; - char *keyName; - CERTCertDBHandle *certHandle; - CERTCertificate *cert; - PRBool encapsulated = PR_FALSE; - PLOptState *optstate; - PLOptStatus status; - SECStatus rv; - - progName = strrchr(argv[0], '/'); - progName = progName ? progName+1 : argv[0]; - - inFile = NULL; - outFile = NULL; - keyName = NULL; - - /* - * Parse command line arguments - */ - optstate = PL_CreateOptState(argc, argv, "ed:k:i:o:p:"); - while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) { - switch (optstate->option) { - case '?': - Usage(progName); - break; - - case 'e': - /* create a message with the signed content encapsulated */ - encapsulated = PR_TRUE; - break; - - case 'd': - SECU_ConfigDirectory(optstate->value); - break; - - case 'i': - inFile = PR_Open(optstate->value, PR_RDONLY, 0); - if (!inFile) { - fprintf(stderr, "%s: unable to open \"%s\" for reading\n", - progName, optstate->value); - return -1; - } - break; - - case 'k': - keyName = strdup(optstate->value); - break; - - case 'o': - outFile = fopen(optstate->value, "w"); - if (!outFile) { - fprintf(stderr, "%s: unable to open \"%s\" for writing\n", - progName, optstate->value); - return -1; - } - break; - case 'p': - KeyDbPassword = strdup (optstate->value); - break; - } - } - - if (!keyName) Usage(progName); - - if (!inFile) inFile = PR_STDIN; - if (!outFile) outFile = stdout; - - /* Call the initialization routines */ - PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1); - rv = NSS_Init(SECU_ConfigDirectory(NULL)); - if (rv != SECSuccess) { - SECU_PrintPRandOSError(progName); - return -1; - } - - PK11_SetPasswordFunc (MyPK11PasswordFunc); - - /* open cert database */ - certHandle = CERT_GetDefaultCertDB(); - if (certHandle == NULL) { - return -1; - } - - /* find cert */ - cert = CERT_FindCertByNickname(certHandle, keyName); - if (cert == NULL) { - SECU_PrintError(progName, - "the corresponding cert for key \"%s\" does not exist", - keyName); - return -1; - } - - if (SignFile(outFile, inFile, cert, encapsulated)) { - SECU_PrintError(progName, "problem signing data"); - return -1; - } - - if (NSS_Shutdown() != SECSuccess) { - exit(1); - } - - return 0; -} diff --git a/security/nss/cmd/p7verify/Makefile b/security/nss/cmd/p7verify/Makefile deleted file mode 100644 index 4e39ffc3f..000000000 --- a/security/nss/cmd/p7verify/Makefile +++ /dev/null @@ -1,75 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - -include ../platlibs.mk - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - - -include ../platrules.mk - diff --git a/security/nss/cmd/p7verify/manifest.mn b/security/nss/cmd/p7verify/manifest.mn deleted file mode 100644 index 7e841c700..000000000 --- a/security/nss/cmd/p7verify/manifest.mn +++ /dev/null @@ -1,43 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -CORE_DEPTH = ../../.. - -MODULE = nss - -CSRCS = p7verify.c - -REQUIRES = seccmd - -PROGRAM = p7verify - diff --git a/security/nss/cmd/p7verify/p7verify.c b/security/nss/cmd/p7verify/p7verify.c deleted file mode 100644 index 81815081b..000000000 --- a/security/nss/cmd/p7verify/p7verify.c +++ /dev/null @@ -1,305 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -/* - * p7verify -- A command to do a verification of a *detached* pkcs7 signature. - * - * $Id$ - */ - -#include "nspr.h" -#include "secutil.h" -#include "plgetopt.h" -#include "secpkcs7.h" -#include "cert.h" -#include "certdb.h" -#include "secoid.h" -#include "sechash.h" /* for HASH_GetHashObject() */ -#include "nss.h" - -#if defined(XP_UNIX) -#include <unistd.h> -#endif - -#include <stdio.h> -#include <string.h> - -#if (defined(XP_WIN) && !defined(WIN32)) || (defined(__sun) && !defined(SVR4)) -extern int fread(char *, size_t, size_t, FILE*); -extern int fprintf(FILE *, char *, ...); -#endif - - -static HASH_HashType -AlgorithmToHashType(SECAlgorithmID *digestAlgorithms) -{ - - SECOidTag tag; - - tag = SECOID_GetAlgorithmTag(digestAlgorithms); - - switch (tag) { - case SEC_OID_MD2: - return HASH_AlgMD2; - case SEC_OID_MD5: - return HASH_AlgMD5; - case SEC_OID_SHA1: - return HASH_AlgSHA1; - default: - fprintf(stderr, "should never get here\n"); - return HASH_AlgNULL; - } -} - -static int -DigestFile(unsigned char *digest, unsigned int *len, unsigned int maxLen, - FILE *inFile, HASH_HashType hashType) -{ - int nb; - unsigned char ibuf[4096]; - const SECHashObject *hashObj; - void *hashcx; - - hashObj = HASH_GetHashObject(hashType); - - hashcx = (* hashObj->create)(); - if (hashcx == NULL) - return -1; - - (* hashObj->begin)(hashcx); - - for (;;) { - if (feof(inFile)) break; - nb = fread(ibuf, 1, sizeof(ibuf), inFile); - if (nb != sizeof(ibuf)) { - if (nb == 0) { - if (ferror(inFile)) { - PORT_SetError(SEC_ERROR_IO); - (* hashObj->destroy)(hashcx, PR_TRUE); - return -1; - } - /* eof */ - break; - } - } - (* hashObj->update)(hashcx, ibuf, nb); - } - - (* hashObj->end)(hashcx, digest, len, maxLen); - (* hashObj->destroy)(hashcx, PR_TRUE); - - return 0; -} - - -static void -Usage(char *progName) -{ - fprintf(stderr, - "Usage: %s -c content -s signature [-d dbdir] [-u certusage]\n", - progName); - fprintf(stderr, "%-20s content file that was signed\n", - "-c content"); - fprintf(stderr, "%-20s file containing signature for that content\n", - "-s signature"); - fprintf(stderr, - "%-20s Key/Cert database directory (default is ~/.netscape)\n", - "-d dbdir"); - fprintf(stderr, "%-20s Define the type of certificate usage (default is certUsageEmailSigner)\n", - "-u certusage"); - fprintf(stderr, "%-25s 0 - certUsageSSLClient\n", " "); - fprintf(stderr, "%-25s 1 - certUsageSSLServer\n", " "); - fprintf(stderr, "%-25s 2 - certUsageSSLServerWithStepUp\n", " "); - fprintf(stderr, "%-25s 3 - certUsageSSLCA\n", " "); - fprintf(stderr, "%-25s 4 - certUsageEmailSigner\n", " "); - fprintf(stderr, "%-25s 5 - certUsageEmailRecipient\n", " "); - fprintf(stderr, "%-25s 6 - certUsageObjectSigner\n", " "); - fprintf(stderr, "%-25s 7 - certUsageUserCertImport\n", " "); - fprintf(stderr, "%-25s 8 - certUsageVerifyCA\n", " "); - fprintf(stderr, "%-25s 9 - certUsageProtectedObjectSigner\n", " "); - fprintf(stderr, "%-25s 10 - certUsageStatusResponder\n", " "); - fprintf(stderr, "%-25s 11 - certUsageAnyCA\n", " "); - - exit(-1); -} - -static int -HashDecodeAndVerify(FILE *out, FILE *content, PRFileDesc *signature, - SECCertUsage usage, char *progName) -{ - SECItem derdata; - SEC_PKCS7ContentInfo *cinfo; - SEC_PKCS7SignedData *signedData; - HASH_HashType digestType; - SECItem digest; - unsigned char buffer[32]; - - if (SECU_ReadDERFromFile(&derdata, signature, PR_FALSE) != SECSuccess) { - SECU_PrintError(progName, "error reading signature file"); - return -1; - } - - cinfo = SEC_PKCS7DecodeItem(&derdata, NULL, NULL, NULL, NULL, - NULL, NULL, NULL); - if (cinfo == NULL) - return -1; - - if (! SEC_PKCS7ContentIsSigned(cinfo)) { - fprintf (out, "Signature file is pkcs7 data, but not signed.\n"); - return -1; - } - - signedData = cinfo->content.signedData; - - /* assume that there is only one digest algorithm for now */ - digestType = AlgorithmToHashType(signedData->digestAlgorithms[0]); - if (digestType == HASH_AlgNULL) { - fprintf (out, "Invalid hash algorithmID\n"); - return -1; - } - - digest.data = buffer; - if (DigestFile (digest.data, &digest.len, 32, content, digestType)) { - SECU_PrintError (progName, "problem computing message digest"); - return -1; - } - - fprintf(out, "Signature is "); - if (SEC_PKCS7VerifyDetachedSignature (cinfo, usage, &digest, digestType, - PR_FALSE)) - fprintf(out, "valid.\n"); - else - fprintf(out, "invalid (Reason: %s).\n", - SECU_Strerror(PORT_GetError())); - - SEC_PKCS7DestroyContentInfo(cinfo); - return 0; -} - - -int -main(int argc, char **argv) -{ - char *progName; - FILE *contentFile, *outFile; - PRFileDesc *signatureFile; - SECCertUsage certUsage = certUsageEmailSigner; - PLOptState *optstate; - PLOptStatus status; - SECStatus rv; - - progName = strrchr(argv[0], '/'); - progName = progName ? progName+1 : argv[0]; - - contentFile = NULL; - signatureFile = NULL; - outFile = NULL; - - /* - * Parse command line arguments - */ - optstate = PL_CreateOptState(argc, argv, "c:d:o:s:u:"); - while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) { - switch (optstate->option) { - case '?': - Usage(progName); - break; - - case 'c': - contentFile = fopen(optstate->value, "r"); - if (!contentFile) { - fprintf(stderr, "%s: unable to open \"%s\" for reading\n", - progName, optstate->value); - return -1; - } - break; - - case 'd': - SECU_ConfigDirectory(optstate->value); - break; - - case 'o': - outFile = fopen(optstate->value, "w"); - if (!outFile) { - fprintf(stderr, "%s: unable to open \"%s\" for writing\n", - progName, optstate->value); - return -1; - } - break; - - case 's': - signatureFile = PR_Open(optstate->value, PR_RDONLY, 0); - if (!signatureFile) { - fprintf(stderr, "%s: unable to open \"%s\" for reading\n", - progName, optstate->value); - return -1; - } - break; - - case 'u': { - int usageType; - - usageType = atoi (strdup(optstate->value)); - if (usageType < certUsageSSLClient || usageType > certUsageAnyCA) - return -1; - certUsage = (SECCertUsage)usageType; - break; - } - - } - } - - if (!contentFile) Usage (progName); - if (!signatureFile) Usage (progName); - if (!outFile) outFile = stdout; - - /* Call the libsec initialization routines */ - PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1); - rv = NSS_Init(SECU_ConfigDirectory(NULL)); - if (rv != SECSuccess) { - SECU_PrintPRandOSError(progName); - return -1; - } - - if (HashDecodeAndVerify(outFile, contentFile, signatureFile, - certUsage, progName)) { - SECU_PrintError(progName, "problem decoding/verifying signature"); - return -1; - } - - if (NSS_Shutdown() != SECSuccess) { - exit(1); - } - - return 0; -} diff --git a/security/nss/cmd/pk12util/Makefile b/security/nss/cmd/pk12util/Makefile deleted file mode 100644 index 8650a607d..000000000 --- a/security/nss/cmd/pk12util/Makefile +++ /dev/null @@ -1,76 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - -include ../platlibs.mk - - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - - -include ../platrules.mk - diff --git a/security/nss/cmd/pk12util/manifest.mn b/security/nss/cmd/pk12util/manifest.mn deleted file mode 100644 index 95b6a2154..000000000 --- a/security/nss/cmd/pk12util/manifest.mn +++ /dev/null @@ -1,55 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -CORE_DEPTH = ../../.. - -DEFINES += -DNSPR20 - -# MODULE public and private header directories are implicitly REQUIRED. -MODULE = nss - -CSRCS = \ - pk12util.c \ - $(NULL) - -# The MODULE is always implicitly required. -# Listing it here in REQUIRES makes it appear twice in the cc command line. -REQUIRES = dbm seccmd - -PROGRAM = pk12util - -ifdef NSS_ENABLE_ECC -DEFINES += -DNSS_ENABLE_ECC -endif - -# USE_STATIC_LIBS = 1 diff --git a/security/nss/cmd/pk12util/pk12util.c b/security/nss/cmd/pk12util/pk12util.c deleted file mode 100644 index f9d392925..000000000 --- a/security/nss/cmd/pk12util/pk12util.c +++ /dev/null @@ -1,857 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -#include "nspr.h" -#include "secutil.h" -#include "pk11func.h" -#include "pkcs12.h" -#include "p12plcy.h" -#include "pk12util.h" -#include "nss.h" -#include "secport.h" -#include "certdb.h" - -#define PKCS12_IN_BUFFER_SIZE 200 - -static char *progName; -PRBool pk12_debugging = PR_FALSE; - -PRIntn pk12uErrno = 0; - -static void -Usage(char *progName) -{ -#define FPS PR_fprintf(PR_STDERR, - FPS "Usage: %s -i importfile [-d certdir] [-P dbprefix] [-h tokenname]\n", - progName); - FPS "\t\t [-k slotpwfile | -K slotpw] [-w p12filepwfile | -W p12filepw]\n"); - FPS "\t\t [-v]\n"); - FPS "Usage: %s -o exportfile -n certname [-d certdir] [-P dbprefix]\n", progName); - FPS "\t\t [-k slotpwfile | -K slotpw] [-w p12filepwfile | -W p12filepw]\n"); - FPS "\t\t [-v]\n"); - exit(PK12UERR_USAGE); -} - -static PRBool -p12u_OpenExportFile(p12uContext *p12cxt, PRBool fileRead) -{ - if(!p12cxt || !p12cxt->filename) { - return PR_FALSE; - } - - if(fileRead) { - p12cxt->file = PR_Open(p12cxt->filename, - PR_RDONLY, 0400); - } else { - p12cxt->file = PR_Open(p12cxt->filename, - PR_CREATE_FILE | PR_RDWR | PR_TRUNCATE, - 0600); - } - - if(!p12cxt->file) { - p12cxt->error = PR_TRUE; - PR_SetError(SEC_ERROR_NO_MEMORY, 0); - return PR_FALSE; - } - - return PR_TRUE; -} - -static void -p12u_DestroyExportFileInfo(p12uContext **exp_ptr, PRBool removeFile) -{ - if(!exp_ptr || !(*exp_ptr)) { - return; - } - - if((*exp_ptr)->file != NULL) { - PR_Close((*exp_ptr)->file); - } - - if((*exp_ptr)->filename != NULL) { - if(removeFile) { - PR_Delete((*exp_ptr)->filename); - } - PR_Free((*exp_ptr)->filename); - } - - PR_Free(*exp_ptr); - *exp_ptr = NULL; -} - -static p12uContext * -p12u_InitFile(PRBool fileImport, char *filename) -{ - p12uContext *p12cxt; - PRBool fileExist; - - if(fileImport) - fileExist = PR_TRUE; - else - fileExist = PR_FALSE; - - p12cxt = (p12uContext *)PORT_ZAlloc(sizeof(p12uContext)); - if(!p12cxt) { - PR_SetError(SEC_ERROR_NO_MEMORY, 0); - return NULL; - } - - p12cxt->error = PR_FALSE; - p12cxt->errorValue = 0; - p12cxt->filename = strdup(filename); - - if(!p12u_OpenExportFile(p12cxt, fileImport)) { - PR_SetError(p12cxt->errorValue, 0); - p12u_DestroyExportFileInfo(&p12cxt, PR_FALSE); - return NULL; - } - - return p12cxt; -} - -SECItem * -P12U_NicknameCollisionCallback(SECItem *old_nick, PRBool *cancel, void *wincx) -{ - char *nick = NULL; - SECItem *ret_nick = NULL; - - if(cancel == NULL) { - pk12uErrno = PK12UERR_USER_CANCELLED; - return NULL; - } - - if (!old_nick) - fprintf(stdout, "pk12util: no nickname for cert...not handled\n"); - - /* XXX not handled yet */ - *cancel = PR_TRUE; - return NULL; - -#if 0 - nick = strdup( DEFAULT_CERT_NICKNAME ); - - if(old_nick && !PORT_Strcmp((char *)old_nick->data, nick)) { - PORT_Free(nick); - return NULL; - } - - ret_nick = (SECItem *)PORT_ZAlloc(sizeof(SECItem)); - if(ret_nick == NULL) { - PORT_Free(nick); - return NULL; - } - - ret_nick->data = (unsigned char *)nick; - ret_nick->len = PORT_Strlen(nick); - - return ret_nick; -#endif -} - -static SECStatus -p12u_SwapUnicodeBytes(SECItem *uniItem) -{ - unsigned int i; - unsigned char a; - if((uniItem == NULL) || (uniItem->len % 2)) { - return SECFailure; - } - for(i = 0; i < uniItem->len; i += 2) { - a = uniItem->data[i]; - uniItem->data[i] = uniItem->data[i+1]; - uniItem->data[i+1] = a; - } - return SECSuccess; -} - -static PRBool -p12u_ucs2_ascii_conversion_function(PRBool toUnicode, - unsigned char *inBuf, - unsigned int inBufLen, - unsigned char *outBuf, - unsigned int maxOutBufLen, - unsigned int *outBufLen, - PRBool swapBytes) -{ - SECItem it = { 0 }; - SECItem *dup = NULL; - PRBool ret; - -#ifdef DEBUG_CONVERSION - if (pk12_debugging) { - int i; - printf("Converted from:\n"); - for (i=0; i<inBufLen; i++) { - printf("%2x ", inBuf[i]); - /*if (i%60 == 0) printf("\n");*/ - } - printf("\n"); - } -#endif - it.data = inBuf; - it.len = inBufLen; - dup = SECITEM_DupItem(&it); - /* If converting Unicode to ASCII, swap bytes before conversion - * as neccessary. - */ - if (!toUnicode && swapBytes) { - if (p12u_SwapUnicodeBytes(dup) != SECSuccess) { - SECITEM_ZfreeItem(dup, PR_TRUE); - return PR_FALSE; - } - } - /* Perform the conversion. */ - ret = PORT_UCS2_UTF8Conversion(toUnicode, dup->data, dup->len, - outBuf, maxOutBufLen, outBufLen); - if (dup) - SECITEM_ZfreeItem(dup, PR_TRUE); - -#ifdef DEBUG_CONVERSION - if (pk12_debugging) { - int i; - printf("Converted to:\n"); - for (i=0; i<*outBufLen; i++) { - printf("%2x ", outBuf[i]); - /*if (i%60 == 0) printf("\n");*/ - } - printf("\n"); - } -#endif - return ret; -} - -SECStatus -P12U_UnicodeConversion(PRArenaPool *arena, SECItem *dest, SECItem *src, - PRBool toUnicode, PRBool swapBytes) -{ - unsigned int allocLen; - if(!dest || !src) { - return SECFailure; - } - allocLen = ((toUnicode) ? (src->len << 2) : src->len); - if(arena) { - dest->data = PORT_ArenaZAlloc(arena, allocLen); - } else { - dest->data = PORT_ZAlloc(allocLen); - } - if(PORT_UCS2_ASCIIConversion(toUnicode, src->data, src->len, - dest->data, allocLen, &dest->len, - swapBytes) == PR_FALSE) { - if(!arena) { - PORT_Free(dest->data); - } - dest->data = NULL; - return SECFailure; - } - return SECSuccess; -} - -/* - * - */ -SECItem * -P12U_GetP12FilePassword(PRBool confirmPw, secuPWData *p12FilePw) -{ - char *p0 = NULL, *p1 = NULL; - SECItem *pwItem = NULL; - - if (p12FilePw == NULL || p12FilePw->source == PW_NONE) { - for (;;) { - p0 = SECU_GetPasswordString(NULL, - "Enter password for PKCS12 file: "); - if (!confirmPw) - break; - p1 = SECU_GetPasswordString(NULL, "Re-enter password: "); - if (PL_strcmp(p0, p1) == 0) - break; - } - } else if (p12FilePw->source == PW_FROMFILE) { - p0 = SECU_FilePasswd(NULL, PR_FALSE, p12FilePw->data); - } else { /* Plaintext */ - p0 = p12FilePw->data; - } - - pwItem = SECITEM_AllocItem(NULL, NULL, PL_strlen(p0) + 1); - memcpy(pwItem->data, p0, pwItem->len); - - PORT_Memset(p0, 0, PL_strlen(p0)); - PORT_Free(p0); - - PORT_Memset(p1, 0, PL_strlen(p1)); - PORT_Free(p1); - - return pwItem; -} - -SECStatus -P12U_InitSlot(PK11SlotInfo *slot, secuPWData *slotPw) -{ - SECStatus rv; - - /* New databases, initialize keydb password. */ - if (PK11_NeedUserInit(slot)) { - rv = SECU_ChangePW(slot, - (slotPw->source == PW_PLAINTEXT) ? slotPw->data : 0, - (slotPw->source == PW_FROMFILE) ? slotPw->data : 0); - if (rv != SECSuccess) { - SECU_PrintError(progName, "Failed to initialize slot \"%s\"", - PK11_GetSlotName(slot)); - return SECFailure; - } - } - - if (PK11_Authenticate(slot, PR_TRUE, slotPw) != SECSuccess) { - SECU_PrintError(progName, - "Failed to authenticate to PKCS11 slot"); - PORT_SetError(SEC_ERROR_USER_CANCELLED); - pk12uErrno = PK12UERR_USER_CANCELLED; - return SECFailure; - } - - return SECSuccess; -} - -/* - * given a filename for pkcs12 file, imports certs and keys - * - * Change: altitude - * I've changed this function so that it takes the keydb and pkcs12 file - * passwords from files. The "pwdKeyDB" and "pwdP12File" - * variables have been added for this purpose. - */ -PRIntn -P12U_ImportPKCS12Object(char *in_file, PK11SlotInfo *slot, - secuPWData *slotPw, secuPWData *p12FilePw) -{ - p12uContext *p12cxt = NULL; - SEC_PKCS12DecoderContext *p12dcx = NULL; - SECItem *pwitem = NULL, uniPwitem = { 0 }; - SECItem p12file = { 0 }; - SECStatus rv = SECFailure; - PRBool swapUnicode = PR_FALSE; - int error; - -#ifdef IS_LITTLE_ENDIAN - swapUnicode = PR_TRUE; -#endif - - rv = P12U_InitSlot(slot, slotPw); - if (rv != SECSuccess) { - SECU_PrintError(progName, "Failed to authenticate to \"%s\"", - PK11_GetSlotName(slot)); - pk12uErrno = PK12UERR_PK11GETSLOT; - goto loser; - } - - p12cxt = p12u_InitFile(PR_TRUE, in_file); - if(!p12cxt) { - SECU_PrintError(progName,"Initialization failed: %s", in_file); - pk12uErrno = PK12UERR_INIT_FILE; - goto loser; - } - - /* get the password */ - pwitem = P12U_GetP12FilePassword(PR_FALSE, p12FilePw); - if (!pwitem) { - pk12uErrno = PK12UERR_USER_CANCELLED; - goto loser; - } - - if(P12U_UnicodeConversion(NULL, &uniPwitem, pwitem, PR_TRUE, - swapUnicode) != SECSuccess) { - SECU_PrintError(progName,"Unicode conversion failed"); - pk12uErrno = PK12UERR_UNICODECONV; - goto loser; - } - - /* init the decoder context */ - p12dcx = SEC_PKCS12DecoderStart(&uniPwitem, slot, slotPw, - NULL, NULL, NULL, NULL, NULL); - if(!p12dcx) { - SECU_PrintError(progName,"PKCS12 decoder start failed"); - pk12uErrno = PK12UERR_PK12DECODESTART; - goto loser; - } - - /* decode the item */ - rv = SECU_FileToItem(&p12file, p12cxt->file); - if (rv != SECSuccess) { - SECU_PrintError(progName,"Failed to read from import file"); - goto loser; - } - rv = SEC_PKCS12DecoderUpdate(p12dcx, p12file.data, p12file.len); - - if(rv != SECSuccess) { - error = PR_GetError(); - if(error == SEC_ERROR_DECRYPTION_DISALLOWED) { - PR_SetError(error, 0); - goto loser; - } -#ifdef EXTRA - /* unable to import as a new blob, it might be an old one */ - if(p12u_TryToImportOldPDU(p12cxt, pwitem, slot, import_arg->nickCb, - import_arg->proto_win) != SECSuccess) { - goto loser; - } - goto tried_pdu_import; -#endif /* EXTRA */ - SECU_PrintError(progName,"PKCS12 decoding failed"); - pk12uErrno = PK12UERR_DECODE; - } - - rv = SECFailure; - - /* does the blob authenticate properly? */ - if(SEC_PKCS12DecoderVerify(p12dcx) != SECSuccess) { - SECU_PrintError(progName,"PKCS12 decode not verified"); - pk12uErrno = PK12UERR_DECODEVERIFY; - goto loser; - } - - /* make sure the bags are okey dokey -- nicknames correct, etc. */ - if (SEC_PKCS12DecoderValidateBags(p12dcx, P12U_NicknameCollisionCallback) - != SECSuccess) { - if (PORT_GetError() == SEC_ERROR_PKCS12_DUPLICATE_DATA) { - pk12uErrno = PK12UERR_CERTALREADYEXISTS; - } else { - pk12uErrno = PK12UERR_DECODEVALIBAGS; - } - SECU_PrintError(progName,"PKCS12 decode validate bags failed"); - goto loser; - } - - /* stuff 'em in */ - if(SEC_PKCS12DecoderImportBags(p12dcx) != SECSuccess) { - SECU_PrintError(progName,"PKCS12 decode import bags failed"); - pk12uErrno = PK12UERR_DECODEIMPTBAGS; - goto loser; - } - -#if 0 - /* important - to add the password hash into the key database */ - rv = PK11_CheckUserPassword(slot, pw_string); - if( rv != SECSuccess ) { - SECU_PrintError(progName,"Failed to CheckUserPassword"); - exit(-1); - } -#endif - - PR_Close(p12cxt->file); - p12cxt->file = NULL; - /* PK11_FreeSlot(slot); */ - - fprintf(stdout, "%s: PKCS12 IMPORT SUCCESSFUL\n", progName); - rv = SECSuccess; - -loser: - if (rv != SECSuccess) { - /* pk12u_report_failure */ - } else { - /* pk12u_report_success ? */ - } - - if (p12dcx) { - SEC_PKCS12DecoderFinish(p12dcx); - } - p12u_DestroyExportFileInfo(&p12cxt, PR_FALSE); - - if (uniPwitem.data) { - SECITEM_ZfreeItem(&uniPwitem, PR_FALSE); - } - - if (pwitem) { - SECITEM_ZfreeItem(pwitem, PR_TRUE); - } - - - return rv; -} - -static void -p12u_DoPKCS12ExportErrors() -{ - int error_value; - - error_value = PORT_GetError(); - if ((error_value == SEC_ERROR_PKCS12_UNABLE_TO_EXPORT_KEY) || - (error_value == SEC_ERROR_PKCS12_UNABLE_TO_LOCATE_OBJECT_BY_NAME) || - (error_value == SEC_ERROR_PKCS12_UNABLE_TO_WRITE)) { - fprintf(stderr, SECU_ErrorStringRaw((int16)error_value)); - } else if(error_value == SEC_ERROR_USER_CANCELLED) { - ; - } else { - fprintf(stderr, SECU_ErrorStringRaw(SEC_ERROR_EXPORTING_CERTIFICATES)); - } -} - -static void -p12u_WriteToExportFile(void *arg, const char *buf, unsigned long len) -{ - p12uContext *p12cxt = arg; - int writeLen; - - if(!p12cxt || (p12cxt->error == PR_TRUE)) { - return; - } - - if(p12cxt->file == NULL) { - p12cxt->errorValue = SEC_ERROR_PKCS12_UNABLE_TO_WRITE; - p12cxt->error = PR_TRUE; - return; - } - - writeLen = PR_Write(p12cxt->file, (unsigned char *)buf, (int32)len); - - if(writeLen != (int)len) { - PR_Close(p12cxt->file); - PR_Free(p12cxt->filename); - p12cxt->filename = NULL; - p12cxt->file = NULL; - p12cxt->errorValue = SEC_ERROR_PKCS12_UNABLE_TO_WRITE; - p12cxt->error = PR_TRUE; - } -} - -void -P12U_ExportPKCS12Object(char *nn, char *outfile, PK11SlotInfo *inSlot, - secuPWData *slotPw, secuPWData *p12FilePw) -{ - SEC_PKCS12ExportContext *p12ecx = NULL; - SEC_PKCS12SafeInfo *keySafe = NULL, *certSafe = NULL; - SECItem *pwitem = NULL; - p12uContext *p12cxt = NULL; - CERTCertList* certlist = NULL; - CERTCertListNode* node = NULL; - PK11SlotInfo* slot = NULL; - - if (P12U_InitSlot(inSlot, slotPw) != SECSuccess) { - SECU_PrintError(progName,"Failed to authenticate to \"%s\"", - PK11_GetSlotName(inSlot)); - pk12uErrno = PK12UERR_PK11GETSLOT; - goto loser; - } - certlist = PK11_FindCertsFromNickname(nn, slotPw); - if(!certlist) { - SECU_PrintError(progName,"find user certs from nickname failed"); - pk12uErrno = PK12UERR_FINDCERTBYNN; - return; - } - - if ((SECSuccess != CERT_FilterCertListForUserCerts(certlist)) || - CERT_LIST_EMPTY(certlist)) { - SECU_PrintError(progName,"no user certs from given nickname"); - pk12uErrno = PK12UERR_FINDCERTBYNN; - goto loser; - } - - /* Password to use for PKCS12 file. */ - pwitem = P12U_GetP12FilePassword(PR_TRUE, p12FilePw); - if(!pwitem) { - goto loser; - } - - p12cxt = p12u_InitFile(PR_FALSE, outfile); - if(!p12cxt) { - SECU_PrintError(progName,"Initialization failed: %s", outfile); - pk12uErrno = PK12UERR_INIT_FILE; - goto loser; - } - - if (certlist) { - CERTCertificate* cert = NULL; - node = CERT_LIST_HEAD(certlist); - if (node) { - cert = node->cert; - } - if (cert) { - slot = cert->slot; /* use the slot from the first matching - certificate to create the context . This is for keygen */ - } - } - if (!slot) { - SECU_PrintError(progName,"cert does not have a slot"); - pk12uErrno = PK12UERR_FINDCERTBYNN; - goto loser; - } - p12ecx = SEC_PKCS12CreateExportContext(NULL, NULL, slot, slotPw); - if(!p12ecx) { - SECU_PrintError(progName,"export context creation failed"); - pk12uErrno = PK12UERR_EXPORTCXCREATE; - goto loser; - } - - if(SEC_PKCS12AddPasswordIntegrity(p12ecx, pwitem, SEC_OID_SHA1) - != SECSuccess) { - SECU_PrintError(progName,"PKCS12 add password integrity failed"); - pk12uErrno = PK12UERR_PK12ADDPWDINTEG; - goto loser; - } - - for (node = CERT_LIST_HEAD(certlist);!CERT_LIST_END(node,certlist);node=CERT_LIST_NEXT(node)) - { - CERTCertificate* cert = node->cert; - if (!cert->slot) { - SECU_PrintError(progName,"cert does not have a slot"); - pk12uErrno = PK12UERR_FINDCERTBYNN; - goto loser; - } - - keySafe = SEC_PKCS12CreateUnencryptedSafe(p12ecx); - if(/*!SEC_PKCS12IsEncryptionAllowed() || */ PK11_IsFIPS()) { - certSafe = keySafe; - } else { - certSafe = SEC_PKCS12CreatePasswordPrivSafe(p12ecx, pwitem, - SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC); - } - - if(!certSafe || !keySafe) { - SECU_PrintError(progName,"key or cert safe creation failed"); - pk12uErrno = PK12UERR_CERTKEYSAFE; - goto loser; - } - - if(SEC_PKCS12AddCertAndKey(p12ecx, certSafe, NULL, cert, - CERT_GetDefaultCertDB(), keySafe, NULL, PR_TRUE, pwitem, - SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC) - != SECSuccess) { - SECU_PrintError(progName,"add cert and key failed"); - pk12uErrno = PK12UERR_ADDCERTKEY; - goto loser; - } - } - - CERT_DestroyCertList(certlist); - certlist = NULL; - - if(SEC_PKCS12Encode(p12ecx, p12u_WriteToExportFile, p12cxt) - != SECSuccess) { - SECU_PrintError(progName,"PKCS12 encode failed"); - pk12uErrno = PK12UERR_ENCODE; - goto loser; - } - - p12u_DestroyExportFileInfo(&p12cxt, PR_FALSE); - SECITEM_ZfreeItem(pwitem, PR_TRUE); - fprintf(stdout, "%s: PKCS12 EXPORT SUCCESSFUL\n", progName); - SEC_PKCS12DestroyExportContext(p12ecx); - - return; - -loser: - SEC_PKCS12DestroyExportContext(p12ecx); - - if (certlist) { - CERT_DestroyCertList(certlist); - certlist = NULL; - } - - if (slotPw) - PR_Free(slotPw->data); - - if (p12FilePw) - PR_Free(p12FilePw->data); - - p12u_DestroyExportFileInfo(&p12cxt, PR_TRUE); - if(pwitem) { - SECITEM_ZfreeItem(pwitem, PR_TRUE); - } - p12u_DoPKCS12ExportErrors(); - return; -} - -static void -p12u_EnableAllCiphers() -{ - SEC_PKCS12EnableCipher(PKCS12_RC4_40, 1); - SEC_PKCS12EnableCipher(PKCS12_RC4_128, 1); - SEC_PKCS12EnableCipher(PKCS12_RC2_CBC_40, 1); - SEC_PKCS12EnableCipher(PKCS12_RC2_CBC_128, 1); - SEC_PKCS12EnableCipher(PKCS12_DES_56, 1); - SEC_PKCS12EnableCipher(PKCS12_DES_EDE3_168, 1); - SEC_PKCS12SetPreferredCipher(PKCS12_DES_EDE3_168, 1); -} - -static PRUintn -P12U_Init(char *dir, char *dbprefix) -{ - SECStatus rv; - PK11_SetPasswordFunc(SECU_GetModulePassword); - - PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1); - rv = NSS_Initialize(dir,dbprefix,dbprefix,"secmod.db",0); - if (rv != SECSuccess) { - SECU_PrintPRandOSError(progName); - exit(-1); - } - - /* setup unicode callback functions */ - PORT_SetUCS2_ASCIIConversionFunction(p12u_ucs2_ascii_conversion_function); - /* use the defaults for UCS4-UTF8 and UCS2-UTF8 */ - - p12u_EnableAllCiphers(); - - return 0; -} - -enum { - opt_CertDir = 0, - opt_TokenName, - opt_Import, - opt_SlotPWFile, - opt_SlotPW, - opt_Nickname, - opt_Export, - opt_P12FilePWFile, - opt_P12FilePW, - opt_DBPrefix, - opt_Debug -}; - -static secuCommandFlag pk12util_options[] = -{ - { /* opt_CertDir */ 'd', PR_TRUE, 0, PR_FALSE }, - { /* opt_TokenName */ 'h', PR_TRUE, 0, PR_FALSE }, - { /* opt_Import */ 'i', PR_TRUE, 0, PR_FALSE }, - { /* opt_SlotPWFile */ 'k', PR_TRUE, 0, PR_FALSE }, - { /* opt_SlotPW */ 'K', PR_TRUE, 0, PR_FALSE }, - { /* opt_Nickname */ 'n', PR_TRUE, 0, PR_FALSE }, - { /* opt_Export */ 'o', PR_TRUE, 0, PR_FALSE }, - { /* opt_P12FilePWFile */ 'w', PR_TRUE, 0, PR_FALSE }, - { /* opt_P12FilePW */ 'W', PR_TRUE, 0, PR_FALSE }, - { /* opt_DBPrefix */ 'P', PR_TRUE, 0, PR_FALSE }, - { /* opt_Debug */ 'v', PR_FALSE, 0, PR_FALSE } -}; - -int -main(int argc, char **argv) -{ - PRIntn ret = 0; - secuPWData slotPw = { PW_NONE, NULL }; - secuPWData p12FilePw = { PW_NONE, NULL }; - PK11SlotInfo *slot; - char *slotname = NULL; - char *import_file = NULL; - char *export_file = NULL; - char *dbprefix = ""; - SECStatus rv; - - secuCommand pk12util; - pk12util.numCommands = 0; - pk12util.commands = 0; - pk12util.numOptions = sizeof(pk12util_options) / sizeof(secuCommandFlag); - pk12util.options = pk12util_options; - - progName = strrchr(argv[0], '/'); - progName = progName ? progName+1 : argv[0]; - - rv = SECU_ParseCommandLine(argc, argv, progName, &pk12util); - - if (rv != SECSuccess) - Usage(progName); - - pk12_debugging = pk12util.options[opt_Debug].activated; - - if (pk12util.options[opt_Import].activated && - pk12util.options[opt_Export].activated) { - Usage(progName); - } - - if (pk12util.options[opt_Export].activated && - !pk12util.options[opt_Nickname].activated) { - Usage(progName); - } - - slotname = SECU_GetOptionArg(&pk12util, opt_TokenName); - import_file = SECU_GetOptionArg(&pk12util, opt_Import); - export_file = SECU_GetOptionArg(&pk12util, opt_Export); - - if (pk12util.options[opt_P12FilePWFile].activated) { - p12FilePw.source = PW_FROMFILE; - p12FilePw.data = PL_strdup(pk12util.options[opt_P12FilePWFile].arg); - } - - if (pk12util.options[opt_P12FilePW].activated) { - p12FilePw.source = PW_PLAINTEXT; - p12FilePw.data = PL_strdup(pk12util.options[opt_P12FilePW].arg); - } - - if (pk12util.options[opt_SlotPWFile].activated) { - slotPw.source = PW_FROMFILE; - slotPw.data = PL_strdup(pk12util.options[opt_SlotPWFile].arg); - } - - if (pk12util.options[opt_SlotPW].activated) { - slotPw.source = PW_PLAINTEXT; - slotPw.data = PL_strdup(pk12util.options[opt_SlotPW].arg); - } - - if (pk12util.options[opt_CertDir].activated) { - SECU_ConfigDirectory(pk12util.options[opt_CertDir].arg); - } - if (pk12util.options[opt_DBPrefix].activated) { - dbprefix = pk12util.options[opt_DBPrefix].arg; - } - P12U_Init(SECU_ConfigDirectory(NULL),dbprefix); - - if (!slotname || PL_strcmp(slotname, "internal") == 0) - slot = PK11_GetInternalKeySlot(); - else - slot = PK11_FindSlotByName(slotname); - - if (!slot) { - SECU_PrintError(progName,"Invalid slot \"%s\"", slotname); - pk12uErrno = PK12UERR_PK11GETSLOT; - goto done; - } - - if (pk12util.options[opt_Import].activated) { - - if ((ret = P12U_ImportPKCS12Object(import_file, slot, &slotPw, - &p12FilePw)) != 0) - goto done; - - } else if (pk12util.options[opt_Export].activated) { - P12U_ExportPKCS12Object(pk12util.options[opt_Nickname].arg, - export_file, slot, &slotPw, &p12FilePw); - } else { - Usage(progName); - pk12uErrno = PK12UERR_USAGE; - } - -done: - if (slot) PK11_FreeSlot(slot); - if (NSS_Shutdown() != SECSuccess) { - exit(1); - } - exit(pk12uErrno); -} diff --git a/security/nss/cmd/pk12util/pk12util.h b/security/nss/cmd/pk12util/pk12util.h deleted file mode 100644 index 8e456d98c..000000000 --- a/security/nss/cmd/pk12util/pk12util.h +++ /dev/null @@ -1,69 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -/* - * ERROR codes in pk12util - * - should be organized better later - */ -#define PK12UERR_USER_CANCELLED 1 -#define PK12UERR_USAGE 2 -#define PK12UERR_CERTDB_OPEN 8 -#define PK12UERR_KEYDB_OPEN 9 -#define PK12UERR_INIT_FILE 10 -#define PK12UERR_UNICODECONV 11 -#define PK12UERR_TMPDIGCREATE 12 -#define PK12UERR_PK11GETSLOT 13 -#define PK12UERR_PK12DECODESTART 14 -#define PK12UERR_IMPORTFILEREAD 15 -#define PK12UERR_DECODE 16 -#define PK12UERR_DECODEVERIFY 17 -#define PK12UERR_DECODEVALIBAGS 18 -#define PK12UERR_DECODEIMPTBAGS 19 -#define PK12UERR_CERTALREADYEXISTS 20 -#define PK12UERR_PATCHDB 22 -#define PK12UERR_GETDEFCERTDB 23 -#define PK12UERR_FINDCERTBYNN 24 -#define PK12UERR_EXPORTCXCREATE 25 -#define PK12UERR_PK12ADDPWDINTEG 26 -#define PK12UERR_CERTKEYSAFE 27 -#define PK12UERR_ADDCERTKEY 28 -#define PK12UERR_ENCODE 29 - - -/* additions for importing and exporting PKCS 12 files */ -typedef struct p12uContextStr { - char *filename; /* name of file */ - PRFileDesc *file; /* pointer to file */ - PRBool error; /* error occurred? */ - int errorValue; /* which error occurred? */ -} p12uContext; diff --git a/security/nss/cmd/pkiutil/Makefile b/security/nss/cmd/pkiutil/Makefile deleted file mode 100644 index 23afa3799..000000000 --- a/security/nss/cmd/pkiutil/Makefile +++ /dev/null @@ -1,76 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - -include platlibs.mk - - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - - -include ../platrules.mk - diff --git a/security/nss/cmd/pkiutil/manifest.mn b/security/nss/cmd/pkiutil/manifest.mn deleted file mode 100644 index 3f65c29ab..000000000 --- a/security/nss/cmd/pkiutil/manifest.mn +++ /dev/null @@ -1,47 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -CORE_DEPTH = ../../.. - -# MODULE public and private header directories are implicitly REQUIRED. -MODULE = nss - -CSRCS = \ - pkiutil.c \ - $(NULL) - -# The MODULE is always implicitly required. -# Listing it here in REQUIRES makes it appear twice in the cc command line. -REQUIRES = dbm seccmd - -PROGRAM = pkiutil diff --git a/security/nss/cmd/pkiutil/pkiutil.c b/security/nss/cmd/pkiutil/pkiutil.c deleted file mode 100644 index f922debab..000000000 --- a/security/nss/cmd/pkiutil/pkiutil.c +++ /dev/null @@ -1,373 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -#include "nspr.h" -#include "prtypes.h" -#include "prtime.h" -#include "prlong.h" -#include "nss.h" -#include "cmdutil.h" -#include "nsspki.h" -/* hmmm...*/ -#include "pki.h" - -#define PKIUTIL_VERSION_STRING "pkiutil version 0.1" - -char *progName = NULL; - -typedef struct { - PRBool raw; - PRBool ascii; - char *name; - PRFileDesc *file; -} objOutputMode; - -typedef enum { - PKIUnknown = -1, - PKICertificate, - PKIPublicKey, - PKIPrivateKey, - PKIAny -} PKIObjectType; - -static PKIObjectType -get_object_class(char *type) -{ - if (strcmp(type, "certificate") == 0 || strcmp(type, "cert") == 0 || - strcmp(type, "Certificate") == 0 || strcmp(type, "Cert") == 0) { - return PKICertificate; - } else if (strcmp(type, "public_key") == 0 || - strcmp(type, "PublicKey") == 0) { - return PKIPublicKey; - } else if (strcmp(type, "private_key") == 0 || - strcmp(type, "PrivateKey") == 0) { - return PKIPrivateKey; - } else if (strcmp(type, "all") == 0 || strcmp(type, "any") == 0) { - return PKIAny; - } - fprintf(stderr, "%s: \"%s\" is not a valid PKCS#11 object type.\n", - progName, type); - return PKIUnknown; -} - -static PRStatus -print_cert_callback(NSSCertificate *c, void *arg) -{ - int i; - NSSUTF8 *label; - NSSItem *id; - label = NSSCertificate_GetLabel(c); - printf("%s\n", label); - nss_ZFreeIf((void*)label); -#if 0 - id = NSSCertificate_GetID(c); - for (i=0; i<id->size; i++) { - printf("%c", ((char *)id->data)[i]); - } - printf("\n"); -#endif - return PR_SUCCESS; -} - -/* pkiutil commands */ -enum { - cmd_Add = 0, - cmd_Dump, - cmd_List, - cmd_Version, - pkiutil_num_commands -}; - -/* pkiutil options */ -enum { - opt_Help = 0, - opt_Ascii, - opt_ProfileDir, - opt_TokenName, - opt_InputFile, - opt_Nickname, - opt_OutputFile, - opt_Binary, - opt_Trust, - opt_Type, - pkiutil_num_options -}; - -static cmdCommandLineArg pkiutil_commands[] = -{ - { /* cmd_Add */ 'A', "add", CMDNoArg, 0, PR_FALSE, - CMDBIT(opt_Nickname) | CMDBIT(opt_Trust), - CMDBIT(opt_Ascii) | CMDBIT(opt_ProfileDir) - | CMDBIT(opt_TokenName) | CMDBIT(opt_InputFile) - | CMDBIT(opt_Binary) | CMDBIT(opt_Type) }, - { /* cmd_Dump */ 0 , "dump", CMDNoArg, 0, PR_FALSE, - CMDBIT(opt_Nickname), - CMDBIT(opt_Ascii) | CMDBIT(opt_ProfileDir) - | CMDBIT(opt_TokenName) | CMDBIT(opt_Binary) - | CMDBIT(opt_Type) }, - { /* cmd_List */ 'L', "list", CMDNoArg, 0, PR_FALSE, 0, - CMDBIT(opt_Ascii) | CMDBIT(opt_ProfileDir) - | CMDBIT(opt_TokenName) | CMDBIT(opt_Binary) - | CMDBIT(opt_Nickname) | CMDBIT(opt_Type) }, - { /* cmd_Version */ 'Y', "version", CMDNoArg, 0, PR_FALSE, 0, 0 } -}; - -static cmdCommandLineOpt pkiutil_options[] = -{ - { /* opt_Help */ '?', "help", CMDNoArg, 0, PR_FALSE }, - { /* opt_Ascii */ 'a', "ascii", CMDNoArg, 0, PR_FALSE }, - { /* opt_ProfileDir */ 'd', "dbdir", CMDArgReq, 0, PR_FALSE }, - { /* opt_TokenName */ 'h', "token", CMDArgReq, 0, PR_FALSE }, - { /* opt_InputFile */ 'i', "infile", CMDArgReq, 0, PR_FALSE }, - { /* opt_Nickname */ 'n', "nickname", CMDArgReq, 0, PR_FALSE }, - { /* opt_OutputFile */ 'o', "outfile", CMDArgReq, 0, PR_FALSE }, - { /* opt_Binary */ 'r', "raw", CMDNoArg, 0, PR_FALSE }, - { /* opt_Trust */ 't', "trust", CMDArgReq, 0, PR_FALSE }, - { /* opt_Type */ 0 , "type", CMDArgReq, 0, PR_FALSE } -}; - -void pkiutil_usage(cmdPrintState *ps, - int num, PRBool cmd, PRBool header, PRBool footer) -{ -#define pusg CMD_PrintUsageString - if (header) { - pusg(ps, "utility for managing PKCS#11 objects (certs and keys)\n"); - } else if (footer) { - /* - printf("certificate trust can be:\n"); - printf(" p - valid peer, P - trusted peer (implies p)\n"); - printf(" c - valid CA\n"); - printf(" T - trusted CA to issue client certs (implies c)\n"); - printf(" C - trusted CA to issue server certs (implies c)\n"); - printf(" u - user cert\n"); - printf(" w - send warning\n"); - */ - } else if (cmd) { - switch(num) { - case cmd_Add: - pusg(ps, "Add an object to the token"); break; - case cmd_Dump: - pusg(ps, "Dump a single object"); break; - case cmd_List: - pusg(ps, "List objects on the token (-n for single object)"); break; - case cmd_Version: - pusg(ps, "Report version"); break; - default: - pusg(ps, "Unrecognized command"); break; - } - } else { - switch(num) { - case opt_Ascii: - pusg(ps, "Use ascii (base-64 encoded) mode for I/O"); break; - case opt_ProfileDir: - pusg(ps, "Directory containing security databases (def: \".\")"); - break; - case opt_TokenName: - pusg(ps, "Name of PKCS#11 token to use (def: internal)"); break; - case opt_InputFile: - pusg(ps, "File for input (def: stdin)"); break; - case opt_Nickname: - pusg(ps, "Nickname of object"); break; - case opt_OutputFile: - pusg(ps, "File for output (def: stdout)"); break; - case opt_Binary: - pusg(ps, "Use raw (binary der-encoded) mode for I/O"); break; - case opt_Trust: - pusg(ps, "Trust level for certificate"); break; - case opt_Help: break; - default: - pusg(ps, "Unrecognized option"); - } - } -} - -int -main(int argc, char **argv) -{ - PRFileDesc *infile = NULL; - PRFileDesc *outfile = NULL; - char *profiledir = "./"; -#if 0 - secuPWData pwdata = { PW_NONE, 0 }; -#endif - int objclass = 3; /* ANY */ - NSSTrustDomain *root_cert_td = NULL; - char *rootpath = NULL; - char builtin_name[]= "libnssckbi.so"; /* temporary hardcode */ - PRStatus rv = PR_SUCCESS; - - int cmdToRun; - cmdCommand pkiutil; - pkiutil.ncmd = pkiutil_num_commands; - pkiutil.nopt = pkiutil_num_options; - pkiutil.cmd = pkiutil_commands; - pkiutil.opt = pkiutil_options; - - progName = strrchr(argv[0], '/'); - progName = progName ? progName+1 : argv[0]; - - cmdToRun = CMD_ParseCommandLine(argc, argv, progName, &pkiutil); - -#if 0 - { int i, nc; - for (i=0; i<pkiutil.ncmd; i++) - printf("%s: %s <%s>\n", pkiutil.cmd[i].s, - (pkiutil.cmd[i].on) ? "on" : "off", - pkiutil.cmd[i].arg); - for (i=0; i<pkiutil.nopt; i++) - printf("%s: %s <%s>\n", pkiutil.opt[i].s, - (pkiutil.opt[i].on) ? "on" : "off", - pkiutil.opt[i].arg); - } -#endif - - if (pkiutil.opt[opt_Help].on) - CMD_LongUsage(progName, &pkiutil, pkiutil_usage); - - if (cmdToRun < 0) - CMD_Usage(progName, &pkiutil); - - /* -d */ - if (pkiutil.opt[opt_ProfileDir].on) { - profiledir = strdup(pkiutil.opt[opt_ProfileDir].arg); - } - - /* -i */ - if (pkiutil.opt[opt_InputFile].on) { - char *fn = pkiutil.opt[opt_InputFile].arg; - infile = PR_Open(fn, PR_RDONLY, 0660); - } else { - infile = PR_STDIN; - } - - /* -o */ - if (pkiutil.opt[opt_OutputFile].on) { - char *fn = pkiutil.opt[opt_OutputFile].arg; - outfile = PR_Open(fn, PR_WRONLY | PR_CREATE_FILE, 0660); - } else { - outfile = PR_STDOUT; - } - - /* --type can be found on many options */ - if (pkiutil.opt[opt_Type].on) - objclass = get_object_class(pkiutil.opt[opt_Type].arg); - else if (cmdToRun == cmd_Dump && pkiutil.cmd[cmd_Dump].arg) - objclass = get_object_class(pkiutil.cmd[cmd_Dump].arg); - else if (cmdToRun == cmd_List && pkiutil.cmd[cmd_List].arg) - objclass = get_object_class(pkiutil.cmd[cmd_List].arg); - else if (cmdToRun == cmd_Add && pkiutil.cmd[cmd_Add].arg) - objclass = get_object_class(pkiutil.cmd[cmd_Add].arg); - if (objclass < 0) - goto done; - - /* --print is an alias for --list --nickname */ - if (cmdToRun == cmd_Dump) cmdToRun = cmd_List; - - /* if list has raw | ascii must have -n. can't have both raw and ascii */ - if (pkiutil.opt[opt_Binary].on || pkiutil.opt[opt_Ascii].on) { - if (cmdToRun == cmd_List && !pkiutil.opt[opt_Nickname].on) { - fprintf(stderr, "%s: specify a object to output with -n\n", - progName); - CMD_LongUsage(progName, &pkiutil, pkiutil_usage); - } - } - - /* initialize */ - PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1); - /* NSS_InitReadWrite(profiledir); */ - NSS_NoDB_Init(NULL); - - /* Display version info and exit */ - if (cmdToRun == cmd_Version) { - printf("%s\nNSS Version %s\n", PKIUTIL_VERSION_STRING, NSS_VERSION); - goto done; - } - - /* XXX okay - bootstrap stan by loading the root cert module for testing */ - root_cert_td = NSSTrustDomain_Create(NULL, NULL, NULL, NULL); - { - int rootpathlen = strlen(profiledir) + strlen(builtin_name) + 1; - rootpath = (char *)malloc(rootpathlen); - memcpy(rootpath, profiledir, strlen(profiledir)); - memcpy(rootpath + strlen(profiledir), - builtin_name, strlen(builtin_name)); - rootpath[rootpathlen - 1] = '\0'; - } - NSSTrustDomain_LoadModule(root_cert_td, "Builtin Root Module", rootpath, - NULL, NULL); - - printf("\n"); - if (pkiutil.opt[opt_Nickname].on) { - int i; - NSSCertificate **certs; - NSSCertificate *cert; - certs = NSSTrustDomain_FindCertificatesByNickname(root_cert_td, - pkiutil.opt[opt_Nickname].arg, NULL, 0, NULL); - i = 0; - while ((cert = certs[i++]) != NULL) { - printf("Found cert:\n"); - print_cert_callback(cert, NULL); - } - } else { - NSSTrustDomain_TraverseCertificates(root_cert_td, print_cert_callback, 0); - } - - NSSTrustDomain_Destroy(root_cert_td); - - /* List token objects */ - if (cmdToRun == cmd_List) { -#if 0 - rv = list_token_objects(slot, objclass, - pkiutil.opt[opt_Nickname].arg, - pkiutil.opt[opt_Binary].on, - pkiutil.opt[opt_Ascii].on, - outfile, &pwdata); -#endif - goto done; - } - -#if 0 - /* Import an object into the token. */ - if (cmdToRun == cmd_Add) { - rv = add_object_to_token(slot, object); - goto done; - } -#endif - -done: - if (NSS_Shutdown() != SECSuccess) { - exit(1); - } - - return rv; -} diff --git a/security/nss/cmd/pkiutil/platlibs.mk b/security/nss/cmd/pkiutil/platlibs.mk deleted file mode 100644 index 9a714f300..000000000 --- a/security/nss/cmd/pkiutil/platlibs.mk +++ /dev/null @@ -1,53 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -# $(PROGRAM) has explicit dependencies on $(EXTRA_LIBS) -EXTRA_LIBS += \ - $(DIST)/lib/libcmdutil.$(LIB_SUFFIX) \ - $(NULL) - -ifeq ($(OS_ARCH), AIX) -EXTRA_SHARED_LIBS += -brtl -endif - -# $(PROGRAM) has NO explicit dependencies on $(EXTRA_SHARED_LIBS) -# $(EXTRA_SHARED_LIBS) come before $(OS_LIBS), except on AIX. -EXTRA_SHARED_LIBS += \ - -L$(DIST)/lib/ \ - -lnsspki3 \ - -lnss3 \ - -lplc4 \ - -lplds4 \ - -lnspr4 \ - $(NULL) - diff --git a/security/nss/cmd/platlibs.mk b/security/nss/cmd/platlibs.mk deleted file mode 100644 index a160c3176..000000000 --- a/security/nss/cmd/platlibs.mk +++ /dev/null @@ -1,219 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - - -ifdef USE_STATIC_LIBS - -# can't do this in manifest.mn because OS_ARCH isn't defined there. -ifeq ($(OS_ARCH), WINNT) - -DEFINES += -DNSS_USE_STATIC_LIBS -# $(PROGRAM) has explicit dependencies on $(EXTRA_LIBS) -CRYPTOLIB=$(DIST)/lib/$(LIB_PREFIX)freebl.$(LIB_SUFFIX) -ifdef MOZILLA_SECURITY_BUILD - CRYPTOLIB=$(DIST)/lib/crypto.lib -endif -ifdef MOZILLA_BSAFE_BUILD - CRYPTOLIB+=$(DIST)/lib/bsafe$(BSAFEVER).lib - CRYPTOLIB+=$(DIST)/lib/freebl.lib -endif - -EXTRA_LIBS += \ - $(DIST)/lib/$(LIB_PREFIX)smime.$(LIB_SUFFIX) \ - $(DIST)/lib/$(LIB_PREFIX)ssl.$(LIB_SUFFIX) \ - $(DIST)/lib/$(LIB_PREFIX)nss.$(LIB_SUFFIX) \ - $(DIST)/lib/$(LIB_PREFIX)ssl.$(LIB_SUFFIX) \ - $(DIST)/lib/$(LIB_PREFIX)sectool.$(LIB_SUFFIX) \ - $(DIST)/lib/$(LIB_PREFIX)pkcs12.$(LIB_SUFFIX) \ - $(DIST)/lib/$(LIB_PREFIX)pkcs7.$(LIB_SUFFIX) \ - $(DIST)/lib/$(LIB_PREFIX)certhi.$(LIB_SUFFIX) \ - $(DIST)/lib/$(LIB_PREFIX)cryptohi.$(LIB_SUFFIX) \ - $(DIST)/lib/$(LIB_PREFIX)pk11wrap.$(LIB_SUFFIX) \ - $(DIST)/lib/$(LIB_PREFIX)certdb.$(LIB_SUFFIX) \ - $(DIST)/lib/$(LIB_PREFIX)softokn.$(LIB_SUFFIX) \ - $(CRYPTOLIB) \ - $(DIST)/lib/$(LIB_PREFIX)swfci.$(LIB_SUFFIX) \ - $(DIST)/lib/$(LIB_PREFIX)secutil.$(LIB_SUFFIX) \ - $(DIST)/lib/$(LIB_PREFIX)nsspki.$(LIB_SUFFIX) \ - $(DIST)/lib/$(LIB_PREFIX)nssdev.$(LIB_SUFFIX) \ - $(DIST)/lib/$(LIB_PREFIX)nssb.$(LIB_SUFFIX) \ - $(DIST)/lib/$(LIB_PREFIX)dbm.$(LIB_SUFFIX) \ - $(DIST)/lib/$(NSPR31_LIB_PREFIX)plc4.$(LIB_SUFFIX) \ - $(DIST)/lib/$(NSPR31_LIB_PREFIX)plds4.$(LIB_SUFFIX) \ - $(DIST)/lib/$(NSPR31_LIB_PREFIX)nspr4.$(LIB_SUFFIX) \ - $(NULL) - -# $(PROGRAM) has NO explicit dependencies on $(OS_LIBS) -#OS_LIBS += \ - wsock32.lib \ - winmm.lib \ - $(NULL) - -JAR_LIBS = $(DIST)/lib/$(LIB_PREFIX)jar.$(LIB_SUFFIX) \ - $(DIST)/lib/$(LIB_PREFIX)zlib.$(LIB_SUFFIX) \ - $(NULL) -else - -# $(PROGRAM) has explicit dependencies on $(EXTRA_LIBS) -CRYPTOLIB=$(DIST)/lib/$(LIB_PREFIX)freebl.$(LIB_SUFFIX) -ifdef MOZILLA_SECURITY_BUILD - CRYPTOLIB=$(DIST)/lib/$(LIB_PREFIX)crypto.$(LIB_SUFFIX) -endif -ifdef MOZILLA_BSAFE_BUILD - CRYPTOLIB+=$(DIST)/lib/$(LIB_PREFIX)bsafe.$(LIB_SUFFIX) - CRYPTOLIB+=$(DIST)/lib/$(LIB_PREFIX)freebl.$(LIB_SUFFIX) -endif -EXTRA_LIBS += \ - $(DIST)/lib/$(LIB_PREFIX)smime.$(LIB_SUFFIX) \ - $(DIST)/lib/$(LIB_PREFIX)ssl.$(LIB_SUFFIX) \ - $(DIST)/lib/$(LIB_PREFIX)nss.$(LIB_SUFFIX) \ - $(DIST)/lib/$(LIB_PREFIX)ssl.$(LIB_SUFFIX) \ - $(DIST)/lib/$(LIB_PREFIX)sectool.$(LIB_SUFFIX) \ - $(DIST)/lib/$(LIB_PREFIX)pkcs12.$(LIB_SUFFIX) \ - $(DIST)/lib/$(LIB_PREFIX)pkcs7.$(LIB_SUFFIX) \ - $(DIST)/lib/$(LIB_PREFIX)certhi.$(LIB_SUFFIX) \ - $(DIST)/lib/$(LIB_PREFIX)pk11wrap.$(LIB_SUFFIX) \ - $(DIST)/lib/$(LIB_PREFIX)cryptohi.$(LIB_SUFFIX) \ - $(DIST)/lib/$(LIB_PREFIX)certhi.$(LIB_SUFFIX) \ - $(DIST)/lib/$(LIB_PREFIX)nsspki.$(LIB_SUFFIX) \ - $(DIST)/lib/$(LIB_PREFIX)pk11wrap.$(LIB_SUFFIX) \ - $(DIST)/lib/$(LIB_PREFIX)softokn.$(LIB_SUFFIX) \ - $(DIST)/lib/$(LIB_PREFIX)certdb.$(LIB_SUFFIX) \ - $(DIST)/lib/$(LIB_PREFIX)nsspki.$(LIB_SUFFIX) \ - $(DIST)/lib/$(LIB_PREFIX)nssdev.$(LIB_SUFFIX) \ - $(DIST)/lib/$(LIB_PREFIX)nssb.$(LIB_SUFFIX) \ - $(DIST)/lib/$(LIB_PREFIX)swfci.$(LIB_SUFFIX) \ - $(CRYPTOLIB) \ - $(DIST)/lib/$(LIB_PREFIX)secutil.$(LIB_SUFFIX) \ - $(DIST)/lib/$(LIB_PREFIX)dbm.$(LIB_SUFFIX) \ - $(NULL) - -ifeq ($(OS_ARCH), AIX) -EXTRA_SHARED_LIBS += -brtl -endif - -# $(PROGRAM) has NO explicit dependencies on $(EXTRA_SHARED_LIBS) -# $(EXTRA_SHARED_LIBS) come before $(OS_LIBS), except on AIX. -ifdef XP_OS2_VACPP -EXTRA_SHARED_LIBS += \ - $(DIST)/lib/plc4.lib \ - $(DIST)/lib/plds4.lib \ - $(DIST)/lib/nspr4.lib \ - $(NULL) -else -EXTRA_SHARED_LIBS += \ - -L$(DIST)/lib \ - -lplc4 \ - -lplds4 \ - -lnspr4 \ - $(NULL) -endif -endif - -JAR_LIBS = $(DIST)/lib/$(LIB_PREFIX)jar.$(LIB_SUFFIX) \ - $(DIST)/lib/$(LIB_PREFIX)zlib.$(LIB_SUFFIX) \ - $(NULL) - -else # USE_STATIC_LIBS -# can't do this in manifest.mn because OS_ARCH isn't defined there. -ifeq ($(OS_ARCH), WINNT) - -# $(PROGRAM) has explicit dependencies on $(EXTRA_LIBS) -EXTRA_LIBS += \ - $(DIST)/lib/$(LIB_PREFIX)sectool.$(LIB_SUFFIX) \ - $(DIST)/lib/$(IMPORT_LIB_PREFIX)smime3$(IMPORT_LIB_SUFFIX) \ - $(DIST)/lib/$(IMPORT_LIB_PREFIX)ssl3$(IMPORT_LIB_SUFFIX) \ - $(DIST)/lib/$(IMPORT_LIB_PREFIX)nss3$(IMPORT_LIB_SUFFIX) \ - $(DIST)/lib/$(NSPR31_LIB_PREFIX)plc4.$(LIB_SUFFIX) \ - $(DIST)/lib/$(NSPR31_LIB_PREFIX)plds4.$(LIB_SUFFIX) \ - $(DIST)/lib/$(NSPR31_LIB_PREFIX)nspr4.$(LIB_SUFFIX) \ - $(NULL) - -# $(PROGRAM) has NO explicit dependencies on $(OS_LIBS) -#OS_LIBS += \ - wsock32.lib \ - winmm.lib \ - $(NULL) - -JAR_LIBS = $(DIST)/lib/$(LIB_PREFIX)jar.$(LIB_SUFFIX) \ - $(DIST)/lib/$(LIB_PREFIX)zlib.$(LIB_SUFFIX) \ - $(NULL) -else - -# $(PROGRAM) has explicit dependencies on $(EXTRA_LIBS) -EXTRA_LIBS += \ - $(DIST)/lib/$(LIB_PREFIX)sectool.$(LIB_SUFFIX) \ - $(NULL) - -ifeq ($(OS_ARCH), AIX) -EXTRA_SHARED_LIBS += -brtl -endif - -# If GNU ld is used, we must use the -rpath-link option to tell -# the linker where to find libsoftokn3.so, an implicit dependency -# of libnss3.so. -ifeq (,$(filter-out BSD_OS FreeBSD Linux NetBSD, $(OS_ARCH))) -EXTRA_SHARED_LIBS += -Wl,-rpath-link,$(DIST)/lib -endif - -ifeq ($(OS_ARCH), SunOS) -ifdef NS_USE_GCC -ifdef GCC_USE_GNU_LD -EXTRA_SHARED_LIBS += -Wl,-rpath-link,$(DIST)/lib -endif -endif -endif - -ifeq ($(OS_ARCH), Darwin) -EXTRA_SHARED_LIBS += -dylib_file @executable_path/libsoftokn3.dylib:$(DIST)/lib/libsoftokn3.dylib -endif - - -# $(PROGRAM) has NO explicit dependencies on $(EXTRA_SHARED_LIBS) -# $(EXTRA_SHARED_LIBS) come before $(OS_LIBS), except on AIX. -EXTRA_SHARED_LIBS += \ - -L$(DIST)/lib \ - -lssl3 \ - -lsmime3 \ - -lnss3 \ - -lplc4 \ - -lplds4 \ - -lnspr4 \ - $(NULL) - -JAR_LIBS = $(DIST)/lib/$(LIB_PREFIX)jar.$(LIB_SUFFIX) \ - $(DIST)/lib/$(LIB_PREFIX)zlib.$(LIB_SUFFIX) \ - $(NULL) -endif - -endif # USE_STATIC_LIBS diff --git a/security/nss/cmd/platrules.mk b/security/nss/cmd/platrules.mk deleted file mode 100644 index 3e5c19933..000000000 --- a/security/nss/cmd/platrules.mk +++ /dev/null @@ -1,47 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -show: - @echo "DEFINES = ${DEFINES}" - @echo "EXTRA_LIBS = >$(EXTRA_LIBS)<" - @echo "IMPORT_LIBRARY = $(IMPORT_LIBRARY)" - @echo "LIBRARY = $(LIBRARY)" - @echo "OBJS = $(OBJS)" - @echo "OS_ARCH = $(OS_ARCH)" - @echo "PROGRAM = >$(PROGRAM)<" - @echo "PROGRAMS = $(PROGRAMS)" - @echo "SHARED_LIBRARY = $(SHARED_LIBRARY)" - @echo "TARGETS = >$(TARGETS)<" - -showplatform: - @echo $(PLATFORM) diff --git a/security/nss/cmd/pp/Makefile b/security/nss/cmd/pp/Makefile deleted file mode 100644 index 4e39ffc3f..000000000 --- a/security/nss/cmd/pp/Makefile +++ /dev/null @@ -1,75 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - -include ../platlibs.mk - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - - -include ../platrules.mk - diff --git a/security/nss/cmd/pp/manifest.mn b/security/nss/cmd/pp/manifest.mn deleted file mode 100644 index f43c9c625..000000000 --- a/security/nss/cmd/pp/manifest.mn +++ /dev/null @@ -1,47 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -CORE_DEPTH = ../../.. - -# MODULE public and private header directories are implicitly REQUIRED. -MODULE = nss - -# This next line is used by .mk files -# and gets translated into $LINCS in manifest.mnw -REQUIRES = seccmd dbm - -DEFINES = -DNSPR20 - -CSRCS = pp.c - -PROGRAM = pp diff --git a/security/nss/cmd/pp/pp.c b/security/nss/cmd/pp/pp.c deleted file mode 100644 index bb2de8b67..000000000 --- a/security/nss/cmd/pp/pp.c +++ /dev/null @@ -1,184 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -/* - * Pretty-print some well-known BER or DER encoded data (e.g. certificates, - * keys, pkcs7) - * - * $Id$ - */ - -#include "secutil.h" - -#if defined(__sun) && !defined(SVR4) -extern int fprintf(FILE *, char *, ...); -#endif - -#include "plgetopt.h" - -#include "pk11func.h" -#include "nspr.h" -#include "nss.h" - -static void Usage(char *progName) -{ - fprintf(stderr, - "Usage: %s -t type [-a] [-i input] [-o output]\n", - progName); - fprintf(stderr, "%-20s Specify the input type (must be one of %s,\n", - "-t type", SEC_CT_PRIVATE_KEY); - fprintf(stderr, "%-20s %s, %s, %s,\n", "", SEC_CT_PUBLIC_KEY, - SEC_CT_CERTIFICATE, SEC_CT_CERTIFICATE_REQUEST); - fprintf(stderr, "%-20s %s or %s)\n", "", SEC_CT_PKCS7, SEC_CT_CRL); - fprintf(stderr, "%-20s Input is in ascii encoded form (RFC1113)\n", - "-a"); - fprintf(stderr, "%-20s Define an input file to use (default is stdin)\n", - "-i input"); - fprintf(stderr, "%-20s Define an output file to use (default is stdout)\n", - "-o output"); - exit(-1); -} - -int main(int argc, char **argv) -{ - int rv, ascii; - char *progName; - FILE *outFile; - PRFileDesc *inFile; - SECItem der, data; - char *typeTag; - PLOptState *optstate; - - progName = strrchr(argv[0], '/'); - progName = progName ? progName+1 : argv[0]; - - ascii = 0; - inFile = 0; - outFile = 0; - typeTag = 0; - optstate = PL_CreateOptState(argc, argv, "at:i:o:"); - while ( PL_GetNextOpt(optstate) == PL_OPT_OK ) { - switch (optstate->option) { - case '?': - Usage(progName); - break; - - case 'a': - ascii = 1; - break; - - case 'i': - inFile = PR_Open(optstate->value, PR_RDONLY, 0); - if (!inFile) { - fprintf(stderr, "%s: unable to open \"%s\" for reading\n", - progName, optstate->value); - return -1; - } - break; - - case 'o': - outFile = fopen(optstate->value, "w"); - if (!outFile) { - fprintf(stderr, "%s: unable to open \"%s\" for writing\n", - progName, optstate->value); - return -1; - } - break; - - case 't': - typeTag = strdup(optstate->value); - break; - } - } - PL_DestroyOptState(optstate); - if (!typeTag) Usage(progName); - - if (!inFile) inFile = PR_STDIN; - if (!outFile) outFile = stdout; - - PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1); - rv = NSS_NoDB_Init(NULL); - if (rv != SECSuccess) { - fprintf(stderr, "%s: NSS_NoDB_Init failed\n", progName); - exit(1); - } - - rv = SECU_ReadDERFromFile(&der, inFile, ascii); - if (rv != SECSuccess) { - fprintf(stderr, "%s: SECU_ReadDERFromFile failed\n", progName); - exit(1); - } - - /* Data is untyped, using the specified type */ - data.data = der.data; - data.len = der.len; - - /* Pretty print it */ - if (PORT_Strcmp(typeTag, SEC_CT_CERTIFICATE) == 0) { - rv = SECU_PrintSignedData(outFile, &data, "Certificate", 0, - SECU_PrintCertificate); - } else if (PORT_Strcmp(typeTag, SEC_CT_CERTIFICATE_REQUEST) == 0) { - rv = SECU_PrintSignedData(outFile, &data, "Certificate Request", 0, - SECU_PrintCertificateRequest); - } else if (PORT_Strcmp (typeTag, SEC_CT_CRL) == 0) { - rv = SECU_PrintSignedData (outFile, &data, "CRL", 0, SECU_PrintCrl); -#ifdef HAVE_EPV_TEMPLATE - } else if (PORT_Strcmp(typeTag, SEC_CT_PRIVATE_KEY) == 0) { - rv = SECU_PrintPrivateKey(outFile, &data, "Private Key", 0); -#endif - } else if (PORT_Strcmp(typeTag, SEC_CT_PUBLIC_KEY) == 0) { - rv = SECU_PrintPublicKey(outFile, &data, "Public Key", 0); - } else if (PORT_Strcmp(typeTag, SEC_CT_PKCS7) == 0) { - rv = SECU_PrintPKCS7ContentInfo(outFile, &data, - "PKCS #7 Content Info", 0); - } else { - fprintf(stderr, "%s: don't know how to print out '%s' files\n", - progName, typeTag); - return -1; - } - - if (inFile != PR_STDIN) - PR_Close(inFile); - PORT_Free(der.data); - if (rv) { - fprintf(stderr, "%s: problem converting data (%s)\n", - progName, SECU_Strerror(PORT_GetError())); - } - if (NSS_Shutdown() != SECSuccess) { - fprintf(stderr, "%s: NSS_Shutdown failed (%s)\n", - progName, SECU_Strerror(PORT_GetError())); - rv = SECFailure; - } - PR_Cleanup(); - return rv; -} diff --git a/security/nss/cmd/rsaperf/Makefile b/security/nss/cmd/rsaperf/Makefile deleted file mode 100644 index 35dc5f5da..000000000 --- a/security/nss/cmd/rsaperf/Makefile +++ /dev/null @@ -1,84 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1998-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### -include ../platlibs.mk - -ifeq (,$(filter-out WINNT WIN95 WIN16,$(OS_TARGET))) #omits WINCE -ifndef BUILD_OPT -ifndef NS_USE_GCC -LDFLAGS += /subsystem:console /profile /debug /machine:I386 /incremental:no -endif -OS_CFLAGS += -D_CONSOLE -endif -endif - - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - - -include ../platrules.mk - diff --git a/security/nss/cmd/rsaperf/defkey.c b/security/nss/cmd/rsaperf/defkey.c deleted file mode 100644 index 3dd4fe36c..000000000 --- a/security/nss/cmd/rsaperf/defkey.c +++ /dev/null @@ -1,202 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1998-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -/* This key is the 1024-bit test key used for speed testing of RSA private -** key ops. -*/ -#include "seccomon.h" -#include "secoidt.h" -#include "lowkeyti.h" - -#undef CONST -#define CONST - -static CONST unsigned char default_n[128] = { -0xc2,0xae,0x96,0x89,0xaf,0xce,0xd0,0x7b,0x3b,0x35,0xfd,0x0f,0xb1,0xf4,0x7a,0xd1, -0x3c,0x7d,0xb5,0x86,0xf2,0x68,0x36,0xc9,0x97,0xe6,0x82,0x94,0x86,0xaa,0x05,0x39, -0xec,0x11,0x51,0xcc,0x5c,0xa1,0x59,0xba,0x29,0x18,0xf3,0x28,0xf1,0x9d,0xe3,0xae, -0x96,0x5d,0x6d,0x87,0x73,0xf6,0xf6,0x1f,0xd0,0x2d,0xfb,0x2f,0x7a,0x13,0x7f,0xc8, -0x0c,0x7a,0xe9,0x85,0xfb,0xce,0x74,0x86,0xf8,0xef,0x2f,0x85,0x37,0x73,0x0f,0x62, -0x4e,0x93,0x17,0xb7,0x7e,0x84,0x9a,0x94,0x11,0x05,0xca,0x0d,0x31,0x4b,0x2a,0xc8, -0xdf,0xfe,0xe9,0x0c,0x13,0xc7,0xf2,0xad,0x19,0x64,0x28,0x3c,0xb5,0x6a,0xc8,0x4b, -0x79,0xea,0x7c,0xce,0x75,0x92,0x45,0x3e,0xa3,0x9d,0x64,0x6f,0x04,0x69,0x19,0x17 -}; - -static CONST unsigned char default_e[3] = { 0x01,0x00,0x01 }; - -static CONST unsigned char default_d[128] = { -0x13,0xcb,0xbc,0xf2,0xf3,0x35,0x8c,0x6d,0x7b,0x6f,0xd9,0xf3,0xa6,0x9c,0xbd,0x80, -0x59,0x2e,0x4f,0x2f,0x11,0xa7,0x17,0x2b,0x18,0x8f,0x0f,0xe8,0x1a,0x69,0x5f,0x6e, -0xac,0x5a,0x76,0x7e,0xd9,0x4c,0x6e,0xdb,0x47,0x22,0x8a,0x57,0x37,0x7a,0x5e,0x94, -0x7a,0x25,0xb5,0xe5,0x78,0x1d,0x3c,0x99,0xaf,0x89,0x7d,0x69,0x2e,0x78,0x9d,0x1d, -0x84,0xc8,0xc1,0xd7,0x1a,0xb2,0x6d,0x2d,0x8a,0xd9,0xab,0x6b,0xce,0xae,0xb0,0xa0, -0x58,0x55,0xad,0x5c,0x40,0x8a,0xd6,0x96,0x08,0x8a,0xe8,0x63,0xe6,0x3d,0x6c,0x20, -0x49,0xc7,0xaf,0x0f,0x25,0x73,0xd3,0x69,0x43,0x3b,0xf2,0x32,0xf8,0x3d,0x5e,0xee, -0x7a,0xca,0xd6,0x94,0x55,0xe5,0xbd,0x25,0x34,0x8d,0x63,0x40,0xb5,0x8a,0xc3,0x01 -}; - -static CONST unsigned char default_p[64] = { -0xf6,0x3c,0x3f,0x56,0x58,0x4f,0xb3,0x82,0x0c,0xf0,0x5b,0x42,0x36,0x1c,0x93,0xde, -0x9b,0x32,0x01,0xb1,0x48,0xf8,0x00,0x57,0x9b,0xc1,0xbe,0x66,0xc2,0xbb,0xea,0x7c, -0x75,0x29,0x2c,0x22,0xaa,0x7c,0xaf,0xbd,0x0d,0x3f,0xb0,0x64,0x97,0xf0,0x88,0x25, -0xcb,0x8d,0xc7,0x19,0x0a,0x75,0x44,0xa4,0x5a,0xc3,0xb5,0xb9,0x85,0xea,0x27,0xa7 -}; - -static CONST unsigned char default_q[64] = { -0xca,0x66,0xfa,0x18,0x6a,0x46,0x36,0x1c,0x46,0xfe,0x47,0xe9,0x7e,0x52,0x83,0x8a, -0xbb,0x72,0x13,0xcc,0x83,0x56,0x3d,0x64,0x22,0xdd,0xfa,0x7c,0x61,0x99,0xea,0xa4, -0xb3,0x0e,0x8f,0x79,0x10,0xab,0xba,0x4a,0x73,0xd1,0x48,0x40,0x34,0x34,0xd3,0xd2, -0x54,0x92,0xbe,0xf5,0xc8,0xc4,0x60,0x5f,0xd3,0xf7,0xce,0xbe,0x60,0x3e,0xb1,0x11 -}; - -static CONST unsigned char default_dModP[64] = { -0x8e,0x80,0xbf,0x87,0x11,0x04,0xcf,0x36,0x6c,0x96,0x8d,0xb9,0xfb,0xe6,0xfe,0x0c, -0xce,0x74,0x5a,0x56,0x67,0x8c,0x5f,0x66,0x54,0x56,0x04,0x03,0x24,0x9f,0xec,0x4c, -0xaa,0xe1,0x71,0x11,0x7e,0xe9,0x3a,0x2b,0x87,0x07,0x5c,0xe6,0x5a,0xa8,0x71,0xa2, -0xad,0xf3,0x17,0x4e,0x7e,0xa6,0xef,0x5a,0xce,0xcc,0x84,0xd7,0x21,0x91,0x29,0xf1 -}; - -static CONST unsigned char default_dModQ[64] = { -0x87,0x60,0x1d,0x02,0xdb,0x82,0x1e,0x8b,0x07,0x48,0xe8,0x5c,0x59,0xeb,0x62,0xa4, -0x15,0xff,0x95,0x12,0x82,0xfd,0xd9,0x8d,0xf2,0x6c,0x3a,0x2f,0x9b,0x30,0x51,0x6a, -0xdb,0x80,0x6f,0xa1,0xef,0xee,0x8c,0x69,0x63,0xd1,0xa4,0xdb,0x9c,0x8f,0x80,0xe5, -0xfb,0x3f,0x33,0x8e,0x3d,0x3c,0x6b,0xa1,0x6c,0xab,0x20,0x92,0xe0,0xd8,0xcd,0xa1 -}; - -static CONST unsigned char default_qInvModP[64] = { -0xce,0xcf,0x5a,0xad,0xc4,0x8c,0x44,0x91,0x3a,0xbc,0x7b,0xf8,0x80,0xf8,0x53,0xf5, -0x12,0x84,0x8c,0x9c,0x6b,0x33,0x93,0x0d,0xa1,0x11,0xea,0xfa,0x4a,0xc1,0xeb,0x48, -0xdc,0x44,0x86,0x93,0x1b,0x98,0xc7,0x82,0x22,0x68,0x30,0x44,0xd7,0x62,0x1b,0x90, -0x54,0x07,0x4b,0x66,0xa7,0xc5,0x75,0x5a,0x72,0x77,0x92,0xdd,0x6c,0xf3,0x37,0xab -}; - - -static struct NSSLOWKEYPrivateKeyStr rsaPriv; - -NSSLOWKEYPrivateKey * -getDefaultRSAPrivateKey(void) -{ - if (rsaPriv.keyType != NSSLOWKEYRSAKey) { - - /* leaving arena uninitialized. It isn't used in this test. */ - - rsaPriv.keyType = NSSLOWKEYRSAKey; - - /* leaving arena uninitialized. It isn't used. */ - /* leaving version uninitialized. It isn't used. */ - - rsaPriv.u.rsa.modulus.data = default_n; - rsaPriv.u.rsa.modulus.len = sizeof default_n; - rsaPriv.u.rsa.publicExponent.data = default_e; - rsaPriv.u.rsa.publicExponent.len = sizeof default_e; - rsaPriv.u.rsa.privateExponent.data = default_d; - rsaPriv.u.rsa.privateExponent.len = sizeof default_d; - rsaPriv.u.rsa.prime1.data = default_p; - rsaPriv.u.rsa.prime1.len = sizeof default_p; - rsaPriv.u.rsa.prime2.data = default_q; - rsaPriv.u.rsa.prime2.len = sizeof default_q; - rsaPriv.u.rsa.exponent1.data = default_dModP; - rsaPriv.u.rsa.exponent1.len = sizeof default_dModP; - rsaPriv.u.rsa.exponent2.data = default_dModQ; - rsaPriv.u.rsa.exponent2.len = sizeof default_dModQ; - rsaPriv.u.rsa.coefficient.data = default_qInvModP; - rsaPriv.u.rsa.coefficient.len = sizeof default_qInvModP; - } - return &rsaPriv; -} - -static struct NSSLOWKEYPublicKeyStr rsaPub; - -NSSLOWKEYPublicKey * -getDefaultRSAPublicKey(void) -{ - if (rsaPub.keyType != NSSLOWKEYRSAKey) { - - rsaPub.keyType = NSSLOWKEYRSAKey; - - rsaPub.u.rsa.modulus.data = default_n; - rsaPub.u.rsa.modulus.len = sizeof default_n; - - rsaPub.u.rsa.publicExponent.data = default_e; - rsaPub.u.rsa.publicExponent.len = sizeof default_e; - } - return &rsaPub; -} - -/* modPop = 536, privPop = 531, ex1Pop = 261, ex2Pop = 257 - * After 46 tries, found this key: - * Version: 0 (0x0) - * Modulus: - * c2:ae:96:89:af:ce:d0:7b:3b:35:fd:0f:b1:f4:7a:d1:3c:7d:b5: - * 86:f2:68:36:c9:97:e6:82:94:86:aa:05:39:ec:11:51:cc:5c:a1: - * 59:ba:29:18:f3:28:f1:9d:e3:ae:96:5d:6d:87:73:f6:f6:1f:d0: - * 2d:fb:2f:7a:13:7f:c8:0c:7a:e9:85:fb:ce:74:86:f8:ef:2f:85: - * 37:73:0f:62:4e:93:17:b7:7e:84:9a:94:11:05:ca:0d:31:4b:2a: - * c8:df:fe:e9:0c:13:c7:f2:ad:19:64:28:3c:b5:6a:c8:4b:79:ea: - * 7c:ce:75:92:45:3e:a3:9d:64:6f:04:69:19:17 - * Public Exponent: 65537 (0x10001) - * Private Exponent: - * 13:cb:bc:f2:f3:35:8c:6d:7b:6f:d9:f3:a6:9c:bd:80:59:2e:4f: - * 2f:11:a7:17:2b:18:8f:0f:e8:1a:69:5f:6e:ac:5a:76:7e:d9:4c: - * 6e:db:47:22:8a:57:37:7a:5e:94:7a:25:b5:e5:78:1d:3c:99:af: - * 89:7d:69:2e:78:9d:1d:84:c8:c1:d7:1a:b2:6d:2d:8a:d9:ab:6b: - * ce:ae:b0:a0:58:55:ad:5c:40:8a:d6:96:08:8a:e8:63:e6:3d:6c: - * 20:49:c7:af:0f:25:73:d3:69:43:3b:f2:32:f8:3d:5e:ee:7a:ca: - * d6:94:55:e5:bd:25:34:8d:63:40:b5:8a:c3:01 - * Prime 1: - * f6:3c:3f:56:58:4f:b3:82:0c:f0:5b:42:36:1c:93:de:9b:32:01: - * b1:48:f8:00:57:9b:c1:be:66:c2:bb:ea:7c:75:29:2c:22:aa:7c: - * af:bd:0d:3f:b0:64:97:f0:88:25:cb:8d:c7:19:0a:75:44:a4:5a: - * c3:b5:b9:85:ea:27:a7 - * Prime 2: - * ca:66:fa:18:6a:46:36:1c:46:fe:47:e9:7e:52:83:8a:bb:72:13: - * cc:83:56:3d:64:22:dd:fa:7c:61:99:ea:a4:b3:0e:8f:79:10:ab: - * ba:4a:73:d1:48:40:34:34:d3:d2:54:92:be:f5:c8:c4:60:5f:d3: - * f7:ce:be:60:3e:b1:11 - * Exponent 1: - * 8e:80:bf:87:11:04:cf:36:6c:96:8d:b9:fb:e6:fe:0c:ce:74:5a: - * 56:67:8c:5f:66:54:56:04:03:24:9f:ec:4c:aa:e1:71:11:7e:e9: - * 3a:2b:87:07:5c:e6:5a:a8:71:a2:ad:f3:17:4e:7e:a6:ef:5a:ce: - * cc:84:d7:21:91:29:f1 - * Exponent 2: - * 87:60:1d:02:db:82:1e:8b:07:48:e8:5c:59:eb:62:a4:15:ff:95: - * 12:82:fd:d9:8d:f2:6c:3a:2f:9b:30:51:6a:db:80:6f:a1:ef:ee: - * 8c:69:63:d1:a4:db:9c:8f:80:e5:fb:3f:33:8e:3d:3c:6b:a1:6c: - * ab:20:92:e0:d8:cd:a1 - * Coefficient: - * ce:cf:5a:ad:c4:8c:44:91:3a:bc:7b:f8:80:f8:53:f5:12:84:8c: - * 9c:6b:33:93:0d:a1:11:ea:fa:4a:c1:eb:48:dc:44:86:93:1b:98: - * c7:82:22:68:30:44:d7:62:1b:90:54:07:4b:66:a7:c5:75:5a:72: - * 77:92:dd:6c:f3:37:ab - */ - diff --git a/security/nss/cmd/rsaperf/manifest.mn b/security/nss/cmd/rsaperf/manifest.mn deleted file mode 100644 index 802a63815..000000000 --- a/security/nss/cmd/rsaperf/manifest.mn +++ /dev/null @@ -1,52 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1998-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -DEPTH = ../../.. -CORE_DEPTH = ../../.. - -# MODULE public and private header directories are implicitly REQUIRED. -MODULE = nss - -INCLUDES += -I$(CORE_DEPTH)/nss/lib/softoken - -# This next line is used by .mk files -# and gets translated into $LINCS in manifest.mnw -REQUIRES = dbm seccmd - -# DIRS = - -CSRCS = rsaperf.c defkey.c - -PROGRAM = rsaperf - -USE_STATIC_LIBS = 1 diff --git a/security/nss/cmd/rsaperf/rsaperf.c b/security/nss/cmd/rsaperf/rsaperf.c deleted file mode 100644 index 36927e718..000000000 --- a/security/nss/cmd/rsaperf/rsaperf.c +++ /dev/null @@ -1,402 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1998-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -#include "seccomon.h" -#include "cert.h" -#include "secutil.h" -#include "nspr.h" -#include "nss.h" -#include "blapi.h" -#include "plgetopt.h" -#include "lowkeyi.h" - - -#define MAX_RSA_MODULUS_BYTES (1024/8) -#define DEFAULT_ITERS 10 - -extern NSSLOWKEYPrivateKey * getDefaultRSAPrivateKey(void); -extern NSSLOWKEYPublicKey * getDefaultRSAPublicKey(void); - -typedef struct TimingContextStr TimingContext; - -struct TimingContextStr { - int64 start; - int64 end; - int64 interval; - - long days; - int hours; - int minutes; - int seconds; - int millisecs; -}; - -TimingContext *CreateTimingContext(void) { - return PR_Malloc(sizeof(TimingContext)); -} - -void DestroyTimingContext(TimingContext *ctx) { - PR_Free(ctx); -} - -void TimingBegin(TimingContext *ctx) { - ctx->start = PR_Now(); -} - -static void timingUpdate(TimingContext *ctx) { - int64 tmp, remaining; - int64 L1000,L60,L24; - - LL_I2L(L1000,1000); - LL_I2L(L60,60); - LL_I2L(L24,24); - - LL_DIV(remaining, ctx->interval, L1000); - LL_MOD(tmp, remaining, L1000); - LL_L2I(ctx->millisecs, tmp); - LL_DIV(remaining, remaining, L1000); - LL_MOD(tmp, remaining, L60); - LL_L2I(ctx->seconds, tmp); - LL_DIV(remaining, remaining, L60); - LL_MOD(tmp, remaining, L60); - LL_L2I(ctx->minutes, tmp); - LL_DIV(remaining, remaining, L60); - LL_MOD(tmp, remaining, L24); - LL_L2I(ctx->hours, tmp); - LL_DIV(remaining, remaining, L24); - LL_L2I(ctx->days, remaining); -} - -void TimingEnd(TimingContext *ctx) { - ctx->end = PR_Now(); - LL_SUB(ctx->interval, ctx->end, ctx->start); - PORT_Assert(LL_GE_ZERO(ctx->interval)); - timingUpdate(ctx); -} - -void TimingDivide(TimingContext *ctx, int divisor) { - int64 tmp; - - LL_I2L(tmp, divisor); - LL_DIV(ctx->interval, ctx->interval, tmp); - - timingUpdate(ctx); -} - -char *TimingGenerateString(TimingContext *ctx) { - char *buf = NULL; - - if (ctx->days != 0) { - buf = PR_sprintf_append(buf, "%d days", ctx->days); - } - if (ctx->hours != 0) { - if (buf != NULL) buf = PR_sprintf_append(buf, ", "); - buf = PR_sprintf_append(buf, "%d hours", ctx->hours); - } - if (ctx->minutes != 0) { - if (buf != NULL) buf = PR_sprintf_append(buf, ", "); - buf = PR_sprintf_append(buf, "%d minutes", ctx->minutes); - } - if (buf != NULL) buf = PR_sprintf_append(buf, ", and "); - if (!buf && ctx->seconds == 0) { - int interval; - LL_L2I(interval, ctx->interval); - if (ctx->millisecs < 100) - buf = PR_sprintf_append(buf, "%d microseconds", interval); - else - buf = PR_sprintf_append(buf, "%d milliseconds", ctx->millisecs); - } else if (ctx->millisecs == 0) { - buf = PR_sprintf_append(buf, "%d seconds", ctx->seconds); - } else { - buf = PR_sprintf_append(buf, "%d.%03d seconds", - ctx->seconds, ctx->millisecs); - } - return buf; -} - -void -Usage(char *progName) -{ - fprintf(stderr, "Usage: %s [-d certdir] [-i iterations] [-s | -e]" - " -n nickname\n", - progName); - fprintf(stderr, "%-20s Cert database directory (default is ~/.netscape)\n", - "-d certdir"); - fprintf(stderr, "%-20s How many operations to perform\n", "-i iterations"); - fprintf(stderr, "%-20s Perform signing (private key) operations\n", "-s"); - fprintf(stderr, "%-20s Perform encryption (public key) operations\n", "-e"); - fprintf(stderr, "%-20s Nickname of certificate or key\n", "-n nickname"); - exit(-1); -} - -void -printCount(int iterations) -{ - -} - - -static void -dumpBytes( unsigned char * b, int l) -{ - int i; - if (l <= 0) - return; - for (i = 0; i < l; ++i) { - if (i % 16 == 0) - printf("\t"); - printf(" %02x", b[i]); - if (i % 16 == 15) - printf("\n"); - } - if ((i % 16) != 0) - printf("\n"); -} - -static void -dumpItem( SECItem * item, const char * description) -{ - if (item->len & 1 && item->data[0] == 0) { - printf("%s: (%d bytes)\n", description, item->len - 1); - dumpBytes(item->data + 1, item->len - 1); - } else { - printf("%s: (%d bytes)\n", description, item->len); - dumpBytes(item->data, item->len); - } -} - -void -printPrivKey(NSSLOWKEYPrivateKey * privKey) -{ - RSAPrivateKey *rsa = &privKey->u.rsa; - - dumpItem( &rsa->modulus, "n"); - dumpItem( &rsa->publicExponent, "e"); - dumpItem( &rsa->privateExponent, "d"); - dumpItem( &rsa->prime1, "P"); - dumpItem( &rsa->prime2, "Q"); - dumpItem( &rsa->exponent1, "d % (P-1)"); - dumpItem( &rsa->exponent2, "d % (Q-1)"); - dumpItem( &rsa->coefficient, "(Q ** -1) % P"); - puts(""); -} - -void -printFnCounts(long doPrint) -{ - -} - -typedef SECStatus (* RSAOp)(void * key, - unsigned char * output, - unsigned char * input); - - -int -main(int argc, char **argv) -{ - TimingContext * timeCtx; - SECKEYPublicKey * pubHighKey; - NSSLOWKEYPrivateKey * privKey; - NSSLOWKEYPublicKey * pubKey; - CERTCertificate * cert; - char * progName; - char * secDir = NULL; - char * nickname = NULL; - RSAOp fn; - void * rsaKey; - PLOptState * optstate; - PLOptStatus optstatus; - long iters = DEFAULT_ITERS; - int i; - PRBool doPriv = PR_FALSE; - PRBool doPub = PR_FALSE; - int rv; - CERTCertDBHandle * certdb; - unsigned char buf[1024]; - unsigned char buf2[1024]; - - progName = strrchr(argv[0], '/'); - if (!progName) - progName = strrchr(argv[0], '\\'); - progName = progName ? progName+1 : argv[0]; - - optstate = PL_CreateOptState(argc, argv, "d:i:sen:"); - while ((optstatus = PL_GetNextOpt(optstate)) == PL_OPT_OK) { - switch (optstate->option) { - case '?': - Usage(progName); - break; - case 'd': - secDir = PORT_Strdup(optstate->value); - break; - case 'i': - iters = atol(optstate->value); - break; - case 's': - doPriv = PR_TRUE; - break; - case 'e': - doPub = PR_TRUE; - break; - case 'n': - nickname = PORT_Strdup(optstate->value); - break; - } - } - if (optstatus == PL_OPT_BAD) - Usage(progName); - - if ((doPriv && doPub) || (nickname == NULL)) Usage(progName); - - if (!doPriv && !doPub) doPriv = PR_TRUE; - - PR_Init( PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1); - - secDir = SECU_ConfigDirectory(secDir); - if (strcmp(nickname, "none")) { - rv = NSS_Init(secDir); - if (rv != SECSuccess) { - fprintf(stderr, "NSS_Init failed.\n"); - exit(1); - } - certdb = CERT_GetDefaultCertDB(); - } else { - rv = NSS_NoDB_Init(secDir); - if (rv != SECSuccess) { - fprintf(stderr, "NSS_NoDB_Init failed.\n"); - exit(1); - } - } -#if defined(SECU_GetPassword) - if (doPub) { - if (!strcmp(nickname, "none")) { - pubKey = getDefaultRSAPublicKey(); - } else { - cert = CERT_FindCertByNickname(certdb, nickname); - if (cert == NULL) { - fprintf(stderr, - "Can't find certificate by name \"%s\"\n", nickname); - exit(1); - } - pubHighKey = CERT_ExtractPublicKey(cert); - pubKey = SECU_ConvHighToLow(pubHighKey); - } - if (pubKey == NULL) { - fprintf(stderr, "Can't extract public key from certificate"); - exit(1); - } - fn = (RSAOp)RSA_PublicKeyOp; - rsaKey = (void *)(&pubKey->u.rsa); - } - - if (doPriv) { - - if (!strcmp(nickname, "none")) { - privKey = getDefaultRSAPrivateKey(); - } else { - cert = CERT_FindCertByNickname(certdb, nickname); - if (cert == NULL) { - fprintf(stderr, - "Can't find certificate by name \"%s\"\n", nickname); - exit(1); - } - - privKey = SECKEY_FindKeyByCert(keydb, cert, SECU_GetPassword, NULL); - } - if (privKey == NULL) { - fprintf(stderr, - "Can't find private key by name \"%s\"\n", nickname); - exit(1); - } - - fn = (RSAOp)RSA_PrivateKeyOp; - rsaKey = (void *)(&privKey->u.rsa); - } -#else - if (doPub) { - pubKey = getDefaultRSAPublicKey(); - fn = (RSAOp)RSA_PublicKeyOp; - rsaKey = (void *)(&pubKey->u.rsa); - } - if (doPriv) { - privKey = getDefaultRSAPrivateKey(); - fn = (RSAOp)RSA_PrivateKeyOp; - rsaKey = (void *)(&privKey->u.rsa); - } -#endif - - memset(buf, 1, sizeof buf); - rv = fn(rsaKey, buf2, buf); - if (rv != SECSuccess) { - PRErrorCode errNum; - const char * errStr = NULL; - - errNum = PR_GetError(); - if (errNum) - errStr = SECU_Strerror(errNum); - else - errNum = rv; - if (!errStr) - errStr = "(null)"; - fprintf(stderr, "Error in RSA operation: %d : %s\n", errNum, errStr); - exit(1); - } - -/* printf("START\n"); */ - - timeCtx = CreateTimingContext(); - TimingBegin(timeCtx); - i = iters; - while (i--) { - rv = fn(rsaKey, buf2, buf); - if (rv != SECSuccess) { - PRErrorCode errNum = PR_GetError(); - const char * errStr = SECU_Strerror(errNum); - fprintf(stderr, "Error in RSA operation: %d : %s\n", - errNum, errStr); - exit(1); - } - } - TimingEnd(timeCtx); - printf("%ld iterations in %s\n", - iters, TimingGenerateString(timeCtx)); - TimingDivide(timeCtx, iters); - printf("one operation every %s\n", TimingGenerateString(timeCtx)); - - if (NSS_Shutdown() != SECSuccess) { - exit(1); - } - - return 0; -} diff --git a/security/nss/cmd/samples/cert b/security/nss/cmd/samples/cert deleted file mode 100644 index 3f8ec48df..000000000 --- a/security/nss/cmd/samples/cert +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIB7TCCAVYCAgMaMA0GCSqGSIb3DQEBBAUAMEcxCzAJBgNVBAYTAlVTMRAwDgYD -VQQLEwdUZXN0IENBMSYwJAYDVQQKEx1OZXRzY2FwZSBDb21tdW5pY2F0aW9ucyBD -b3JwLjAeFw05NTEyMDgwMjQwMjdaFw05NjAzMDcwMjQwMjdaMDgxFjAUBgNVBAMT -DURhdmlkIGthcmx0b24xETAPBgNVBAoTCE5ldHNjYXBlMQswCQYDVQQGEwJVUzCB -nTANBgkqhkiG9w0BAQEFAAOBiwAwgYcCgYEAltV2TH+QxqlgfUFk+UyiYAjByxrC -dCSIa/FwRaPceLvE7ycD9L6AC4JA6k58E6ICsr/Y8TsXT4UmZhhLNc50VgSo8cGQ -lajqIDvntq8M1uCXiVOnXmIAqoB6E8GiqW+9evOkgkumMksSwXiXAhMM7vJt3IU6 -b+FwdF5cRs0u1FUCAQMwDQYJKoZIhvcNAQEEBQADgYEAkFdr3ypcvI2+Xgwfp7+d -YtN7w4UnQ7LR9FKmlnBauTVLmUtichn/O3WMT9cYTtZm5QQVRaE3qrGh0Nr6Ko1E -nIHowd36TN45zkFraWoATfCV/f+P37WaADp20l2ryEY0Jpe4gnoeZ0+/ffoxyajC -LZEJL6Dv2Ed83cebLjYxKsI= - ------END CERTIFICATE----- - diff --git a/security/nss/cmd/samples/cert0 b/security/nss/cmd/samples/cert0 Binary files differdeleted file mode 100644 index 05cdc8553..000000000 --- a/security/nss/cmd/samples/cert0 +++ /dev/null diff --git a/security/nss/cmd/samples/cert1 b/security/nss/cmd/samples/cert1 Binary files differdeleted file mode 100644 index 38a7d299a..000000000 --- a/security/nss/cmd/samples/cert1 +++ /dev/null diff --git a/security/nss/cmd/samples/cert2 b/security/nss/cmd/samples/cert2 Binary files differdeleted file mode 100644 index 147c3eb9e..000000000 --- a/security/nss/cmd/samples/cert2 +++ /dev/null diff --git a/security/nss/cmd/samples/pkcs7.ber b/security/nss/cmd/samples/pkcs7.ber Binary files differdeleted file mode 100644 index 6e3814c37..000000000 --- a/security/nss/cmd/samples/pkcs7.ber +++ /dev/null diff --git a/security/nss/cmd/samples/pkcs7bday.ber b/security/nss/cmd/samples/pkcs7bday.ber Binary files differdeleted file mode 100644 index 0ee6cfc13..000000000 --- a/security/nss/cmd/samples/pkcs7bday.ber +++ /dev/null diff --git a/security/nss/cmd/samples/pkcs7cnet.ber b/security/nss/cmd/samples/pkcs7cnet.ber Binary files differdeleted file mode 100644 index df2bb2dd1..000000000 --- a/security/nss/cmd/samples/pkcs7cnet.ber +++ /dev/null diff --git a/security/nss/cmd/samples/pkcs7news.ber b/security/nss/cmd/samples/pkcs7news.ber Binary files differdeleted file mode 100644 index c46a1786d..000000000 --- a/security/nss/cmd/samples/pkcs7news.ber +++ /dev/null diff --git a/security/nss/cmd/samples/x509v3.der b/security/nss/cmd/samples/x509v3.der Binary files differdeleted file mode 100644 index 1ada57c56..000000000 --- a/security/nss/cmd/samples/x509v3.der +++ /dev/null diff --git a/security/nss/cmd/samples/x509v3.txt b/security/nss/cmd/samples/x509v3.txt deleted file mode 100644 index dde307697..000000000 --- a/security/nss/cmd/samples/x509v3.txt +++ /dev/null @@ -1,10 +0,0 @@ -MIIByzCCAXWgAwIBAgIBADANBgkqhkiG9w0BAQQFADBLMQswCQYDVQQGEwJVUzEW -MBQGA1UEChMNVmVyaVNpZ24gSW5jLjEUMBIGA1UECxMLRW5naW5lZXJpbmcxDjAM -BgNVBAMTBUphc29uMB4XDTk1MDgwODA3MDAwMFoXDTk2MDgwNzA3MDAwMFowSzEL -MAkGA1UEBhMCVVMxFjAUBgNVBAoTDVZlcmlTaWduIEluYy4xFDASBgNVBAsTC0Vu -Z2luZWVyaW5nMQ4wDAYDVQQDEwVKYXNvbjBcMA0GCSqGSIb3DQEBAQUAA0sAMEgC -QQCvpXRU9t3NPFXvxJz2vuxX4zI55AA+xY1PsAEadhwWEMF2EnpG8woF4EGTwLdx -xrw3Eirzu5RAAhqegCN1aPVBAgMBAAGjRDBCMBQGA2FiYwEB/wQKZXh0ZW5zaW9u -MTAUBgNkZWYBAf8ECmV4dGVuc2lvbjIwFAYDZ2hpAQH/BApleHRlbnNpb24zMA0G -CSqGSIb3DQEBBAUAA0EAawLNWFSYMtywAqkSYJb1gejljqi9QAtLZIM2ui+RCTP2 -jEjW5bp4oU1RX2iBSfU+MdEZx9DpMNjqBLrgOy1Djw== diff --git a/security/nss/cmd/sdrtest/Makefile b/security/nss/cmd/sdrtest/Makefile deleted file mode 100644 index 490f738e5..000000000 --- a/security/nss/cmd/sdrtest/Makefile +++ /dev/null @@ -1,73 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - -include ../platlibs.mk - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - - -include ../platrules.mk diff --git a/security/nss/cmd/sdrtest/manifest.mn b/security/nss/cmd/sdrtest/manifest.mn deleted file mode 100644 index a8a08fed0..000000000 --- a/security/nss/cmd/sdrtest/manifest.mn +++ /dev/null @@ -1,54 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -CORE_DEPTH = ../../.. - -# MODULE public and private header directories are implicitly REQUIRED. -MODULE = nss - -CSRCS = \ - sdrtest.c \ - $(NULL) - -# headers for the MODULE (defined above) are implicitly required. -REQUIRES = dbm seccmd - -# WINNT uses EXTRA_LIBS as the list of libs to link in. -# Unix uses OS_LIBS for that purpose. -# We can solve this via conditional makefile code, but -# can't do this in manifest.mn because OS_ARCH isn't defined there. -# So, look in the local Makefile for the defines for the list of libs. - -PROGRAM = sdrtest - -#USE_STATIC_LIBS = 1 diff --git a/security/nss/cmd/sdrtest/sdrtest.c b/security/nss/cmd/sdrtest/sdrtest.c deleted file mode 100644 index d54e6b5fc..000000000 --- a/security/nss/cmd/sdrtest/sdrtest.c +++ /dev/null @@ -1,304 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -/* - * Test program for SDR (Secret Decoder Ring) functions. - * - * $Id$ - */ - -#include "nspr.h" -#include "string.h" -#include "nss.h" -#include "secutil.h" -#include "cert.h" -#include "pk11func.h" - -#include "plgetopt.h" -#include "pk11sdr.h" - -#define DEFAULT_VALUE "Test" - -static void -synopsis (char *program_name) -{ - PRFileDesc *pr_stderr; - - pr_stderr = PR_STDERR; - PR_fprintf (pr_stderr, "Usage:"); - PR_fprintf (pr_stderr, - "\t%s [-i <input-file>] [-o <output-file>] [-r <text>] [-d <dir>]\n", - program_name); -} - - -static void -short_usage (char *program_name) -{ - PR_fprintf (PR_STDERR, - "Type %s -H for more detailed descriptions\n", - program_name); - synopsis (program_name); -} - - -static void -long_usage (char *program_name) -{ - PRFileDesc *pr_stderr; - - pr_stderr = PR_STDERR; - synopsis (program_name); - PR_fprintf (pr_stderr, "\nSecret Decoder Test:\n"); - PR_fprintf (pr_stderr, - " %-13s Read encrypted data from \"file\"\n", - "-i file"); - PR_fprintf (pr_stderr, - " %-13s Write newly generated encrypted data to \"file\"\n", - "-o file"); - PR_fprintf (pr_stderr, - " %-13s Use \"text\" as the plaintext for encryption and verification\n", - "-t text"); - PR_fprintf (pr_stderr, - " %-13s Find security databases in \"dbdir\"\n", - "-d dbdir"); -} - -int -main (int argc, char **argv) -{ - int retval = 0; /* 0 - test succeeded. -1 - test failed */ - SECStatus rv; - PLOptState *optstate; - char *program_name; - const char *input_file = NULL; /* read encrypted data from here (or create) */ - const char *output_file = NULL; /* write new encrypted data here */ - const char *value = DEFAULT_VALUE; /* Use this for plaintext */ - SECItem data; - SECItem result; - SECItem text; - PRBool verbose = PR_FALSE; - - result.data = 0; - text.data = 0; text.len = 0; - - program_name = PL_strrchr(argv[0], '/'); - program_name = program_name ? (program_name + 1) : argv[0]; - - optstate = PL_CreateOptState (argc, argv, "Hd:i:o:t:v"); - if (optstate == NULL) { - SECU_PrintError (program_name, "PL_CreateOptState failed"); - return -1; - } - - while (PL_GetNextOpt (optstate) == PL_OPT_OK) { - switch (optstate->option) { - case '?': - short_usage (program_name); - return retval; - - case 'H': - long_usage (program_name); - return retval; - - case 'd': - SECU_ConfigDirectory(optstate->value); - break; - - case 'i': - input_file = optstate->value; - break; - - case 'o': - output_file = optstate->value; - break; - - case 't': - value = optstate->value; - break; - - case 'v': - verbose = PR_TRUE; - break; - } - } - - /* - * Initialize the Security libraries. - */ - PK11_SetPasswordFunc(SECU_GetModulePassword); - - if (output_file) { - rv = NSS_InitReadWrite(SECU_ConfigDirectory(NULL)); - } else { - rv = NSS_Init(SECU_ConfigDirectory(NULL)); - } - if (rv != SECSuccess) { - retval = -1; - goto prdone; - } - - /* Convert value into an item */ - data.data = (unsigned char *)value; - data.len = strlen(value); - - /* Get the encrypted result, either from the input file - * or from encrypting the plaintext value - */ - if (input_file) - { - PRFileDesc *file /* = PR_OpenFile(input_file, 0) */; - PRFileInfo info; - PRStatus s; - PRInt32 count; - - if (verbose) printf("Reading data from %s\n", input_file); - - file = PR_Open(input_file, PR_RDONLY, 0); - if (!file) { - if (verbose) printf("Open of file failed\n"); - retval = -1; - goto loser; - } - - s = PR_GetOpenFileInfo(file, &info); - if (s != PR_SUCCESS) { - if (verbose) printf("File info operation failed\n"); - retval = -1; - goto file_loser; - } - - result.len = info.size; - result.data = (unsigned char *)malloc(result.len); - if (!result.data) { - if (verbose) printf("Allocation of buffer failed\n"); - retval = -1; - goto file_loser; - } - - count = PR_Read(file, result.data, result.len); - if (count != result.len) { - if (verbose) printf("Read failed\n"); - retval = -1; - goto file_loser; - } - -file_loser: - PR_Close(file); - if (retval != 0) goto loser; - } - else - { - SECItem keyid = { 0, 0, 0 }; - PK11SlotInfo *slot = NULL; - - /* sigh, initialize the key database */ - slot = PK11_GetInternalKeySlot(); - if (slot && PK11_NeedUserInit(slot)) { - rv = SECU_ChangePW(slot, "", 0); - if (rv != SECSuccess) { - SECU_PrintError(program_name, "Failed to initialize slot \"%s\"", - PK11_GetSlotName(slot)); - return SECFailure; - } - } - if (slot) { - PK11_FreeSlot(slot); - } - - rv = PK11SDR_Encrypt(&keyid, &data, &result, 0); - if (rv != SECSuccess) { - if (verbose) printf("Encrypt operation failed\n"); - retval = -1; - goto loser; - } - - if (verbose) printf("Encrypted result is %d bytes long\n", result.len); - - /* -v printf("Result is %.*s\n", text.len, text.data); */ - if (output_file) - { - PRFileDesc *file; - PRInt32 count; - - if (verbose) printf("Writing result to %s\n", output_file); - - /* Write to file */ - file = PR_Open(output_file, PR_CREATE_FILE|PR_WRONLY, 0666); - if (!file) { - if (verbose) printf("Open of output file failed\n"); - retval = -1; - goto loser; - } - - count = PR_Write(file, result.data, result.len); - - PR_Close(file); - - if (count != result.len) { - if (verbose) printf("Write failed\n"); - retval = -1; - goto loser; - } - } - } - - /* Decrypt the value */ - rv = PK11SDR_Decrypt(&result, &text, 0); - if (rv != SECSuccess) { - if (verbose) printf("Decrypt operation failed\n"); - retval = -1; - goto loser; - } - - if (verbose) printf("Decrypted result is %.*s\n", text.len, text.data); - - /* Compare to required value */ - if (text.len != data.len || memcmp(data.data, text.data, text.len) != 0) - { - if (verbose) printf("Comparison failed\n"); - retval = -1; - goto loser; - } - -loser: - if (text.data) free(text.data); - if (result.data) free(result.data); - if (NSS_Shutdown() != SECSuccess) { - exit(1); - } - -prdone: - PR_Cleanup (); - return retval; -} diff --git a/security/nss/cmd/selfserv/Makefile b/security/nss/cmd/selfserv/Makefile deleted file mode 100644 index f2a407990..000000000 --- a/security/nss/cmd/selfserv/Makefile +++ /dev/null @@ -1,74 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### -include ../platlibs.mk - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - - -include ../platrules.mk - diff --git a/security/nss/cmd/selfserv/makefile.win b/security/nss/cmd/selfserv/makefile.win deleted file mode 100644 index 8fda0b906..000000000 --- a/security/nss/cmd/selfserv/makefile.win +++ /dev/null @@ -1,136 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -VERBOSE = 1 -include <manifest.mn> - -#cannot define PROGRAM in manifest compatibly with NT and UNIX -PROGRAM = selfserv -PROGRAM = ./$(OBJDIR)/$(PROGRAM).exe -include <$(DEPTH)\config\config.mak> - -# let manifest generate C_OBJS, it will prepend ./$(OBJDIR)/ -# rules.mak will append C_OBJS onto OBJS. -# OBJS = $(CSRCS:.c=.obj) - -# include files are looked for in $LINCS and $INCS. -# $LINCS is in manifest.mnw, computed from REQUIRES= -INCS = $(INCS) \ - -I$(DEPTH)/security/lib/cert \ - -I../include \ - $(NULL) - -IGNORE_ME = \ - -I$(DEPTH)/security/lib/key \ - -I$(DEPTH)/security/lib/util \ - $(NULL) - - -WINFE = $(DEPTH)/cmd/winfe/mkfiles$(MOZ_BITS)/x86Dbg - -# these files are the content of libdbm -DBM_LIB = \ - $(WINFE)/DB.obj \ - $(WINFE)/HASH.obj \ - $(WINFE)/H_BIGKEY.obj \ - $(WINFE)/H_PAGE.obj \ - $(WINFE)/H_LOG2.obj \ - $(WINFE)/H_FUNC.obj \ - $(WINFE)/HASH_BUF.obj \ - $(NULL) - -MOZ_LIBS = \ - $(WINFE)/ALLXPSTR.obj \ - $(WINFE)/XP_ERROR.obj \ - $(WINFE)/XPASSERT.obj \ - $(WINFE)/XP_REG.obj \ - $(WINFE)/XP_TRACE.obj \ - $(DBM_LIB) \ - $(WINFE)/XP_STR.obj \ - $(WINFE)/MKTEMP.obj \ - $(NULL) - -IGNORE_ME2 = \ - $(WINFE)/feutil.obj \ - $(WINFE)/fenet.obj \ - $(WINFE)/fegui.obj \ - $(NULL) - -SEC_LIBS = \ - $(DIST)/lib/cert$(MOZ_BITS).lib \ - $(DIST)/lib/crypto$(MOZ_BITS).lib \ - $(DIST)/lib/hash$(MOZ_BITS).lib \ - $(DIST)/lib/key$(MOZ_BITS).lib \ - $(DIST)/lib/pkcs7$(MOZ_BITS).lib \ - $(DIST)/lib/secmod$(MOZ_BITS).lib \ - $(DIST)/lib/secutl$(MOZ_BITS).lib \ - $(DIST)/lib/ssl$(MOZ_BITS).lib \ - $(NULL) - -LLFLAGS = $(LLFLAGS) \ - $(SEC_LIBS) \ - ../lib/$(OBJDIR)/sectool$(MOZ_BITS).lib \ - $(MOZ_LIBS) \ - $(DEPTH)/nspr/src/$(OBJDIR)/getopt.obj \ - $(LIBNSPR) \ - $(NULL) - - -include <$(DEPTH)\config\rules.mak> - -INSTALL = $(MAKE_INSTALL) - -objs: $(OBJS) - -$(PROGRAM):: - $(INSTALL) $(DIST)/bin/pr3240.dll ./$(OBJDIR) - -programs: $(PROGRAM) - -install:: $(TARGETS) - $(INSTALL) $(TARGETS) $(DIST)/bin - - -symbols: - @echo "CSRCS = $(CSRCS)" - @echo "INCS = $(INCS)" - @echo "OBJS = $(OBJS)" - @echo "LIBRARY = $(LIBRARY)" - @echo "PROGRAM = $(PROGRAM)" - @echo "TARGETS = $(TARGETS)" - @echo "DIST = $(DIST)" - @echo "VERSION_NUMBER = $(VERSION_NUMBER)" - @echo "WINFE = $(WINFE)" - @echo "DBM_LIB = $(DBM_LIB)" - @echo "INSTALL = $(INSTALL)" - diff --git a/security/nss/cmd/selfserv/manifest.mn b/security/nss/cmd/selfserv/manifest.mn deleted file mode 100644 index 96201f8e6..000000000 --- a/security/nss/cmd/selfserv/manifest.mn +++ /dev/null @@ -1,52 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -CORE_DEPTH = ../../.. - -DEFINES += -DNSPR20 - -# MODULE public and private header directories are implicitly REQUIRED. -MODULE = nss - -CSRCS = selfserv.c - -# The MODULE is always implicitly required. -# Listing it here in REQUIRES makes it appear twice in the cc command line. -REQUIRES = seccmd dbm - -PROGRAM = selfserv - -ifdef NSS_ENABLE_ECC -DEFINES += -DNSS_ENABLE_ECC -endif - diff --git a/security/nss/cmd/selfserv/selfserv.c b/security/nss/cmd/selfserv/selfserv.c deleted file mode 100644 index f223c71c6..000000000 --- a/security/nss/cmd/selfserv/selfserv.c +++ /dev/null @@ -1,1812 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Portions created by Sun Microsystems, Inc. are Copyright (C) 2003 - * Sun Microsystems, Inc. All Rights Reserved. - * - * Contributor(s): - * Dr Vipul Gupta <vipul.gupta@sun.com>, Sun Microsystems Laboratories - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -/* -r flag is interepreted as follows: - * 1 -r means request, not require, on initial handshake. - * 2 -r's mean request and require, on initial handshake. - * 3 -r's mean request, not require, on second handshake. - * 4 -r's mean request and require, on second handshake. - */ -#include <stdio.h> -#include <string.h> - -#include "secutil.h" - -#if defined(XP_UNIX) -#include <unistd.h> -#endif - -#if defined(_WINDOWS) -#include <process.h> /* for getpid() */ -#endif - -#ifdef XP_OS2_VACPP -#include <Process.h> /* for getpid() */ -#endif - -#include <stdlib.h> -#include <errno.h> -#include <fcntl.h> -#include <stdarg.h> - -#include "nspr.h" -#include "prio.h" -#include "prerror.h" -#include "prnetdb.h" -#include "prclist.h" -#include "plgetopt.h" -#include "pk11func.h" -#include "secitem.h" -#include "nss.h" -#include "ssl.h" -#include "sslproto.h" - -#ifndef PORT_Sprintf -#define PORT_Sprintf sprintf -#endif - -#ifndef PORT_Strstr -#define PORT_Strstr strstr -#endif - -#ifndef PORT_Malloc -#define PORT_Malloc PR_Malloc -#endif - -#define NUM_SID_CACHE_ENTRIES 1024 - -static int handle_connection( PRFileDesc *, PRFileDesc *, int ); - -static const char envVarName[] = { SSL_ENV_VAR_NAME }; -static const char inheritableSockName[] = { "SELFSERV_LISTEN_SOCKET" }; - -static PRBool logStats = PR_FALSE; -static int logPeriod = 30; -static PRUint32 loggerOps = 0; - -const int ssl2CipherSuites[] = { - SSL_EN_RC4_128_WITH_MD5, /* A */ - SSL_EN_RC4_128_EXPORT40_WITH_MD5, /* B */ - SSL_EN_RC2_128_CBC_WITH_MD5, /* C */ - SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5, /* D */ - SSL_EN_DES_64_CBC_WITH_MD5, /* E */ - SSL_EN_DES_192_EDE3_CBC_WITH_MD5, /* F */ -#ifdef NSS_ENABLE_ECC - /* NOTE: Since no new SSL2 ciphersuites are being - * invented, and we've run out of lowercase letters - * for SSL3 ciphers, we use letters G and beyond - * for new SSL3 ciphers. A -1 indicates the cipher - * is not currently implemented. - */ - TLS_ECDH_ECDSA_WITH_NULL_SHA, /* G */ - TLS_ECDH_ECDSA_WITH_RC4_128_SHA, /* H */ - TLS_ECDH_ECDSA_WITH_DES_CBC_SHA, /* I */ - TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, /* J */ - TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, /* K */ - TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, /* L */ - TLS_ECDH_RSA_WITH_NULL_SHA, /* M */ - TLS_ECDH_RSA_WITH_RC4_128_SHA, /* N */ - TLS_ECDH_RSA_WITH_DES_CBC_SHA, /* O */ - TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, /* P */ - TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, /* Q */ - TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, /* R */ - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, /* S */ - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, /* T */ -#endif /* NSS_ENABLE_ECC */ - 0 -}; - -const int ssl3CipherSuites[] = { - SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA, /* a */ - SSL_FORTEZZA_DMS_WITH_RC4_128_SHA, /* b */ - SSL_RSA_WITH_RC4_128_MD5, /* c */ - SSL_RSA_WITH_3DES_EDE_CBC_SHA, /* d */ - SSL_RSA_WITH_DES_CBC_SHA, /* e */ - SSL_RSA_EXPORT_WITH_RC4_40_MD5, /* f */ - SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, /* g */ - SSL_FORTEZZA_DMS_WITH_NULL_SHA, /* h */ - SSL_RSA_WITH_NULL_MD5, /* i */ - SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, /* j */ - SSL_RSA_FIPS_WITH_DES_CBC_SHA, /* k */ - TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, /* l */ - TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, /* m */ - SSL_RSA_WITH_RC4_128_SHA, /* n */ - -1, /* TLS_DHE_DSS_WITH_RC4_128_SHA, * o */ - -1, /* SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, * p */ - -1, /* SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, * q */ - -1, /* SSL_DHE_RSA_WITH_DES_CBC_SHA, * r */ - -1, /* SSL_DHE_DSS_WITH_DES_CBC_SHA, * s */ - -1, /* TLS_DHE_DSS_WITH_AES_128_CBC_SHA, * t */ - -1, /* TLS_DHE_RSA_WITH_AES_128_CBC_SHA, * u */ - TLS_RSA_WITH_AES_128_CBC_SHA, /* v */ - -1, /* TLS_DHE_DSS_WITH_AES_256_CBC_SHA, * w */ - -1, /* TLS_DHE_RSA_WITH_AES_256_CBC_SHA, * x */ - TLS_RSA_WITH_AES_256_CBC_SHA, /* y */ - SSL_RSA_WITH_NULL_SHA, /* z */ - 0 -}; - -/* data and structures for shutdown */ -static int stopping; - -static PRBool noDelay; -static int requestCert; -static int verbose; -static SECItem bigBuf; - -static PRThread * acceptorThread; - -static PRLogModuleInfo *lm; - -/* Add custom password handler because SECU_GetModulePassword - * makes automation of this program next to impossible. - */ - -char * -ownPasswd(PK11SlotInfo *info, PRBool retry, void *arg) -{ - char * passwd = NULL; - - if ( (!retry) && arg ) { - passwd = PL_strdup((char *)arg); - } - - return passwd; -} - -#define PRINTF if (verbose) printf -#define FPRINTF if (verbose) fprintf -#define FLUSH if (verbose) { fflush(stdout); fflush(stderr); } -#define VLOG(arg) PR_LOG(lm,PR_LOG_DEBUG,arg) - -static void -Usage(const char *progName) -{ - fprintf(stderr, - -"Usage: %s -n rsa_nickname -p port [-3DNRTbmrvx] [-w password] [-t threads]\n" -#ifdef NSS_ENABLE_ECC -" [-i pid_file] [-c ciphers] [-d dbdir] [-e ec_nickname] \n" -" [-f fortezza_nickname] [-L [seconds]] [-M maxProcs] [-l]\n" -#else -" [-i pid_file] [-c ciphers] [-d dbdir] [-f fortezza_nickname] \n" -" [-L [seconds]] [-M maxProcs] [-l]\n" -#endif /* NSS_ENABLE_ECC */ -"-3 means disable SSL v3\n" -"-D means disable Nagle delays in TCP\n" -"-T means disable TLS\n" -"-R means disable detection of rollback from TLS to SSL3\n" -"-b means try binding to the port and exit\n" -"-m means test the model-socket feature of SSL_ImportFD.\n" -"-r flag is interepreted as follows:\n" -" 1 -r means request, not require, cert on initial handshake.\n" -" 2 -r's mean request and require, cert on initial handshake.\n" -" 3 -r's mean request, not require, cert on second handshake.\n" -" 4 -r's mean request and require, cert on second handshake.\n" -"-v means verbose output\n" -"-x means use export policy.\n" -"-L seconds means log statistics every 'seconds' seconds (default=30).\n" -"-M maxProcs tells how many processes to run in a multi-process server\n" -"-N means do NOT use the server session cache. Incompatible with -M.\n" -"-t threads -- specify the number of threads to use for connections.\n" -"-i pid_file file to write the process id of selfserve\n" -"-c ciphers Letter(s) chosen from the following list\n" -"-l means use local threads instead of global threads\n" -"A SSL2 RC4 128 WITH MD5\n" -"B SSL2 RC4 128 EXPORT40 WITH MD5\n" -"C SSL2 RC2 128 CBC WITH MD5\n" -"D SSL2 RC2 128 CBC EXPORT40 WITH MD5\n" -"E SSL2 DES 64 CBC WITH MD5\n" -"F SSL2 DES 192 EDE3 CBC WITH MD5\n" -#ifdef NSS_ENABLE_ECC -"G TLS ECDH ECDSA WITH NULL SHA\n" -"H TLS ECDH ECDSA WITH RC4 128 SHA\n" -"I TLS ECDH ECDSA WITH DES CBC SHA\n" -"J TLS ECDH ECDSA WITH 3DES EDE CBC SHA\n" -"K TLS ECDH ECDSA WITH AES 128 CBC SHA\n" -"L TLS ECDH ECDSA WITH AES 256 CBC SHA\n" -"M TLS ECDH RSA WITH NULL SHA\n" -"N TLS ECDH RSA WITH RC4 128 SHA\n" -"O TLS ECDH RSA WITH DES CBC SHA\n" -"P TLS ECDH RSA WITH 3DES EDE CBC SHA\n" -"Q TLS ECDH RSA WITH AES 128 CBC SHA\n" -"R TLS ECDH RSA WITH AES 256 CBC SHA\n" -"S TLS ECDHE ECDSA WITH AES 128 CBC SHA\n" -"T TLS ECDHE RSA WITH AES 128 CBC SHA\n" -#endif /* NSS_ENABLE_ECC */ -"\n" -"a SSL3 FORTEZZA DMS WITH FORTEZZA CBC SHA\n" -"b SSL3 FORTEZZA DMS WITH RC4 128 SHA\n" -"c SSL3 RSA WITH RC4 128 MD5\n" -"d SSL3 RSA WITH 3DES EDE CBC SHA\n" -"e SSL3 RSA WITH DES CBC SHA\n" -"f SSL3 RSA EXPORT WITH RC4 40 MD5\n" -"g SSL3 RSA EXPORT WITH RC2 CBC 40 MD5\n" -"h SSL3 FORTEZZA DMS WITH NULL SHA\n" -"i SSL3 RSA WITH NULL MD5\n" -"j SSL3 RSA FIPS WITH 3DES EDE CBC SHA\n" -"k SSL3 RSA FIPS WITH DES CBC SHA\n" -"l SSL3 RSA EXPORT WITH DES CBC SHA\t(new)\n" -"m SSL3 RSA EXPORT WITH RC4 56 SHA\t(new)\n" -"n SSL3 RSA WITH RC4 128 SHA\n" -"v SSL3 RSA WITH AES 128 CBC SHA\n" -"y SSL3 RSA WITH AES 256 CBC SHA\n" -"z SSL3 RSA WITH NULL SHA\n" - ,progName); -} - -static const char * -errWarn(char * funcString) -{ - PRErrorCode perr = PR_GetError(); - const char * errString = SECU_Strerror(perr); - - fprintf(stderr, "selfserv: %s returned error %d:\n%s\n", - funcString, perr, errString); - return errString; -} - -static void -errExit(char * funcString) -{ - errWarn(funcString); - exit(3); -} - - -/************************************************************************** -** -** Routines for disabling SSL ciphers. -** -**************************************************************************/ - -void -disableAllSSLCiphers(void) -{ - const PRUint16 *cipherSuites = SSL_ImplementedCiphers; - int i = SSL_NumImplementedCiphers; - SECStatus rv; - - /* disable all the SSL3 cipher suites */ - while (--i >= 0) { - PRUint16 suite = cipherSuites[i]; - rv = SSL_CipherPrefSetDefault(suite, PR_FALSE); - if (rv != SECSuccess) { - printf("SSL_CipherPrefSetDefault didn't like value 0x%04x (i = %d)\n", - suite, i); - errWarn("SSL_CipherPrefSetDefault"); - exit(2); - } - } -} - -static SECStatus -mySSLAuthCertificate(void *arg, PRFileDesc *fd, PRBool checkSig, - PRBool isServer) -{ - SECStatus rv; - CERTCertificate * peerCert; - - peerCert = SSL_PeerCertificate(fd); - - PRINTF("selfserv: Subject: %s\nselfserv: Issuer : %s\n", - peerCert->subjectName, peerCert->issuerName); - - rv = SSL_AuthCertificate(arg, fd, checkSig, isServer); - - if (rv == SECSuccess) { - PRINTF("selfserv: -- SSL3: Certificate Validated.\n"); - } else { - int err = PR_GetError(); - FPRINTF(stderr, "selfserv: -- SSL3: Certificate Invalid, err %d.\n%s\n", - err, SECU_Strerror(err)); - } - CERT_DestroyCertificate(peerCert); - FLUSH; - return rv; -} - -void -printSecurityInfo(PRFileDesc *fd) -{ - CERTCertificate * cert = NULL; - SSL3Statistics * ssl3stats = SSL_GetStatistics(); - SECStatus result; - SSLChannelInfo channel; - SSLCipherSuiteInfo suite; - - PRINTF( - "selfserv: %ld cache hits; %ld cache misses, %ld cache not reusable\n", - ssl3stats->hch_sid_cache_hits, ssl3stats->hch_sid_cache_misses, - ssl3stats->hch_sid_cache_not_ok); - - result = SSL_GetChannelInfo(fd, &channel, sizeof channel); - if (result == SECSuccess && - channel.length == sizeof channel && - channel.cipherSuite) { - result = SSL_GetCipherSuiteInfo(channel.cipherSuite, - &suite, sizeof suite); - if (result == SECSuccess) { - FPRINTF(stderr, - "selfserv: SSL version %d.%d using %d-bit %s with %d-bit %s MAC\n", - channel.protocolVersion >> 8, channel.protocolVersion & 0xff, - suite.effectiveKeyBits, suite.symCipherName, - suite.macBits, suite.macAlgorithmName); - FPRINTF(stderr, - "selfserv: Server Auth: %d-bit %s, Key Exchange: %d-bit %s\n", - channel.authKeyBits, suite.authAlgorithmName, - channel.keaKeyBits, suite.keaTypeName); - } - } - if (requestCert) - cert = SSL_PeerCertificate(fd); - else - cert = SSL_LocalCertificate(fd); - if (cert) { - char * ip = CERT_NameToAscii(&cert->issuer); - char * sp = CERT_NameToAscii(&cert->subject); - if (sp) { - FPRINTF(stderr, "selfserv: subject DN: %s\n", sp); - PORT_Free(sp); - } - if (ip) { - FPRINTF(stderr, "selfserv: issuer DN: %s\n", ip); - PORT_Free(ip); - } - CERT_DestroyCertificate(cert); - cert = NULL; - } - FLUSH; -} - -static int MakeCertOK; - -static SECStatus -myBadCertHandler( void *arg, PRFileDesc *fd) -{ - int err = PR_GetError(); - if (!MakeCertOK) - fprintf(stderr, - "selfserv: -- SSL: Client Certificate Invalid, err %d.\n%s\n", - err, SECU_Strerror(err)); - return (MakeCertOK ? SECSuccess : SECFailure); -} - -/************************************************************************** -** Begin thread management routines and data. -**************************************************************************/ -#define MIN_THREADS 3 -#define DEFAULT_THREADS 8 -#define MAX_THREADS 128 -#define MAX_PROCS 25 -static int maxThreads = DEFAULT_THREADS; - - -typedef struct jobStr { - PRCList link; - PRFileDesc *tcp_sock; - PRFileDesc *model_sock; - int requestCert; -} JOB; - -static PZLock * qLock; /* this lock protects all data immediately below */ -static PZCondVar * jobQNotEmptyCv; -static PZCondVar * freeListNotEmptyCv; -static PZCondVar * threadCountChangeCv; -static int threadCount; -static PRCList jobQ; -static PRCList freeJobs; -static JOB *jobTable; - -SECStatus -setupJobs(int maxJobs) -{ - int i; - - jobTable = (JOB *)PR_Calloc(maxJobs, sizeof(JOB)); - if (!jobTable) - return SECFailure; - - PR_INIT_CLIST(&jobQ); - PR_INIT_CLIST(&freeJobs); - - for (i = 0; i < maxJobs; ++i) { - JOB * pJob = jobTable + i; - PR_APPEND_LINK(&pJob->link, &freeJobs); - } - return SECSuccess; -} - -typedef int startFn(PRFileDesc *a, PRFileDesc *b, int c); - -typedef enum { rs_idle = 0, rs_running = 1, rs_zombie = 2 } runState; - -typedef struct perThreadStr { - PRFileDesc *a; - PRFileDesc *b; - int c; - int rv; - startFn * startFunc; - PRThread * prThread; - runState state; -} perThread; - -static perThread *threads; - -void -thread_wrapper(void * arg) -{ - perThread * slot = (perThread *)arg; - - slot->rv = (* slot->startFunc)(slot->a, slot->b, slot->c); - - /* notify the thread exit handler. */ - PZ_Lock(qLock); - slot->state = rs_zombie; - --threadCount; - PZ_NotifyAllCondVar(threadCountChangeCv); - PZ_Unlock(qLock); -} - -int -jobLoop(PRFileDesc *a, PRFileDesc *b, int c) -{ - PRCList * myLink = 0; - JOB * myJob; - - PZ_Lock(qLock); - do { - myLink = 0; - while (PR_CLIST_IS_EMPTY(&jobQ) && !stopping) { - PZ_WaitCondVar(jobQNotEmptyCv, PR_INTERVAL_NO_TIMEOUT); - } - if (!PR_CLIST_IS_EMPTY(&jobQ)) { - myLink = PR_LIST_HEAD(&jobQ); - PR_REMOVE_AND_INIT_LINK(myLink); - } - PZ_Unlock(qLock); - myJob = (JOB *)myLink; - /* myJob will be null when stopping is true and jobQ is empty */ - if (!myJob) - break; - handle_connection( myJob->tcp_sock, myJob->model_sock, - myJob->requestCert); - PZ_Lock(qLock); - PR_APPEND_LINK(myLink, &freeJobs); - PZ_NotifyCondVar(freeListNotEmptyCv); - } while (PR_TRUE); - return 0; -} - - -SECStatus -launch_threads( - startFn *startFunc, - PRFileDesc *a, - PRFileDesc *b, - int c, - PRBool local) -{ - int i; - SECStatus rv = SECSuccess; - - /* create the thread management serialization structs */ - qLock = PZ_NewLock(nssILockSelfServ); - jobQNotEmptyCv = PZ_NewCondVar(qLock); - freeListNotEmptyCv = PZ_NewCondVar(qLock); - threadCountChangeCv = PZ_NewCondVar(qLock); - - /* allocate the array of thread slots */ - threads = PR_Calloc(maxThreads, sizeof(perThread)); - if ( NULL == threads ) { - fprintf(stderr, "Oh Drat! Can't allocate the perThread array\n"); - return SECFailure; - } - /* 5 is a little extra, intended to keep the jobQ from underflowing. - ** That is, from going empty while not stopping and clients are still - ** trying to contact us. - */ - rv = setupJobs(maxThreads + 5); - if (rv != SECSuccess) - return rv; - - PZ_Lock(qLock); - for (i = 0; i < maxThreads; ++i) { - perThread * slot = threads + i; - - slot->state = rs_running; - slot->a = a; - slot->b = b; - slot->c = c; - slot->startFunc = startFunc; - slot->prThread = PR_CreateThread(PR_USER_THREAD, - thread_wrapper, slot, PR_PRIORITY_NORMAL, - (PR_TRUE==local)?PR_LOCAL_THREAD:PR_GLOBAL_THREAD, - PR_UNJOINABLE_THREAD, 0); - if (slot->prThread == NULL) { - printf("selfserv: Failed to launch thread!\n"); - slot->state = rs_idle; - rv = SECFailure; - break; - } - - ++threadCount; - } - PZ_Unlock(qLock); - - return rv; -} - -#define DESTROY_CONDVAR(name) if (name) { \ - PZ_DestroyCondVar(name); name = NULL; } -#define DESTROY_LOCK(name) if (name) { \ - PZ_DestroyLock(name); name = NULL; } - - -void -terminateWorkerThreads(void) -{ - VLOG(("selfserv: server_thead: waiting on stopping")); - PZ_Lock(qLock); - PZ_NotifyAllCondVar(jobQNotEmptyCv); - while (threadCount > 0) { - PZ_WaitCondVar(threadCountChangeCv, PR_INTERVAL_NO_TIMEOUT); - } - PZ_Unlock(qLock); - - DESTROY_CONDVAR(jobQNotEmptyCv); - DESTROY_CONDVAR(freeListNotEmptyCv); - DESTROY_CONDVAR(threadCountChangeCv); - - DESTROY_LOCK(qLock); - PR_Free(jobTable); - PR_Free(threads); -} - -static void -logger(void *arg) -{ - PRFloat64 seconds; - PRFloat64 opsPerSec; - PRIntervalTime period; - PRIntervalTime previousTime; - PRIntervalTime latestTime; - PRUint32 previousOps; - PRUint32 ops; - PRIntervalTime logPeriodTicks = PR_SecondsToInterval(logPeriod); - PRFloat64 secondsPerTick = 1.0 / (PRFloat64)PR_TicksPerSecond(); - - previousOps = loggerOps; - previousTime = PR_IntervalNow(); - - for (;;) { - PR_Sleep(logPeriodTicks); - latestTime = PR_IntervalNow(); - ops = loggerOps; - period = latestTime - previousTime; - seconds = (PRFloat64) period*secondsPerTick; - opsPerSec = (ops - previousOps) / seconds; - printf("%.2f ops/second, %d threads\n", opsPerSec, threadCount); - fflush(stdout); - previousOps = ops; - previousTime = latestTime; - } -} - - -/************************************************************************** -** End thread management routines. -**************************************************************************/ - -PRBool useModelSocket = PR_FALSE; -PRBool disableSSL3 = PR_FALSE; -PRBool disableTLS = PR_FALSE; -PRBool disableRollBack = PR_FALSE; -PRBool NoReuse = PR_FALSE; -PRBool hasSidCache = PR_FALSE; - -static const char stopCmd[] = { "GET /stop " }; -static const char getCmd[] = { "GET " }; -static const char EOFmsg[] = { "EOF\r\n\r\n\r\n" }; -static const char outHeader[] = { - "HTTP/1.0 200 OK\r\n" - "Server: Generic Web Server\r\n" - "Date: Tue, 26 Aug 1997 22:10:05 GMT\r\n" - "Content-type: text/plain\r\n" - "\r\n" -}; - -#ifdef FULL_DUPLEX_CAPABLE - -struct lockedVarsStr { - PZLock * lock; - int count; - int waiters; - PZCondVar * condVar; -}; - -typedef struct lockedVarsStr lockedVars; - -void -lockedVars_Init( lockedVars * lv) -{ - lv->count = 0; - lv->waiters = 0; - lv->lock = PZ_NewLock(nssILockSelfServ); - lv->condVar = PZ_NewCondVar(lv->lock); -} - -void -lockedVars_Destroy( lockedVars * lv) -{ - PZ_DestroyCondVar(lv->condVar); - lv->condVar = NULL; - - PZ_DestroyLock(lv->lock); - lv->lock = NULL; -} - -void -lockedVars_WaitForDone(lockedVars * lv) -{ - PZ_Lock(lv->lock); - while (lv->count > 0) { - PZ_WaitCondVar(lv->condVar, PR_INTERVAL_NO_TIMEOUT); - } - PZ_Unlock(lv->lock); -} - -int /* returns count */ -lockedVars_AddToCount(lockedVars * lv, int addend) -{ - int rv; - - PZ_Lock(lv->lock); - rv = lv->count += addend; - if (rv <= 0) { - PZ_NotifyCondVar(lv->condVar); - } - PZ_Unlock(lv->lock); - return rv; -} - -int -do_writes( - PRFileDesc * ssl_sock, - PRFileDesc * model_sock, - int requestCert - ) -{ - int sent = 0; - int count = 0; - lockedVars * lv = (lockedVars *)model_sock; - - VLOG(("selfserv: do_writes: starting")); - while (sent < bigBuf.len) { - - count = PR_Write(ssl_sock, bigBuf.data + sent, bigBuf.len - sent); - if (count < 0) { - errWarn("PR_Write bigBuf"); - break; - } - FPRINTF(stderr, "selfserv: PR_Write wrote %d bytes from bigBuf\n", count ); - sent += count; - } - if (count >= 0) { /* last write didn't fail. */ - PR_Shutdown(ssl_sock, PR_SHUTDOWN_SEND); - } - - /* notify the reader that we're done. */ - lockedVars_AddToCount(lv, -1); - FLUSH; - VLOG(("selfserv: do_writes: exiting")); - return (sent < bigBuf.len) ? SECFailure : SECSuccess; -} - -static int -handle_fdx_connection( - PRFileDesc * tcp_sock, - PRFileDesc * model_sock, - int requestCert - ) -{ - PRFileDesc * ssl_sock = NULL; - SECStatus result; - int firstTime = 1; - lockedVars lv; - PRSocketOptionData opt; - char buf[10240]; - - - VLOG(("selfserv: handle_fdx_connection: starting")); - opt.option = PR_SockOpt_Nonblocking; - opt.value.non_blocking = PR_FALSE; - PR_SetSocketOption(tcp_sock, &opt); - - if (useModelSocket && model_sock) { - SECStatus rv; - ssl_sock = SSL_ImportFD(model_sock, tcp_sock); - if (!ssl_sock) { - errWarn("SSL_ImportFD with model"); - goto cleanup; - } - rv = SSL_ResetHandshake(ssl_sock, /* asServer */ 1); - if (rv != SECSuccess) { - errWarn("SSL_ResetHandshake"); - goto cleanup; - } - } else { - ssl_sock = tcp_sock; - } - - lockedVars_Init(&lv); - lockedVars_AddToCount(&lv, 1); - - /* Attempt to launch the writer thread. */ - result = launch_thread(do_writes, ssl_sock, (PRFileDesc *)&lv, - requestCert); - - if (result == SECSuccess) - do { - /* do reads here. */ - int count; - count = PR_Read(ssl_sock, buf, sizeof buf); - if (count < 0) { - errWarn("FDX PR_Read"); - break; - } - FPRINTF(stderr, "selfserv: FDX PR_Read read %d bytes.\n", count ); - if (firstTime) { - firstTime = 0; - printSecurityInfo(ssl_sock); - } - } while (lockedVars_AddToCount(&lv, 0) > 0); - - /* Wait for writer to finish */ - lockedVars_WaitForDone(&lv); - lockedVars_Destroy(&lv); - FLUSH; - -cleanup: - if (ssl_sock) - PR_Close(ssl_sock); - else - PR_Close(tcp_sock); - - VLOG(("selfserv: handle_fdx_connection: exiting")); - return SECSuccess; -} - -#endif - -int -handle_connection( - PRFileDesc *tcp_sock, - PRFileDesc *model_sock, - int requestCert - ) -{ - PRFileDesc * ssl_sock = NULL; - PRFileDesc * local_file_fd = NULL; - char * post; - char * pBuf; /* unused space at end of buf */ - const char * errString; - PRStatus status; - int bufRem; /* unused bytes at end of buf */ - int bufDat; /* characters received in buf */ - int newln = 0; /* # of consecutive newlns */ - int firstTime = 1; - int reqLen; - int rv; - int numIOVs; - PRSocketOptionData opt; - PRIOVec iovs[16]; - char msgBuf[160]; - char buf[10240]; - char fileName[513]; - - pBuf = buf; - bufRem = sizeof buf; - memset(buf, 0, sizeof buf); - - VLOG(("selfserv: handle_connection: starting")); - opt.option = PR_SockOpt_Nonblocking; - opt.value.non_blocking = PR_FALSE; - PR_SetSocketOption(tcp_sock, &opt); - - VLOG(("selfserv: handle_connection: starting\n")); - if (useModelSocket && model_sock) { - SECStatus rv; - ssl_sock = SSL_ImportFD(model_sock, tcp_sock); - if (!ssl_sock) { - errWarn("SSL_ImportFD with model"); - goto cleanup; - } - rv = SSL_ResetHandshake(ssl_sock, /* asServer */ 1); - if (rv != SECSuccess) { - errWarn("SSL_ResetHandshake"); - goto cleanup; - } - } else { - ssl_sock = tcp_sock; - } - - if (noDelay) { - opt.option = PR_SockOpt_NoDelay; - opt.value.no_delay = PR_TRUE; - status = PR_SetSocketOption(ssl_sock, &opt); - if (status != PR_SUCCESS) { - errWarn("PR_SetSocketOption(PR_SockOpt_NoDelay, PR_TRUE)"); - PR_Close(ssl_sock); - return SECFailure; - } - } - - while (1) { - newln = 0; - reqLen = 0; - rv = PR_Read(ssl_sock, pBuf, bufRem); - if (rv == 0 || - (rv < 0 && PR_END_OF_FILE_ERROR == PR_GetError())) { - if (verbose) - errWarn("HDX PR_Read hit EOF"); - break; - } - if (rv < 0) { - errWarn("HDX PR_Read"); - goto cleanup; - } - if (firstTime) { - firstTime = 0; - printSecurityInfo(ssl_sock); - } - - pBuf += rv; - bufRem -= rv; - bufDat = pBuf - buf; - /* Parse the input, starting at the beginning of the buffer. - * Stop when we detect two consecutive \n's (or \r\n's) - * as this signifies the end of the GET or POST portion. - * The posted data follows. - */ - while (reqLen < bufDat && newln < 2) { - int octet = buf[reqLen++]; - if (octet == '\n') { - newln++; - } else if (octet != '\r') { - newln = 0; - } - } - - /* came to the end of the buffer, or second newln - * If we didn't get an empty line (CRLFCRLF) then keep on reading. - */ - if (newln < 2) - continue; - - /* we're at the end of the HTTP request. - * If the request is a POST, then there will be one more - * line of data. - * This parsing is a hack, but ok for SSL test purposes. - */ - post = PORT_Strstr(buf, "POST "); - if (!post || *post != 'P') - break; - - /* It's a post, so look for the next and final CR/LF. */ - /* We should parse content length here, but ... */ - while (reqLen < bufDat && newln < 3) { - int octet = buf[reqLen++]; - if (octet == '\n') { - newln++; - } - } - if (newln == 3) - break; - } /* read loop */ - - bufDat = pBuf - buf; - if (bufDat) do { /* just close if no data */ - /* Have either (a) a complete get, (b) a complete post, (c) EOF */ - if (reqLen > 0 && !strncmp(buf, getCmd, sizeof getCmd - 1)) { - char * fnBegin = buf + 4; - char * fnEnd; - PRFileInfo info; - /* try to open the file named. - * If succesful, then write it to the client. - */ - fnEnd = strpbrk(fnBegin, " \r\n"); - if (fnEnd) { - int fnLen = fnEnd - fnBegin; - if (fnLen < sizeof fileName) { - strncpy(fileName, fnBegin, fnLen); - fileName[fnLen] = 0; /* null terminate */ - status = PR_GetFileInfo(fileName, &info); - if (status == PR_SUCCESS && - info.type == PR_FILE_FILE && - info.size >= 0 ) { - local_file_fd = PR_Open(fileName, PR_RDONLY, 0); - } - } - } - } - /* if user has requested client auth in a subsequent handshake, - * do it here. - */ - if (requestCert > 2) { /* request cert was 3 or 4 */ - CERTCertificate * cert = SSL_PeerCertificate(ssl_sock); - if (cert) { - CERT_DestroyCertificate(cert); - } else { - rv = SSL_OptionSet(ssl_sock, SSL_REQUEST_CERTIFICATE, 1); - if (rv < 0) { - errWarn("second SSL_OptionSet SSL_REQUEST_CERTIFICATE"); - break; - } - rv = SSL_OptionSet(ssl_sock, SSL_REQUIRE_CERTIFICATE, - (requestCert == 4)); - if (rv < 0) { - errWarn("second SSL_OptionSet SSL_REQUIRE_CERTIFICATE"); - break; - } - rv = SSL_ReHandshake(ssl_sock, PR_TRUE); - if (rv != 0) { - errWarn("SSL_ReHandshake"); - break; - } - rv = SSL_ForceHandshake(ssl_sock); - if (rv < 0) { - errWarn("SSL_ForceHandshake"); - break; - } - } - } - - numIOVs = 0; - - iovs[numIOVs].iov_base = (char *)outHeader; - iovs[numIOVs].iov_len = (sizeof(outHeader)) - 1; - numIOVs++; - - if (local_file_fd) { - PRInt32 bytes; - int errLen; - bytes = PR_TransmitFile(ssl_sock, local_file_fd, outHeader, - sizeof outHeader - 1, - PR_TRANSMITFILE_KEEP_OPEN, - PR_INTERVAL_NO_TIMEOUT); - if (bytes >= 0) { - bytes -= sizeof outHeader - 1; - FPRINTF(stderr, - "selfserv: PR_TransmitFile wrote %d bytes from %s\n", - bytes, fileName); - break; - } - errString = errWarn("PR_TransmitFile"); - errLen = PORT_Strlen(errString); - if (errLen > sizeof msgBuf - 1) - errLen = sizeof msgBuf - 1; - PORT_Memcpy(msgBuf, errString, errLen); - msgBuf[errLen] = 0; - - iovs[numIOVs].iov_base = msgBuf; - iovs[numIOVs].iov_len = PORT_Strlen(msgBuf); - numIOVs++; - } else if (reqLen <= 0) { /* hit eof */ - PORT_Sprintf(msgBuf, "Get or Post incomplete after %d bytes.\r\n", - bufDat); - - iovs[numIOVs].iov_base = msgBuf; - iovs[numIOVs].iov_len = PORT_Strlen(msgBuf); - numIOVs++; - } else if (reqLen < bufDat) { - PORT_Sprintf(msgBuf, "Discarded %d characters.\r\n", - bufDat - reqLen); - - iovs[numIOVs].iov_base = msgBuf; - iovs[numIOVs].iov_len = PORT_Strlen(msgBuf); - numIOVs++; - } - - if (reqLen > 0) { - if (verbose > 1) - fwrite(buf, 1, reqLen, stdout); /* display it */ - - iovs[numIOVs].iov_base = buf; - iovs[numIOVs].iov_len = reqLen; - numIOVs++; - -/* printSecurityInfo(ssl_sock); */ - } - - iovs[numIOVs].iov_base = (char *)EOFmsg; - iovs[numIOVs].iov_len = sizeof EOFmsg - 1; - numIOVs++; - - rv = PR_Writev(ssl_sock, iovs, numIOVs, PR_INTERVAL_NO_TIMEOUT); - if (rv < 0) { - errWarn("PR_Writev"); - break; - } - } while (0); - -cleanup: - PR_Close(ssl_sock); - if (local_file_fd) - PR_Close(local_file_fd); - VLOG(("selfserv: handle_connection: exiting\n")); - - /* do a nice shutdown if asked. */ - if (!strncmp(buf, stopCmd, sizeof stopCmd - 1)) { - stopping = 1; - VLOG(("selfserv: handle_connection: stop command")); - PR_Interrupt(acceptorThread); - PZ_TraceFlush(); - } - VLOG(("selfserv: handle_connection: exiting")); - return SECSuccess; /* success */ -} - -SECStatus -do_accepts( - PRFileDesc *listen_sock, - PRFileDesc *model_sock, - int requestCert - ) -{ - PRNetAddr addr; - PRErrorCode perr; - - VLOG(("selfserv: do_accepts: starting")); - PR_SetThreadPriority( PR_GetCurrentThread(), PR_PRIORITY_HIGH); - - acceptorThread = PR_GetCurrentThread(); - while (!stopping) { - PRFileDesc *tcp_sock; - PRCList *myLink; - - FPRINTF(stderr, "\n\n\nselfserv: About to call accept.\n"); - tcp_sock = PR_Accept(listen_sock, &addr, PR_INTERVAL_NO_TIMEOUT); - if (tcp_sock == NULL) { - perr = PR_GetError(); - if ((perr != PR_CONNECT_RESET_ERROR && - perr != PR_PENDING_INTERRUPT_ERROR) || verbose) { - errWarn("PR_Accept"); - } - if (perr == PR_CONNECT_RESET_ERROR) { - FPRINTF(stderr, - "Ignoring PR_CONNECT_RESET_ERROR error - continue\n"); - continue; - } - stopping = 1; - break; - } - - VLOG(("selfserv: do_accept: Got connection\n")); - - if (logStats) { - loggerOps++; - } - - PZ_Lock(qLock); - while (PR_CLIST_IS_EMPTY(&freeJobs) && !stopping) { - PZ_WaitCondVar(freeListNotEmptyCv, PR_INTERVAL_NO_TIMEOUT); - } - if (stopping) { - PZ_Unlock(qLock); - PR_Close(tcp_sock); - break; - } - myLink = PR_LIST_HEAD(&freeJobs); - PR_REMOVE_AND_INIT_LINK(myLink); - /* could release qLock here and reaquire it 7 lines below, but - ** why bother for 4 assignment statements? - */ - { - JOB * myJob = (JOB *)myLink; - myJob->tcp_sock = tcp_sock; - myJob->model_sock = model_sock; - myJob->requestCert = requestCert; - } - - PR_APPEND_LINK(myLink, &jobQ); - PZ_NotifyCondVar(jobQNotEmptyCv); - PZ_Unlock(qLock); - } - - FPRINTF(stderr, "selfserv: Closing listen socket.\n"); - VLOG(("selfserv: do_accepts: exiting")); - PR_Close(listen_sock); - return SECSuccess; -} - -PRFileDesc * -getBoundListenSocket(unsigned short port) -{ - PRFileDesc * listen_sock; - int listenQueueDepth = 5 + (2 * maxThreads); - PRStatus prStatus; - PRNetAddr addr; - PRSocketOptionData opt; - - addr.inet.family = PR_AF_INET; - addr.inet.ip = PR_INADDR_ANY; - addr.inet.port = PR_htons(port); - - listen_sock = PR_NewTCPSocket(); - if (listen_sock == NULL) { - errExit("PR_NewTCPSocket"); - } - - opt.option = PR_SockOpt_Nonblocking; - opt.value.non_blocking = PR_FALSE; - prStatus = PR_SetSocketOption(listen_sock, &opt); - if (prStatus < 0) { - errExit("PR_SetSocketOption(PR_SockOpt_Nonblocking)"); - } - - opt.option=PR_SockOpt_Reuseaddr; - opt.value.reuse_addr = PR_TRUE; - prStatus = PR_SetSocketOption(listen_sock, &opt); - if (prStatus < 0) { - errExit("PR_SetSocketOption(PR_SockOpt_Reuseaddr)"); - } - - prStatus = PR_Bind(listen_sock, &addr); - if (prStatus < 0) { - errExit("PR_Bind"); - } - - prStatus = PR_Listen(listen_sock, listenQueueDepth); - if (prStatus < 0) { - errExit("PR_Listen"); - } - return listen_sock; -} - -void -server_main( - PRFileDesc * listen_sock, - int requestCert, - SECKEYPrivateKey ** privKey, - CERTCertificate ** cert) -{ - PRFileDesc *model_sock = NULL; - int rv; - SSLKEAType kea; - SECStatus secStatus; - - if (useModelSocket) { - model_sock = PR_NewTCPSocket(); - if (model_sock == NULL) { - errExit("PR_NewTCPSocket on model socket"); - } - model_sock = SSL_ImportFD(NULL, model_sock); - if (model_sock == NULL) { - errExit("SSL_ImportFD"); - } - } else { - model_sock = listen_sock = SSL_ImportFD(NULL, listen_sock); - if (listen_sock == NULL) { - errExit("SSL_ImportFD"); - } - } - - /* do SSL configuration. */ - /* all suites except RSA_NULL_MD5 are enabled by default */ - -#if 0 - /* This is supposed to be true by default. - ** Setting it explicitly should not be necessary. - ** Let's test and make sure that's true. - */ - rv = SSL_OptionSet(model_sock, SSL_SECURITY, 1); - if (rv < 0) { - errExit("SSL_OptionSet SSL_SECURITY"); - } -#endif - - rv = SSL_OptionSet(model_sock, SSL_ENABLE_SSL3, !disableSSL3); - if (rv != SECSuccess) { - errExit("error enabling SSLv3 "); - } - - rv = SSL_OptionSet(model_sock, SSL_ENABLE_TLS, !disableTLS); - if (rv != SECSuccess) { - errExit("error enabling TLS "); - } - - rv = SSL_OptionSet(model_sock, SSL_ROLLBACK_DETECTION, !disableRollBack); - if (rv != SECSuccess) { - errExit("error enabling RollBack detection "); - } - - for (kea = kt_rsa; kea < kt_kea_size; kea++) { - if (cert[kea] != NULL) { - secStatus = SSL_ConfigSecureServer(model_sock, - cert[kea], privKey[kea], kea); - if (secStatus != SECSuccess) - errExit("SSL_ConfigSecureServer"); - } - } - - if (bigBuf.data) { /* doing FDX */ - rv = SSL_OptionSet(model_sock, SSL_ENABLE_FDX, 1); - if (rv < 0) { - errExit("SSL_OptionSet SSL_ENABLE_FDX"); - } - } - - if (NoReuse) { - rv = SSL_OptionSet(model_sock, SSL_NO_CACHE, 1); - if (rv < 0) { - errExit("SSL_OptionSet SSL_NO_CACHE"); - } - } - - /* This cipher is not on by default. The Acceptance test - * would like it to be. Turn this cipher on. - */ - - secStatus = SSL_CipherPrefSetDefault( SSL_RSA_WITH_NULL_MD5, PR_TRUE); - if ( secStatus != SECSuccess ) { - errExit("SSL_CipherPrefSetDefault:SSL_RSA_WITH_NULL_MD5"); - } - - - if (requestCert) { - SSL_AuthCertificateHook(model_sock, mySSLAuthCertificate, - (void *)CERT_GetDefaultCertDB()); - if (requestCert <= 2) { - rv = SSL_OptionSet(model_sock, SSL_REQUEST_CERTIFICATE, 1); - if (rv < 0) { - errExit("first SSL_OptionSet SSL_REQUEST_CERTIFICATE"); - } - rv = SSL_OptionSet(model_sock, SSL_REQUIRE_CERTIFICATE, - (requestCert == 2)); - if (rv < 0) { - errExit("first SSL_OptionSet SSL_REQUIRE_CERTIFICATE"); - } - } - } - - if (MakeCertOK) - SSL_BadCertHook(model_sock, myBadCertHandler, NULL); - - /* end of ssl configuration. */ - - - /* Now, do the accepting, here in the main thread. */ - rv = do_accepts(listen_sock, model_sock, requestCert); - - terminateWorkerThreads(); - - if (useModelSocket && model_sock) { - PR_Close(model_sock); - } - -} - -SECStatus -readBigFile(const char * fileName) -{ - PRFileInfo info; - PRStatus status; - SECStatus rv = SECFailure; - int count; - int hdrLen; - PRFileDesc *local_file_fd = NULL; - - status = PR_GetFileInfo(fileName, &info); - - if (status == PR_SUCCESS && - info.type == PR_FILE_FILE && - info.size > 0 && - NULL != (local_file_fd = PR_Open(fileName, PR_RDONLY, 0))) { - - hdrLen = PORT_Strlen(outHeader); - bigBuf.len = hdrLen + info.size; - bigBuf.data = PORT_Malloc(bigBuf.len + 4095); - if (!bigBuf.data) { - errWarn("PORT_Malloc"); - goto done; - } - - PORT_Memcpy(bigBuf.data, outHeader, hdrLen); - - count = PR_Read(local_file_fd, bigBuf.data + hdrLen, info.size); - if (count != info.size) { - errWarn("PR_Read local file"); - goto done; - } - rv = SECSuccess; -done: - PR_Close(local_file_fd); - } - return rv; -} - -int numChildren; -PRProcess * child[MAX_PROCS]; - -PRProcess * -haveAChild(int argc, char **argv, PRProcessAttr * attr) -{ - PRProcess * newProcess; - - newProcess = PR_CreateProcess(argv[0], argv, NULL, attr); - if (!newProcess) { - errWarn("Can't create new process."); - } else { - child[numChildren++] = newProcess; - } - return newProcess; -} - -void -beAGoodParent(int argc, char **argv, int maxProcs, PRFileDesc * listen_sock) -{ - PRProcess * newProcess; - PRProcessAttr * attr; - int i; - PRInt32 exitCode; - PRStatus rv; - - rv = PR_SetFDInheritable(listen_sock, PR_TRUE); - if (rv != PR_SUCCESS) - errExit("PR_SetFDInheritable"); - - attr = PR_NewProcessAttr(); - if (!attr) - errExit("PR_NewProcessAttr"); - - rv = PR_ProcessAttrSetInheritableFD(attr, listen_sock, inheritableSockName); - if (rv != PR_SUCCESS) - errExit("PR_ProcessAttrSetInheritableFD"); - - for (i = 0; i < maxProcs; ++i) { - newProcess = haveAChild(argc, argv, attr); - if (!newProcess) - break; - } - - rv = PR_SetFDInheritable(listen_sock, PR_FALSE); - if (rv != PR_SUCCESS) - errExit("PR_SetFDInheritable"); - - while (numChildren > 0) { - newProcess = child[numChildren - 1]; - PR_WaitProcess(newProcess, &exitCode); - fprintf(stderr, "Child %d exited with exit code %x\n", - numChildren, exitCode); - numChildren--; - } - exit(0); -} - -#ifdef DEBUG_nelsonb - -#if defined(XP_UNIX) || defined(XP_OS2) || defined(XP_BEOS) -#define SSL_GETPID getpid -#elif defined(_WIN32_WCE) -#define SSL_GETPID GetCurrentProcessId -#elif defined(WIN32) -extern int __cdecl _getpid(void); -#define SSL_GETPID _getpid -#else -#define SSL_GETPID() 0 -#endif - -void -WaitForDebugger(void) -{ - - int waiting = 12; - int myPid = SSL_GETPID(); - PRIntervalTime nrval = PR_SecondsToInterval(5); - - while (waiting) { - printf("child %d is waiting to be debugged!\n", myPid); - PR_Sleep(nrval); - --waiting; - } -} -#endif - -int -main(int argc, char **argv) -{ - char * progName = NULL; - char * nickName = NULL; -#ifdef NSS_ENABLE_ECC - char * ecNickName = NULL; -#endif - char * fNickName = NULL; - const char * fileName = NULL; - char * cipherString= NULL; - const char * dir = "."; - char * passwd = NULL; - const char * pidFile = NULL; - char * tmp; - char * envString; - PRFileDesc * listen_sock; - CERTCertificate * cert [kt_kea_size] = { NULL }; - SECKEYPrivateKey * privKey[kt_kea_size] = { NULL }; - int optionsFound = 0; - int maxProcs = 1; - unsigned short port = 0; - SECStatus rv; - PRStatus prStatus; - PRBool bindOnly = PR_FALSE; - PRBool useExportPolicy = PR_FALSE; - PRBool useLocalThreads = PR_FALSE; - PLOptState *optstate; - PLOptStatus status; - PRThread *loggerThread; - PRBool debugCache = PR_FALSE; /* bug 90518 */ - - - tmp = strrchr(argv[0], '/'); - tmp = tmp ? tmp + 1 : argv[0]; - progName = strrchr(tmp, '\\'); - progName = progName ? progName + 1 : tmp; - - PR_Init( PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1); - - /* please keep this list of options in ASCII collating sequence. - ** numbers, then capital letters, then lower case, alphabetical. - */ - optstate = PL_CreateOptState(argc, argv, - "2:3DL:M:NRTbc:d:e:f:hi:lmn:op:rt:vw:xy"); - while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) { - ++optionsFound; - switch(optstate->option) { - case '2': fileName = optstate->value; break; - - case '3': disableSSL3 = PR_TRUE; break; - - case 'D': noDelay = PR_TRUE; break; - - case 'L': - logStats = PR_TRUE; - if (optstate->value == NULL) { - logPeriod = 30; - } else { - logPeriod = PORT_Atoi(optstate->value); - if (logPeriod <= 0) logPeriod = 30; - } - break; - - case 'M': - maxProcs = PORT_Atoi(optstate->value); - if (maxProcs < 1) maxProcs = 1; - if (maxProcs > MAX_PROCS) maxProcs = MAX_PROCS; - break; - - case 'N': NoReuse = PR_TRUE; break; - - case 'R': disableRollBack = PR_TRUE; break; - - case 'T': disableTLS = PR_TRUE; break; - - case 'b': bindOnly = PR_TRUE; break; - - case 'c': cipherString = strdup(optstate->value); break; - - case 'd': dir = optstate->value; break; - -#ifdef NSS_ENABLE_ECC - case 'e': ecNickName = strdup(optstate->value); break; -#endif /* NSS_ENABLE_ECC */ - - case 'f': fNickName = strdup(optstate->value); break; - - case 'h': Usage(progName); exit(0); break; - - case 'i': pidFile = optstate->value; break; - - case 'l': useLocalThreads = PR_TRUE; break; - - case 'm': useModelSocket = PR_TRUE; break; - - case 'n': nickName = strdup(optstate->value); break; - - case 'o': MakeCertOK = 1; break; - - case 'p': port = PORT_Atoi(optstate->value); break; - - case 'r': ++requestCert; break; - - case 't': - maxThreads = PORT_Atoi(optstate->value); - if ( maxThreads > MAX_THREADS ) maxThreads = MAX_THREADS; - if ( maxThreads < MIN_THREADS ) maxThreads = MIN_THREADS; - break; - - case 'v': verbose++; break; - - case 'w': passwd = strdup(optstate->value); break; - - case 'x': useExportPolicy = PR_TRUE; break; - - case 'y': debugCache = PR_TRUE; break; - - default: - case '?': - fprintf(stderr, "Unrecognized or bad option specified.\n"); - fprintf(stderr, "Run '%s -h' for usage information.\n", progName); - exit(4); - break; - } - } - PL_DestroyOptState(optstate); - if (status == PL_OPT_BAD) { - fprintf(stderr, "Unrecognized or bad option specified.\n"); - fprintf(stderr, "Run '%s -h' for usage information.\n", progName); - exit(5); - } - if (!optionsFound) { - Usage(progName); - exit(51); - } - - /* The -b (bindOnly) option is only used by the ssl.sh test - * script on Linux to determine whether a previous selfserv - * process has fully died and freed the port. (Bug 129701) - */ - if (bindOnly) { - listen_sock = getBoundListenSocket(port); - if (!listen_sock) { - exit(1); - } - PR_Close(listen_sock); - exit(0); - } - - if ((nickName == NULL) && (fNickName == NULL)) { - fprintf(stderr, "Required arg '-n' (rsa nickname) not supplied.\n"); - fprintf(stderr, "Run '%s -h' for usage information.\n", progName); - exit(6); - } - - if (port == 0) { - fprintf(stderr, "Required argument 'port' must be non-zero value\n"); - exit(7); - } - - if (NoReuse && maxProcs > 1) { - fprintf(stderr, "-M and -N options are mutually exclusive.\n"); - exit(14); - } - - if (pidFile) { - FILE *tmpfile=fopen(pidFile,"w+"); - - if (tmpfile) { - fprintf(tmpfile,"%d",getpid()); - fclose(tmpfile); - } - } - - envString = getenv(envVarName); - tmp = getenv("TMP"); - if (!tmp) - tmp = getenv("TMPDIR"); - if (!tmp) - tmp = getenv("TEMP"); - if (envString) { - /* we're one of the children in a multi-process server. */ - listen_sock = PR_GetInheritedFD(inheritableSockName); - if (!listen_sock) - errExit("PR_GetInheritedFD"); -#ifndef WINNT - /* we can't do this on NT because it breaks NSPR and - PR_Accept will fail on the socket in the child process if - the socket state is change to non inheritable - It is however a security issue to leave it accessible, - but it is OK for a test server such as selfserv. - NSPR should fix it eventually . see bugzilla 101617 - and 102077 - */ - prStatus = PR_SetFDInheritable(listen_sock, PR_FALSE); - if (prStatus != PR_SUCCESS) - errExit("PR_SetFDInheritable"); -#endif -#ifdef DEBUG_nelsonb - WaitForDebugger(); -#endif - rv = SSL_InheritMPServerSIDCache(envString); - if (rv != SECSuccess) - errExit("SSL_InheritMPServerSIDCache"); - hasSidCache = PR_TRUE; - } else if (maxProcs > 1) { - /* we're going to be the parent in a multi-process server. */ - listen_sock = getBoundListenSocket(port); - rv = SSL_ConfigMPServerSIDCache(NUM_SID_CACHE_ENTRIES, 0, 0, tmp); - if (rv != SECSuccess) - errExit("SSL_ConfigMPServerSIDCache"); - hasSidCache = PR_TRUE; - beAGoodParent(argc, argv, maxProcs, listen_sock); - exit(99); /* should never get here */ - } else { - /* we're an ordinary single process server. */ - listen_sock = getBoundListenSocket(port); - prStatus = PR_SetFDInheritable(listen_sock, PR_FALSE); - if (prStatus != PR_SUCCESS) - errExit("PR_SetFDInheritable"); - if (!NoReuse) { - rv = SSL_ConfigServerSessionIDCache(NUM_SID_CACHE_ENTRIES, - 0, 0, tmp); - if (rv != SECSuccess) - errExit("SSL_ConfigServerSessionIDCache"); - hasSidCache = PR_TRUE; - } - } - - lm = PR_NewLogModule("TestCase"); - - if (fileName) - readBigFile(fileName); - - /* set our password function */ - PK11_SetPasswordFunc( passwd ? ownPasswd : SECU_GetModulePassword); - - /* Call the libsec initialization routines */ - rv = NSS_Initialize(dir, "", "", SECMOD_DB, NSS_INIT_READONLY); - if (rv != SECSuccess) { - fputs("NSS_Init failed.\n", stderr); - exit(8); - } - - /* set the policy bits true for all the cipher suites. */ - if (useExportPolicy) - NSS_SetExportPolicy(); - else - NSS_SetDomesticPolicy(); - - /* all the SSL2 and SSL3 cipher suites are enabled by default. */ - if (cipherString) { - int ndx; - - /* disable all the ciphers, then enable the ones we want. */ - disableAllSSLCiphers(); - - while (0 != (ndx = *cipherString++)) { - const int *cptr; - int cipher; - - if (! isalpha(ndx)) { - fprintf(stderr, - "Non-alphabetic char in cipher string (-c arg).\n"); - exit(9); - } - cptr = islower(ndx) ? ssl3CipherSuites : ssl2CipherSuites; - for (ndx &= 0x1f; (cipher = *cptr++) != 0 && --ndx > 0; ) - /* do nothing */; - if (cipher) { - SECStatus status; - status = SSL_CipherPrefSetDefault(cipher, SSL_ALLOWED); - if (status != SECSuccess) - SECU_PrintError(progName, "SSL_CipherPrefSet()"); - } - } - } - - if (nickName) { - cert[kt_rsa] = PK11_FindCertFromNickname(nickName, passwd); - if (cert[kt_rsa] == NULL) { - fprintf(stderr, "selfserv: Can't find certificate %s\n", nickName); - exit(10); - } - privKey[kt_rsa] = PK11_FindKeyByAnyCert(cert[kt_rsa], passwd); - if (privKey[kt_rsa] == NULL) { - fprintf(stderr, "selfserv: Can't find Private Key for cert %s\n", - nickName); - exit(11); - } - } - if (fNickName) { - cert[kt_fortezza] = PK11_FindCertFromNickname(fNickName, NULL); - if (cert[kt_fortezza] == NULL) { - fprintf(stderr, "selfserv: Can't find certificate %s\n", fNickName); - exit(12); - } - privKey[kt_fortezza] = PK11_FindKeyByAnyCert(cert[kt_fortezza], NULL); - } -#ifdef NSS_ENABLE_ECC - if (ecNickName) { - cert[kt_ecdh] = PK11_FindCertFromNickname(ecNickName, NULL); - if (cert[kt_ecdh] == NULL) { - fprintf(stderr, "selfserv: Can't find certificate %s\n", - ecNickName); - exit(13); - } - privKey[kt_ecdh] = PK11_FindKeyByAnyCert(cert[kt_ecdh], NULL); - } -#endif /* NSS_ENABLE_ECC */ - - /* allocate the array of thread slots, and launch the worker threads. */ - rv = launch_threads(&jobLoop, 0, 0, requestCert, useLocalThreads); - - if (rv == SECSuccess && logStats) { - loggerThread = PR_CreateThread(PR_SYSTEM_THREAD, - logger, NULL, PR_PRIORITY_NORMAL, - useLocalThreads ? PR_LOCAL_THREAD:PR_GLOBAL_THREAD, - PR_UNJOINABLE_THREAD, 0); - if (loggerThread == NULL) { - fprintf(stderr, "selfserv: Failed to launch logger thread!\n"); - rv = SECFailure; - } - } - - if (rv == SECSuccess) { - server_main(listen_sock, requestCert, privKey, cert); - } - - VLOG(("selfserv: server_thread: exiting")); - - { - int i; - for (i=0; i<kt_kea_size; i++) { - if (cert[i]) { - CERT_DestroyCertificate(cert[i]); - } - if (privKey[i]) { - SECKEY_DestroyPrivateKey(privKey[i]); - } - } - } - - if (debugCache) { - nss_DumpCertificateCacheInfo(); - } - - free(nickName); - free(passwd); - - if (hasSidCache) { - SSL_ShutdownServerSessionIDCache(); - } - if (NSS_Shutdown() != SECSuccess) { - SECU_PrintError(progName, "NSS_Shutdown"); - PR_Cleanup(); - exit(1); - } - PR_Cleanup(); - printf("selfserv: normal termination\n"); - return 0; -} diff --git a/security/nss/cmd/shlibsign/Makefile b/security/nss/cmd/shlibsign/Makefile deleted file mode 100644 index 11b458de9..000000000 --- a/security/nss/cmd/shlibsign/Makefile +++ /dev/null @@ -1,110 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - -include ../platlibs.mk - -# -# we really should have this driven from a list file made during the normal -# NSS build prodecure. -# -ifndef USE_64 -ifeq ($(OS_TARGET), HP-UX) - ifneq ($(OS_TEST), ia64) - LOADABLE_FREEBL= 1 - endif -endif -ifeq ($(OS_TARGET), SunOS) - ifeq ($(CPU_ARCH), sparc) - LOADABLE_FREEBL = 1 - endif -endif -endif - -ifdef LOADABLE_FREEBL - CHECKFILES += freebl_pure32_3.chk freebl_hybrid_3.chk -endif - -CHECKLOC=$(addprefix $(DIST)/lib/$(DLL_PREFIX), $(CHECKFILES)) - -MD_LIB_RELEASE_FILES = $(CHECKLOC) -ALL_TRASH += $(CHECKLOC) - - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - - -include ../platrules.mk - -%.chk: %.$(DLL_SUFFIX) -ifeq ($(OS_TARGET), OS2) - @cmd.exe /c sign.cmd $(DIST) $(OBJDIR) $(OS_TARGET) $< -else - @sh ./sign.sh $(DIST) $(OBJDIR) $(OS_TARGET) $< -endif - -libs install :: $(CHECKLOC) - diff --git a/security/nss/cmd/shlibsign/mangle/Makefile b/security/nss/cmd/shlibsign/mangle/Makefile deleted file mode 100644 index 7948a4328..000000000 --- a/security/nss/cmd/shlibsign/mangle/Makefile +++ /dev/null @@ -1,75 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - -include ../../platlibs.mk - - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - - -include ../../platrules.mk - diff --git a/security/nss/cmd/shlibsign/mangle/mangle.c b/security/nss/cmd/shlibsign/mangle/mangle.c deleted file mode 100644 index 7ff34b5e6..000000000 --- a/security/nss/cmd/shlibsign/mangle/mangle.c +++ /dev/null @@ -1,166 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2003 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -/* - * Test program to mangle 1 bit in a binary - * - * $Id$ - */ - -#include "nspr.h" -#include "plstr.h" -#include "plgetopt.h" -#include "prio.h" - -static PRFileDesc *pr_stderr; -static void -usage (char *program_name) -{ - - PR_fprintf (pr_stderr, "Usage:"); - PR_fprintf (pr_stderr, "%s -i shared_library_name -o byte_offset -b bit\n", program_name); -} - - -int -main (int argc, char **argv) -{ - /* buffers and locals */ - PLOptState *optstate; - char *programName; - char cbuf; - - /* parameter set variables */ - const char *libFile = NULL; - int offset = -1; - int bitOffset = -1; - - /* return values */ - int retval = 2; /* 0 - test succeeded. - * 1 - illegal args - * 2 - function failed */ - PRFileDesc *fd; - int bytesRead; - int bytesWritten; - int pos; - - programName = PL_strrchr(argv[0], '/'); - programName = programName ? (programName + 1) : argv[0]; - - pr_stderr = PR_STDERR; - - optstate = PL_CreateOptState (argc, argv, "i:o:b:"); - if (optstate == NULL) { - return 1; - } - - while (PL_GetNextOpt (optstate) == PL_OPT_OK) { - switch (optstate->option) { - case 'i': - libFile = optstate->value; - break; - - case 'o': - offset = atoi(optstate->value); - break; - - case 'b': - bitOffset = atoi(optstate->value); - break; - } - } - - if (libFile == NULL) { - usage(programName); - return 1; - } - if ((bitOffset >= 8) || (bitOffset < 0)) { - usage(programName); - return 1; - } - - if (offset < 0) { - usage(programName); - return 1; - } - - /* open the target signature file */ - fd = PR_OpenFile(libFile,PR_RDWR,0666); - if (fd == NULL ) { - /* lperror(libFile); */ - PR_fprintf(pr_stderr,"Couldn't Open %s\n",libFile); - goto loser; - } - - /* read the byte */ - pos = PR_Seek(fd, offset, PR_SEEK_SET); - if (pos != offset) { - PR_fprintf(pr_stderr,"Seek for read on %s (to %d) failed\n", libFile, offset); - goto loser; - } - bytesRead = PR_Read(fd, &cbuf, 1); - if (bytesRead != 1) { - PR_fprintf(pr_stderr,"Read on %s (to %d) failed\n", libFile, offset); - goto loser; - } - - PR_fprintf(pr_stderr,"Changing byte 0x%08x (%d): from %02x (%d) to ", - offset, offset, (unsigned char)cbuf, (unsigned char)cbuf); - /* change it */ - cbuf ^= 1 << bitOffset; - PR_fprintf(pr_stderr,"%02x (%d)\n", ( - unsigned char)cbuf, (unsigned char)cbuf); - - /* write it back out */ - pos = PR_Seek(fd, offset, PR_SEEK_SET); - if (pos != offset) { - PR_fprintf(pr_stderr,"Seek for write on %s (to %d) failed\n", libFile, offset); - goto loser; - } - bytesWritten = PR_Write(fd, &cbuf, 1); - if (bytesWritten != 1) { - PR_fprintf(pr_stderr,"Write on %s (to %d) failed\n", libFile, offset); - goto loser; - } - - PR_Close(fd); - retval = 0; - - -loser: - - PR_Cleanup (); - return retval; -} - -/*#DEFINES += -DSHLIB_SUFFIX=\"$(DLL_SUFFIX)\" -DSHLIB_PREFIX=\"$(DLL_PREFIX)\" */ diff --git a/security/nss/cmd/shlibsign/mangle/manifest.mn b/security/nss/cmd/shlibsign/mangle/manifest.mn deleted file mode 100644 index d850921f0..000000000 --- a/security/nss/cmd/shlibsign/mangle/manifest.mn +++ /dev/null @@ -1,52 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -CORE_DEPTH = ../../../.. - -# MODULE public and private header directories are implicitly REQUIRED. -MODULE = nss - -DEFINES += -DSHLIB_SUFFIX=\"$(DLL_SUFFIX)\" -DSHLIB_PREFIX=\"$(DLL_PREFIX)\" - -CSRCS = \ - mangle.c \ - $(NULL) - - -# headers for the MODULE (defined above) are implicitly required. -REQUIRES = - -PROGRAM = mangle - -USE_STATIC_LIBS = 1 - diff --git a/security/nss/cmd/shlibsign/manifest.mn b/security/nss/cmd/shlibsign/manifest.mn deleted file mode 100644 index 40cdeeff1..000000000 --- a/security/nss/cmd/shlibsign/manifest.mn +++ /dev/null @@ -1,60 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -CORE_DEPTH = ../../.. - -# MODULE public and private header directories are implicitly REQUIRED. -MODULE = nss - -DEFINES += -DSHLIB_SUFFIX=\"$(DLL_SUFFIX)\" -DSHLIB_PREFIX=\"$(DLL_PREFIX)\" - -CSRCS = \ - shlibsign.c \ - $(NULL) - -CHECKFILES = softokn3.chk - -# headers for the MODULE (defined above) are implicitly required. -REQUIRES = dbm seccmd - -# WINNT uses EXTRA_LIBS as the list of libs to link in. -# Unix uses OS_LIBS for that purpose. -# We can solve this via conditional makefile code, but -# can't do this in manifest.mn because OS_ARCH isn't defined there. -# So, look in the local Makefile for the defines for the list of libs. - -PROGRAM = shlibsign - -DIRS = mangle - -#USE_STATIC_LIBS = 1 diff --git a/security/nss/cmd/shlibsign/shlibsign.c b/security/nss/cmd/shlibsign/shlibsign.c deleted file mode 100644 index 3024a025a..000000000 --- a/security/nss/cmd/shlibsign/shlibsign.c +++ /dev/null @@ -1,426 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -/* - * Test program for SDR (Secret Decoder Ring) functions. - * - * $Id$ - */ - -#ifdef XP_UNIX -#define USES_LINKS 1 -#endif - -#include "nspr.h" -#include <stdio.h> -#include "nss.h" -#include "secutil.h" -#include "cert.h" -#include "pk11func.h" - -#include "plgetopt.h" -#include "pk11sdr.h" -#include "shsign.h" -#include "pk11pqg.h" - -#ifdef USES_LINKS -#include <unistd.h> -#include <sys/param.h> -#include <sys/types.h> -#include <sys/stat.h> -#endif - -static void -usage (char *program_name) -{ - PRFileDesc *pr_stderr; - - pr_stderr = PR_STDERR; - PR_fprintf (pr_stderr, "Usage:"); - PR_fprintf (pr_stderr, "%s [-v] -i shared_library_name\n", program_name); -} - -static char * -mkoutput(const char *input) -{ - int in_len = PORT_Strlen(input); - char *output = PORT_Alloc(in_len+sizeof(SGN_SUFFIX)); - int index = in_len + 1 - sizeof("."SHLIB_SUFFIX); - - if ((index > 0) && - (PORT_Strncmp(&input[index], - "."SHLIB_SUFFIX,sizeof("."SHLIB_SUFFIX)) == 0)) { - in_len = index; - } - PORT_Memcpy(output,input,in_len); - PORT_Memcpy(&output[in_len],SGN_SUFFIX,sizeof(SGN_SUFFIX)); - return output; -} - - -static void -lperror(const char *string) -{ - int errNum = PORT_GetError(); - const char *error = SECU_Strerror(errNum); - fprintf(stderr,"%s: %s\n",string, error); -} - -static void -encodeInt(unsigned char *buf, int val) -{ - buf[3] = (val >> 0) & 0xff; - buf[2] = (val >> 8) & 0xff; - buf[1] = (val >> 16) & 0xff; - buf[0] = (val >> 24) & 0xff; - return; -} - -static SECStatus -writeItem(PRFileDesc *fd, SECItem *item, char *file) -{ - unsigned char buf[4]; - int bytesWritten; - - encodeInt(buf,item->len); - bytesWritten = PR_Write(fd,buf, 4); - if (bytesWritten != 4) { - lperror(file); - return SECFailure; - } - bytesWritten = PR_Write(fd, item->data, item->len); - if (bytesWritten != item->len) { - lperror(file); - return SECFailure; - } - return SECSuccess; -} - - -int -main (int argc, char **argv) -{ - int retval = 1; /* 0 - test succeeded. 1 - test failed */ - SECStatus rv; - PLOptState *optstate; - char *program_name; - const char *input_file = NULL; /* read encrypted data from here (or create) */ - char *output_file = NULL; /* write new encrypted data here */ - PRBool verbose = PR_FALSE; - SECKEYPrivateKey *privk = NULL; - SECKEYPublicKey *pubk = NULL; - PK11SlotInfo *slot = NULL; - PRFileDesc *fd; - int bytesRead; - int bytesWritten; - unsigned char file_buf[512]; - unsigned char hash_buf[SHA1_LENGTH]; - unsigned char sign_buf[40]; /* DSA_LENGTH */ - SECItem hash,sign; - PK11Context *hashcx = NULL; - int ks, count=0; - int keySize = 1024; - PQGParams *pqgParams = NULL; - PQGVerify *pqgVerify = NULL; -#ifdef USES_LINKS - int ret; - struct stat stat_buf; - char link_buf[MAXPATHLEN+1]; - char *link_file = NULL; -#endif - - hash.len = sizeof(hash_buf); hash.data = hash_buf; - sign.len = sizeof(sign_buf); sign.data = sign_buf; - - program_name = PL_strrchr(argv[0], '/'); - program_name = program_name ? (program_name + 1) : argv[0]; - - optstate = PL_CreateOptState (argc, argv, "d:i:o:v"); - if (optstate == NULL) { - SECU_PrintError (program_name, "PL_CreateOptState failed"); - return 1; - } - - while (PL_GetNextOpt (optstate) == PL_OPT_OK) { - switch (optstate->option) { -#ifdef notdef - case '?': - short_usage (program_name); - return 0; - - case 'H': - long_usage (program_name); - return 0; -#endif - - case 'd': - SECU_ConfigDirectory(optstate->value); - break; - - case 'i': - input_file = optstate->value; - break; - - case 'o': - output_file = PORT_Strdup(optstate->value); - break; - - case 'v': - verbose = PR_TRUE; - break; - } - } - - if (input_file == NULL) { - usage(program_name); - return 1; - } - - /* - * Initialize the Security libraries. - */ - PK11_SetPasswordFunc(SECU_GetModulePassword); - - rv = NSS_Init(SECU_ConfigDirectory(NULL)); - if (rv != SECSuccess) { - rv = NSS_NoDB_Init(""); - } - if (rv != SECSuccess) { - lperror("NSS_Init failed"); - goto prdone; - } - - /* Generate a DSA Key pair */ - slot = PK11_GetBestSlot(CKM_DSA,NULL); - if (slot == NULL) { - lperror("CKM_DSA"); - goto loser; - - } - printf("Generating DSA Key Pair...."); fflush(stdout); - ks = PQG_PBITS_TO_INDEX(keySize); - rv = PK11_PQG_ParamGen(ks,&pqgParams, &pqgVerify); - if (rv != SECSuccess) { - lperror("Generating PQG Params"); - goto loser; - } - privk = PK11_GenerateKeyPair(slot, CKM_DSA_KEY_PAIR_GEN, pqgParams, &pubk, - PR_FALSE, PR_TRUE, NULL); - if (privk == NULL) { - lperror("Generating DSA Key"); - goto loser; - } - - printf("done\n"); - - /* open the shared library */ - fd = PR_OpenFile(input_file,PR_RDONLY,0); - if (fd == NULL ) { - lperror(input_file); - goto loser; - } -#ifdef USES_LINKS - ret = lstat(input_file, &stat_buf); - if (ret < 0) { - perror(input_file); - goto loser; - } - if (S_ISLNK(stat_buf.st_mode)) { - char *dirpath,*dirend; - ret = readlink(input_file, link_buf, sizeof(link_buf) - 1); - if (ret < 0) { - perror(input_file); - goto loser; - } - link_buf[ret] = 0; - link_file = mkoutput(input_file); - /* get the dirname of input_file */ - dirpath = PORT_Strdup(input_file); - dirend = PORT_Strrchr(dirpath, '/'); - if (dirend) { - *dirend = '\0'; - ret = chdir(dirpath); - if (ret < 0) { - perror(dirpath); - goto loser; - } - } - PORT_Free(dirpath); - input_file = link_buf; - /* get the basename of link_file */ - dirend = PORT_Strrchr(link_file, '/'); - if (dirend) { - link_file = dirend + 1; - } - } -#endif - if (output_file == NULL) { - output_file = mkoutput(input_file); - } - - hashcx = PK11_CreateDigestContext(SEC_OID_SHA1); - if (hashcx == NULL) { - lperror("SHA1 Digest Create"); - goto loser; - } - - /* hash the file */ - while ((bytesRead = PR_Read(fd,file_buf,sizeof(file_buf))) > 0) { - PK11_DigestOp(hashcx,file_buf,bytesRead); - count += bytesRead; - } - - PR_Close(fd); - fd = NULL; - if (bytesRead < 0) { - lperror(input_file); - goto loser; - } - - - PK11_DigestFinal(hashcx, hash.data, &hash.len, hash.len); - - if (hash.len != SHA1_LENGTH) { - fprintf(stderr, "Digest length was not correct\n"); - goto loser; - } - - /* signe the hash */ - rv = PK11_Sign(privk,&sign,&hash); - if (rv != SECSuccess) { - lperror("Signing"); - goto loser; - } - - if (verbose) { - int i,j; - fprintf(stderr,"Library File: %s %d bytes\n",input_file, count); - fprintf(stderr,"Check File: %s\n",output_file); -#ifdef USES_LINKS - if (link_file) { - fprintf(stderr,"Link: %s\n",link_file); - } -#endif - fprintf(stderr," hash: %d bytes\n", hash.len); -#define STEP 10 - for (i=0; i < hash.len; i += STEP) { - fprintf(stderr," "); - for (j=0; j < STEP && (i+j) < hash.len; j++) { - fprintf(stderr," %02x", hash.data[i+j]); - } - fprintf(stderr,"\n"); - } - fprintf(stderr," signature: %d bytes\n", sign.len); - for (i=0; i < sign.len; i += STEP) { - fprintf(stderr," "); - for (j=0; j < STEP && (i+j) < sign.len; j++) { - fprintf(stderr," %02x", sign.data[i+j]); - } - fprintf(stderr,"\n"); - } - } - - /* open the target signature file */ - fd = PR_OpenFile(output_file,PR_WRONLY|PR_CREATE_FILE|PR_TRUNCATE,0666); - if (fd == NULL ) { - lperror(output_file); - goto loser; - } - - /* - * we write the key out in a straight binary format because very - * low level libraries need to read an parse this file. Ideally we should - * just derEncode the public key (which would be pretty simple, and be - * more general), but then we'd need to link the ASN.1 decoder with the - * freebl libraries. - */ - - file_buf[0] = NSS_SIGN_CHK_MAGIC1; - file_buf[1] = NSS_SIGN_CHK_MAGIC2; - file_buf[2] = NSS_SIGN_CHK_MAJOR_VERSION; - file_buf[3] = NSS_SIGN_CHK_MINOR_VERSION; - encodeInt(&file_buf[4],12); /* offset to data start */ - encodeInt(&file_buf[8],CKK_DSA); - bytesWritten = PR_Write(fd,file_buf, 12); - if (bytesWritten != 12) { - lperror(output_file); - goto loser; - } - - rv = writeItem(fd,&pubk->u.dsa.params.prime,output_file); - if (rv != SECSuccess) goto loser; - rv = writeItem(fd,&pubk->u.dsa.params.subPrime,output_file); - if (rv != SECSuccess) goto loser; - rv = writeItem(fd,&pubk->u.dsa.params.base,output_file); - if (rv != SECSuccess) goto loser; - rv = writeItem(fd,&pubk->u.dsa.publicValue,output_file); - if (rv != SECSuccess) goto loser; - rv = writeItem(fd,&sign,output_file); - if (rv != SECSuccess) goto loser; - - PR_Close(fd); - -#ifdef USES_LINKS - if (link_file) { - (void)unlink(link_file); - ret = symlink(output_file, link_file); - if (ret < 0) { - perror(link_file); - goto loser; - } - } -#endif - - retval = 0; - -loser: - if (hashcx) { - PK11_DestroyContext(hashcx, PR_TRUE); - } - if (privk) { - SECKEY_DestroyPrivateKey(privk); - } - if (pubk) { - SECKEY_DestroyPublicKey(pubk); - } - if (slot) { - PK11_FreeSlot(slot); - } - if (NSS_Shutdown() != SECSuccess) { - exit(1); - } - -prdone: - PR_Cleanup (); - return retval; -} diff --git a/security/nss/cmd/shlibsign/sign.cmd b/security/nss/cmd/shlibsign/sign.cmd deleted file mode 100644 index 612609de9..000000000 --- a/security/nss/cmd/shlibsign/sign.cmd +++ /dev/null @@ -1,19 +0,0 @@ -/* Equivalent to sign.sh for OS/2 */ -PARSE ARG dist objdir os_target therest -dist=forwardtoback(dist); -objdir=forwardtoback(objdir); -'echo 'dist -'echo 'objdir -'set BEGINLIBPATH='dist'\lib;%BEGINLIBPATH%' -'set LIBPATHSTRICT=T' -objdir'\shlibsign -v -i 'therest -exit - -forwardtoback: procedure - arg pathname - parse var pathname pathname'/'rest - do while (rest <> "") - pathname = pathname'\'rest - parse var pathname pathname'/'rest - end - return pathname diff --git a/security/nss/cmd/shlibsign/sign.sh b/security/nss/cmd/shlibsign/sign.sh deleted file mode 100644 index 9a5d79fc9..000000000 --- a/security/nss/cmd/shlibsign/sign.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/sh -case "${3}" in -WIN*) - if echo "${PATH}" | grep -c \; >/dev/null; then - PATH=${PATH}\;${1}/bin\;${1}/lib - else - # ARG1 is ${1} with the drive letter escaped. - if echo "${1}" | grep -c : >/dev/null; then - ARG1=`(cd ${1}; pwd)` - else - ARG1=${1} - fi - PATH=${PATH}:${ARG1}/bin:${ARG1}/lib - fi - export PATH - echo ${2}/shlibsign -v -i ${4} - ${2}/shlibsign -v -i ${4} - ;; -OpenVMS) - temp="tmp$$.tmp" - temp2="tmp$$.tmp2" - cd ${1}/lib - vmsdir=`dcl show default` - ls *.so > $temp - sed -e "s/\([^\.]*\)\.so/\$ define\/job \1 ${vmsdir}\1.so/" $temp > $temp2 - echo '$ define/job getipnodebyname xxx' >> $temp2 - echo '$ define/job vms_null_dl_name sys$share:decc$shr' >> $temp2 - dcl @$temp2 - echo ${2}/shlibsign -v -i ${4} - ${2}/shlibsign -v -i ${4} - sed -e "s/\([^\.]*\)\.so/\$ deass\/job \1/" $temp > $temp2 - echo '$ deass/job getipnodebyname' >> $temp2 - echo '$ deass/job vms_null_dl_name' >> $temp2 - dcl @$temp2 - rm $temp $temp2 - ;; -*) - LIBPATH=`(cd ${1}/lib; pwd)`:$LIBPATH - export LIBPATH - SHLIB_PATH=${1}/lib:$SHLIB_PATH - export SHLIB_PATH - LD_LIBRARY_PATH=${1}/lib:$LD_LIBRARY_PATH - export LD_LIBRARY_PATH - DYLD_LIBRARY_PATH=${1}/lib:$DYLD_LIBRARY_PATH - export DYLD_LIBRARY_PATH - LIBRARY_PATH=${1}/lib:$LIBRARY_PATH - export LIBRARY_PATH - echo ${2}/shlibsign -v -i ${4} - ${2}/shlibsign -v -i ${4} - ;; -esac diff --git a/security/nss/cmd/signtool/Makefile b/security/nss/cmd/signtool/Makefile deleted file mode 100644 index e4a3a6069..000000000 --- a/security/nss/cmd/signtool/Makefile +++ /dev/null @@ -1,71 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - -include ../platlibs.mk - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - -include ../platrules.mk diff --git a/security/nss/cmd/signtool/README b/security/nss/cmd/signtool/README deleted file mode 100644 index 2bdb705c7..000000000 --- a/security/nss/cmd/signtool/README +++ /dev/null @@ -1,119 +0,0 @@ - Signing Tool (signtool) - 1.3 Release Notes - ======================================== - -Documentation is provided online at mozilla.org - -Problems or questions not covered by the online documentation can be -discussed in the DevEdge Security Newsgroup. - -=== New Features in 1.3 -======================= - -The security library components have been upgraded to utilize NSS_2_7_1_RTM. -This means that the maximum RSA keysize now supported should be 4096 bits. - -=== Zigbert 0.6 Support -======================= -This program was previously named Zigbert. The last version of zigbert -was Zigbert 0.6. Because all the functionality of Zigbert is maintained in -signtool 1.2, Zigbert is no longer supported. If you have problems -using Zigbert, please upgrade to signtool 1.2. - -=== New Features in 1.2 -======================= - -Certificate Generation Improvements ------------------------------------ -Two new options have been added to control generation of self-signed object -signing certificates with the -G option. The -s option takes the size (in bits) -of the generated RSA private key. The -t option takes the name of the PKCS #11 -token on which to generate the keypair and install the certificate. Both -options are optional. By default, the private key is 1024 bits and is generated -on the internal software token. - - -=== New Features in 1.1 -======================= - -File I/O --------- -Signtool can now read its options from a command file specified with the -f -option on the command line. The format for the file is described in the -documentation. -Error messages and informational output can be redirected to an output file -by supplying the "--outfile" option on the command line or the "outfile=" -option in the command file. - -New Options ------------ -"--norecurse" tells Signtool not to recurse into subdirectories when signing -directories or parsing HTML with the -J option. -"--leavearc" tells Signtool not to delete the temporary .arc directories -produced by the -J option. This can aid debugging. -"--verbosity" tells Signtool how much information to display. 0 is the -default. -1 suppresses most messages, except for errors. - -=== Bug Fixes in 1.1 -==================== - --J option revamped ------------------- -The -J option, which parses HTML files, extracts Java and Javascript code, -and stores them in signed JAR files, has been re-implemented. Several bugs -have been fixed: -- CODEBASE attribute is no longer ignored -- CLASS and SRC attributes can be be paths ("xxx/xxx/x.class") rather than - just filenames ("x.class"). -- LINK tags are handled correctly -- various HTML parsing bugs fixed -- error messages are more informative - -No Password on Key Database ---------------------------- -If you had not yet set a Communicator password (which locks key3.db, the -key database), signtool would fail with a cryptic error message whenever it -attempted to verify the password. Now this condition is detected at the -beginning of the program, and a more informative message is displayed. - --x and -e Options ------------------ -Previously, only one of each of these options could be specified on the command -line. Now arbitrarily many can be specified. For example, to sign only files -with .class or .js extensions, the arguments "-eclass -ejs" could both be -specified. To exclude the directories "subdir1" and "subdir2" from signing, -the arguments "-x subdir1 -x subdir2" could both be specified. - -New Features in 1.0 -=================== - -Creation of JAR files ----------------------- -The -Z option causes signtool to output a JAR file formed by storing the -signed archive in ZIP format. This eliminates the need to use a separate ZIP -utility. The -c option specifies the compression level of the resulting -JAR file. - -Generation of Object-Signing Certificates and Keys --------------------------------------------------- -The -G option will create a new, self-signed object-signing certificate -which can be used for testing purposes. The generated certificate and -associated public and private keys will be installed in the cert7.db and -key3.db files in the directory specified with the -d option (unless the key -is generated on an external token using the -t option). On Unix systems, -if no directory is specified, the user's Netscape directory (~/.netscape) -will be used. In addition, the certificate is output in X509 format to the -files x509.raw and x509.cacert in the current directory. x509.cacert can -be published on a web page and imported into browsers that visit that page. - -Extraction and Signing of JavaScript from HTML ----------------------------------------------- -The -J option activates the same functionality provided by the signpages -Perl script. It will parse a directory of html files, creating archives -of the JavaScript called from the HTML. These archives are then signed and -made into JAR files. - -Enhanced Smart Card Support ---------------------------- -Certificates that reside on smart cards are displayed when using the -L and --l options. diff --git a/security/nss/cmd/signtool/certgen.c b/security/nss/cmd/signtool/certgen.c deleted file mode 100644 index 4687a7841..000000000 --- a/security/nss/cmd/signtool/certgen.c +++ /dev/null @@ -1,713 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -#include "signtool.h" - -#include "secoid.h" -#include "cryptohi.h" -#include "certdb.h" - -static char* GetSubjectFromUser(unsigned long serial); -static CERTCertificate* GenerateSelfSignedObjectSigningCert(char *nickname, - CERTCertDBHandle *db, char *subject, unsigned long serial, int keysize, - char *token); -static SECStatus ChangeTrustAttributes(CERTCertDBHandle *db, - CERTCertificate *cert, char *trusts); -static SECStatus set_cert_type(CERTCertificate *cert, unsigned int type); -static SECItem *sign_cert(CERTCertificate *cert, SECKEYPrivateKey *privk); -static CERTCertificate* install_cert(CERTCertDBHandle *db, SECItem *derCert, - char *nickname); -static SECStatus GenerateKeyPair(PK11SlotInfo *slot, SECKEYPublicKey **pubk, - SECKEYPrivateKey **privk, int keysize); -static CERTCertificateRequest* make_cert_request(char *subject, - SECKEYPublicKey *pubk); -static CERTCertificate * make_cert(CERTCertificateRequest *req, - unsigned long serial, CERTName *ca_subject); -static void output_ca_cert (CERTCertificate *cert, CERTCertDBHandle *db); - - -/*********************************************************************** - * - * G e n e r a t e C e r t - * - * Runs the whole process of creating a new cert, getting info from the - * user, etc. - */ -int -GenerateCert(char *nickname, int keysize, char *token) -{ - CERTCertDBHandle *db; - CERTCertificate *cert; - char *subject; - unsigned long serial; - char stdinbuf[160]; - - /* Print warning about having the browser open */ - PR_fprintf(PR_STDOUT /*always go to console*/, -"\nWARNING: Performing this operation while the browser is running could cause" -"\ncorruption of your security databases. If the browser is currently running," -"\nyou should exit the browser before continuing this operation. Enter " -"\n\"y\" to continue, or anything else to abort: "); - pr_fgets(stdinbuf, 160, PR_STDIN); - PR_fprintf(PR_STDOUT, "\n"); - if(tolower(stdinbuf[0]) != 'y') { - PR_fprintf(errorFD, "Operation aborted at user's request.\n"); - errorCount++; - return -1; - } - - db = CERT_GetDefaultCertDB(); - if(!db) { - FatalError("Unable to open certificate database"); - } - - if(PK11_FindCertFromNickname(nickname, NULL)) { - PR_fprintf(errorFD, -"ERROR: Certificate with nickname \"%s\" already exists in database. You\n" -"must choose a different nickname.\n", nickname); - errorCount++; - exit(ERRX); - } - - LL_L2UI(serial, PR_Now()); - - subject = GetSubjectFromUser(serial); - - cert = GenerateSelfSignedObjectSigningCert(nickname, db, subject, - serial, keysize, token); - - if(cert) { - output_ca_cert(cert, db); - CERT_DestroyCertificate(cert); - } - - PORT_Free(subject); - return 0; -} - -#undef VERBOSE_PROMPTS - -/*********************************************************************8 - * G e t S u b j e c t F r o m U s e r - * - * Construct the subject information line for a certificate by querying - * the user on stdin. - */ -static char* -GetSubjectFromUser(unsigned long serial) -{ - char buf[STDIN_BUF_SIZE]; - char common_name_buf[STDIN_BUF_SIZE]; - char *common_name, *state, *orgunit, *country, *org, *locality; - char *email, *uid; - char *subject; - char *cp; - int subjectlen=0; - - common_name = state = orgunit = country = org = locality = email = - uid = subject = NULL; - - /* Get subject information */ - PR_fprintf(PR_STDOUT, -"\nEnter certificate information. All fields are optional. Acceptable\n" -"characters are numbers, letters, spaces, and apostrophes.\n"); - -#ifdef VERBOSE_PROMPTS - PR_fprintf(PR_STDOUT, "\nCOMMON NAME\n" -"Enter the full name you want to give your certificate. (Example: Test-Only\n" -"Object Signing Certificate)\n" -"-->"); -#else - PR_fprintf(PR_STDOUT, "certificate common name: "); -#endif - fgets(buf, STDIN_BUF_SIZE, stdin); - cp = chop(buf); - if(*cp == '\0') { - sprintf(common_name_buf, "%s (%lu)", DEFAULT_COMMON_NAME, serial); - cp = common_name_buf; - } - common_name = PORT_ZAlloc(strlen(cp) + 6); - if(!common_name) {out_of_memory();} - sprintf(common_name, "CN=%s, ", cp); - subjectlen += strlen(common_name); - -#ifdef VERBOSE_PROMPTS - PR_fprintf(PR_STDOUT, "\nORGANIZATION NAME\n" -"Enter the name of your organization. For example, this could be the name\n" -"of your company.\n" -"-->"); -#else - PR_fprintf(PR_STDOUT, "organization: "); -#endif - fgets(buf, STDIN_BUF_SIZE, stdin); - cp = chop(buf); - if(*cp != '\0') { - org = PORT_ZAlloc(strlen(cp) + 5); - if(!org) {out_of_memory();} - sprintf(org, "O=%s, ", cp); - subjectlen += strlen(org); - } - -#ifdef VERBOSE_PROMPTS - PR_fprintf(PR_STDOUT, "\nORGANIZATION UNIT\n" -"Enter the name of your organization unit. For example, this could be the\n" -"name of your department.\n" -"-->"); -#else - PR_fprintf(PR_STDOUT, "organization unit: "); -#endif - fgets(buf, STDIN_BUF_SIZE, stdin); - cp = chop(buf); - if(*cp != '\0') { - orgunit = PORT_ZAlloc(strlen(cp)+6); - if(!orgunit) {out_of_memory();} - sprintf(orgunit, "OU=%s, ", cp); - subjectlen += strlen(orgunit); - } - -#ifdef VERBOSE_PROMPTS - PR_fprintf(PR_STDOUT, "\nSTATE\n" -"Enter the name of your state or province.\n" -"-->"); -#else - PR_fprintf(PR_STDOUT, "state or province: "); -#endif - fgets(buf, STDIN_BUF_SIZE, stdin); - cp = chop(buf); - if(*cp != '\0') { - state = PORT_ZAlloc(strlen(cp)+6); - if(!state) {out_of_memory();} - sprintf(state, "ST=%s, ", cp); - subjectlen += strlen(state); - } - -#ifdef VERBOSE_PROMPTS - PR_fprintf(PR_STDOUT, "\nCOUNTRY\n" -"Enter the 2-character abbreviation for the name of your country.\n" -"-->"); -#else - PR_fprintf(PR_STDOUT, "country (must be exactly 2 characters): "); -#endif - fgets(buf, STDIN_BUF_SIZE, stdin); - cp = chop(cp); - if(strlen(cp) != 2) { - *cp = '\0'; /* country code must be 2 chars */ - } - if(*cp != '\0') { - country = PORT_ZAlloc(strlen(cp)+5); - if(!country) {out_of_memory();} - sprintf(country, "C=%s, ", cp); - subjectlen += strlen(country); - } - -#ifdef VERBOSE_PROMPTS - PR_fprintf(PR_STDOUT, "\nUSERNAME\n" -"Enter your system username or UID\n" -"-->"); -#else - PR_fprintf(PR_STDOUT, "username: "); -#endif - fgets(buf, STDIN_BUF_SIZE, stdin); - cp = chop(buf); - if(*cp != '\0') { - uid = PORT_ZAlloc(strlen(cp)+7); - if(!uid) {out_of_memory();} - sprintf(uid, "UID=%s, ", cp); - subjectlen += strlen(uid); - } - -#ifdef VERBOSE_PROMPTS - PR_fprintf(PR_STDOUT, "\nEMAIL ADDRESS\n" -"Enter your email address.\n" -"-->"); -#else - PR_fprintf(PR_STDOUT, "email address: "); -#endif - fgets(buf, STDIN_BUF_SIZE, stdin); - cp = chop(buf); - if(*cp != '\0') { - email = PORT_ZAlloc(strlen(cp)+5); - if(!email) {out_of_memory();} - sprintf(email, "E=%s,", cp); - subjectlen += strlen(email); - } - - subjectlen++; - - subject = PORT_ZAlloc(subjectlen); - if(!subject) {out_of_memory();} - - sprintf(subject, "%s%s%s%s%s%s%s", - common_name ? common_name : "", - org ? org : "", - orgunit ? orgunit : "", - state ? state : "", - country ? country : "", - uid ? uid : "", - email ? email : "" - ); - if( (strlen(subject) > 1) && (subject[strlen(subject)-1] == ' ') ) { - subject[strlen(subject)-2] = '\0'; - } - - PORT_Free(common_name); - PORT_Free(org); - PORT_Free(orgunit); - PORT_Free(state); - PORT_Free(country); - PORT_Free(uid); - PORT_Free(email); - - return subject; -} - -/************************************************************************** - * - * G e n e r a t e S e l f S i g n e d O b j e c t S i g n i n g C e r t - * *phew*^ - * - */ -static CERTCertificate* -GenerateSelfSignedObjectSigningCert(char *nickname, CERTCertDBHandle *db, - char *subject, unsigned long serial, int keysize, char *token) -{ - CERTCertificate *cert, *temp_cert; - SECItem *derCert; - CERTCertificateRequest *req; - - PK11SlotInfo *slot = NULL; - SECKEYPrivateKey *privk = NULL; - SECKEYPublicKey *pubk = NULL; - - if( token ) { - slot = PK11_FindSlotByName(token); - } else { - slot = PK11_GetInternalKeySlot(); - } - - if (slot == NULL) { - PR_fprintf(errorFD, "Can't find PKCS11 slot %s\n", - token ? token : ""); - errorCount++; - exit (ERRX); - } - - if( GenerateKeyPair(slot, &pubk, &privk, keysize) != SECSuccess) { - FatalError("Error generating keypair."); - } - req = make_cert_request (subject, pubk); - temp_cert = make_cert (req, serial, &req->subject); - if(set_cert_type(temp_cert, - NS_CERT_TYPE_OBJECT_SIGNING | NS_CERT_TYPE_OBJECT_SIGNING_CA) - != SECSuccess) { - FatalError("Unable to set cert type"); - } - - derCert = sign_cert (temp_cert, privk); - cert = install_cert(db, derCert, nickname); - if(ChangeTrustAttributes(db, cert, ",,uC") != SECSuccess) { - FatalError("Unable to change trust on generated certificate"); - } - - /* !!! Free memory ? !!! */ - PK11_FreeSlot(slot); - SECKEY_DestroyPrivateKey(privk); - SECKEY_DestroyPublicKey(pubk); - - return cert; -} - -/************************************************************************** - * - * C h a n g e T r u s t A t t r i b u t e s - */ -static SECStatus -ChangeTrustAttributes(CERTCertDBHandle *db, CERTCertificate *cert, char *trusts) -{ - - CERTCertTrust *trust; - - if(!db || !cert || !trusts) { - PR_fprintf(errorFD,"ChangeTrustAttributes got incomplete arguments.\n"); - errorCount++; - return SECFailure; - } - - trust = (CERTCertTrust*) PORT_ZAlloc(sizeof(CERTCertTrust)); - if(!trust) { - PR_fprintf(errorFD, "ChangeTrustAttributes unable to allocate " - "CERTCertTrust\n"); - errorCount++; - return SECFailure; - } - - if( CERT_DecodeTrustString(trust, trusts) ) { - return SECFailure; - } - - if( CERT_ChangeCertTrust(db, cert, trust) ) { - PR_fprintf(errorFD, "unable to modify trust attributes for cert %s\n", - cert->nickname ? cert->nickname : ""); - errorCount++; - return SECFailure; - } - - return SECSuccess; -} - -/************************************************************************* - * - * s e t _ c e r t _ t y p e - */ -static SECStatus -set_cert_type(CERTCertificate *cert, unsigned int type) -{ - void *context; - SECStatus status = SECSuccess; - SECItem certType; - char ctype; - - context = CERT_StartCertExtensions(cert); - - certType.type = siBuffer; - certType.data = (unsigned char*) &ctype; - certType.len = 1; - ctype = (unsigned char)type; - if(CERT_EncodeAndAddBitStrExtension(context, SEC_OID_NS_CERT_EXT_CERT_TYPE, - &certType, PR_TRUE /*critical*/) != SECSuccess) { - status = SECFailure; - } - - if(CERT_FinishExtensions(context) != SECSuccess) { - status = SECFailure; - } - - return status; -} - -/******************************************************************** - * - * s i g n _ c e r t - */ -static SECItem * -sign_cert(CERTCertificate *cert, SECKEYPrivateKey *privk) -{ - SECStatus rv; - - SECItem der2; - SECItem *result2; - - void *dummy; - SECOidTag alg = SEC_OID_UNKNOWN; - - switch (privk->keyType) - { - case rsaKey: - alg = SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION; - break; - - case dsaKey: - alg = SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST; - break; - default: - FatalError("Unknown key type"); - } - PORT_Assert(alg != SEC_OID_UNKNOWN); - - rv = SECOID_SetAlgorithmID (cert->arena, &cert->signature, alg, 0); - - if (rv != SECSuccess) - { - PR_fprintf(errorFD, "%s: unable to set signature alg id\n", PROGRAM_NAME); - errorCount++; - exit (ERRX); - } - - der2.len = 0; - der2.data = NULL; - - dummy = SEC_ASN1EncodeItem - (cert->arena, &der2, cert, CERT_CertificateTemplate); - - if (rv != SECSuccess) - { - PR_fprintf(errorFD, "%s: error encoding cert\n", PROGRAM_NAME); - errorCount++; - exit (ERRX); - } - - result2 = (SECItem *) PORT_ArenaZAlloc (cert->arena, sizeof (SECItem)); - if (result2 == NULL) - out_of_memory(); - - rv = SEC_DerSignData - (cert->arena, result2, der2.data, der2.len, privk, alg); - - if (rv != SECSuccess) - { - PR_fprintf(errorFD, "can't sign encoded certificate data\n"); - errorCount++; - exit (ERRX); - } - else if(verbosity >= 0) { - PR_fprintf(outputFD, "certificate has been signed\n"); - } - - cert->derCert = *result2; - - return result2; -} - -/********************************************************************* - * - * i n s t a l l _ c e r t - * - * Installs the cert in the permanent database. - */ -static CERTCertificate* -install_cert(CERTCertDBHandle *db, SECItem *derCert, char *nickname) -{ - CERTCertificate *newcert; - PK11SlotInfo *newSlot; - - newcert = CERT_DecodeDERCertificate(derCert, PR_TRUE, NULL); - - if (newcert == NULL) { - PR_fprintf(errorFD, "%s: can't create new certificate\n", PROGRAM_NAME); - errorCount++; - exit (ERRX); - } - - newSlot = PK11_ImportCertForKey(newcert, nickname, NULL /*wincx*/); - if( newSlot == NULL ) { - PR_fprintf(errorFD, "Unable to install certificate\n"); - errorCount++; - exit(ERRX); - } - PK11_FreeSlot(newSlot); - - if(verbosity >= 0){ - PR_fprintf(outputFD, "certificate \"%s\" added to database\n", nickname); - } - - return newcert; -} - -/****************************************************************** - * - * G e n e r a t e K e y P a i r - */ -static SECStatus -GenerateKeyPair(PK11SlotInfo *slot, SECKEYPublicKey **pubk, - SECKEYPrivateKey **privk, int keysize) -{ - - PK11RSAGenParams rsaParams; - - if( keysize == -1 ) { - rsaParams.keySizeInBits = DEFAULT_RSA_KEY_SIZE; - } else { - rsaParams.keySizeInBits = keysize; - } - rsaParams.pe = 0x10001; - - if(PK11_Authenticate( slot, PR_FALSE /*loadCerts*/, NULL /*wincx*/) - != SECSuccess) { - SECU_PrintError(progName, "failure authenticating to key database.\n"); - exit(ERRX); - } - - *privk = PK11_GenerateKeyPair (slot, CKM_RSA_PKCS_KEY_PAIR_GEN, &rsaParams, - pubk, PR_TRUE /*isPerm*/, PR_TRUE /*isSensitive*/, NULL /*wincx*/ ); - - if (*privk != NULL && *pubk != NULL) { - if(verbosity >= 0) { - PR_fprintf(outputFD, "generated public/private key pair\n"); - } - } else { - SECU_PrintError(progName, "failure generating key pair\n"); - exit (ERRX); - } - - return SECSuccess; -} - -/****************************************************************** - * - * m a k e _ c e r t _ r e q u e s t - */ -static CERTCertificateRequest* -make_cert_request(char *subject, SECKEYPublicKey *pubk) -{ - CERTName *subj; - CERTSubjectPublicKeyInfo *spki; - - CERTCertificateRequest *req; - - /* Create info about public key */ - spki = SECKEY_CreateSubjectPublicKeyInfo(pubk); - if (!spki) { - SECU_PrintError(progName, "unable to create subject public key"); - exit (ERRX); - } - - subj = CERT_AsciiToName (subject); - if(subj == NULL) { - FatalError("Invalid data in certificate description"); - } - - /* Generate certificate request */ - req = CERT_CreateCertificateRequest(subj, spki, 0); - if (!req) { - SECU_PrintError(progName, "unable to make certificate request"); - exit (ERRX); - } - - if(verbosity >= 0) { - PR_fprintf(outputFD, "certificate request generated\n"); - } - - return req; -} - -/****************************************************************** - * - * m a k e _ c e r t - */ -static CERTCertificate * -make_cert(CERTCertificateRequest *req, unsigned long serial, - CERTName *ca_subject) -{ - CERTCertificate *cert; - - CERTValidity *validity = NULL; - - PRTime now, after; - PRExplodedTime printableTime; - - now = PR_Now(); - PR_ExplodeTime (now, PR_GMTParameters, &printableTime); - - printableTime.tm_month += 3; - after = PR_ImplodeTime (&printableTime); - - validity = CERT_CreateValidity (now, after); - - if (validity == NULL) - { - PR_fprintf(errorFD, "%s: error creating certificate validity\n", PROGRAM_NAME); - errorCount++; - exit (ERRX); - } - - cert = CERT_CreateCertificate - (serial, ca_subject, validity, req); - - if (cert == NULL) - { - /* should probably be more precise here */ - PR_fprintf(errorFD, "%s: error while generating certificate\n", PROGRAM_NAME); - errorCount++; - exit (ERRX); - } - - return cert; - } - -/************************************************************************* - * - * o u t p u t _ c a _ c e r t - */ -static void -output_ca_cert (CERTCertificate *cert, CERTCertDBHandle *db) - { - FILE *out; - - SECItem *encodedCertChain; - SEC_PKCS7ContentInfo *certChain; - char *filename; - - /* the raw */ - - filename = PORT_ZAlloc(strlen(DEFAULT_X509_BASENAME)+8); - if(!filename) out_of_memory(); - - sprintf(filename, "%s.raw", DEFAULT_X509_BASENAME); - if ((out = fopen (filename, "wb")) == NULL) - { - PR_fprintf(errorFD, "%s: Can't open %s output file\n", PROGRAM_NAME, filename); - errorCount++; - exit(ERRX); - } - - certChain = SEC_PKCS7CreateCertsOnly (cert, PR_TRUE, db); - encodedCertChain - = SEC_PKCS7EncodeItem (NULL, NULL, certChain, NULL, NULL, NULL); - SEC_PKCS7DestroyContentInfo (certChain); - - if (encodedCertChain) - { - fprintf(out, "Content-type: application/x-x509-ca-cert\n\n"); - fwrite (encodedCertChain->data, 1, encodedCertChain->len, out); - SECITEM_FreeItem(encodedCertChain, PR_TRUE); - } - else { - PR_fprintf(errorFD, "%s: Can't DER encode this certificate\n", PROGRAM_NAME); - errorCount++; - exit(ERRX); - } - - fclose (out); - - /* and the cooked */ - - sprintf(filename, "%s.cacert", DEFAULT_X509_BASENAME); - if ((out = fopen (filename, "wb")) == NULL) - { - PR_fprintf(errorFD, "%s: Can't open %s output file\n", PROGRAM_NAME, filename); - errorCount++; - return; - } - - fprintf (out, "%s\n%s\n%s\n", - NS_CERT_HEADER, - BTOA_DataToAscii (cert->derCert.data, cert->derCert.len), - NS_CERT_TRAILER); - - fclose (out); - - if(verbosity >= 0) { - PR_fprintf(outputFD, "Exported certificate to %s.raw and %s.cacert.\n", - DEFAULT_X509_BASENAME, DEFAULT_X509_BASENAME); - } -} diff --git a/security/nss/cmd/signtool/javascript.c b/security/nss/cmd/signtool/javascript.c deleted file mode 100644 index 142a9751a..000000000 --- a/security/nss/cmd/signtool/javascript.c +++ /dev/null @@ -1,1790 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -#include "signtool.h" -#include <prmem.h> -#include <prio.h> -#include <prenv.h> - -static int javascript_fn(char *relpath, char *basedir, char *reldir, - char *filename, void *arg); -static int extract_js (char *filename); -static int copyinto (char *from, char *to); -static PRStatus ensureExists (char *base, char *path); -static int make_dirs(char *path, PRInt32 file_perms); - -static char *jartree = NULL; -static int idOrdinal; -static PRBool dumpParse=PR_FALSE; - -static char *event_handlers[] = { -"onAbort", -"onBlur", -"onChange", -"onClick", -"onDblClick", -"onDragDrop", -"onError", -"onFocus", -"onKeyDown", -"onKeyPress", -"onKeyUp", -"onLoad", -"onMouseDown", -"onMouseMove", -"onMouseOut", -"onMouseOver", -"onMouseUp", -"onMove", -"onReset", -"onResize", -"onSelect", -"onSubmit", -"onUnload" -}; -static int num_handlers = 23; - -/* - * I n l i n e J a v a S c r i p t - * - * Javascript signing. Instead of passing an archive to signtool, - * a directory containing html files is given. Archives are created - * from the archive= and src= tag attributes inside the html, - * as appropriate. Then the archives are signed. - * - */ -int -InlineJavaScript(char *dir, PRBool recurse) -{ - jartree = dir; - if(verbosity >= 0) { - PR_fprintf(outputFD, "\nGenerating inline signatures from HTML files in: %s\n", dir); - } - if(PR_GetEnv("SIGNTOOL_DUMP_PARSE")) { - dumpParse = PR_TRUE; - } - - return foreach(dir, "", javascript_fn, recurse, PR_FALSE /*include dirs*/, - (void*)NULL); - -} - -/************************************************************************ - * - * j a v a s c r i p t _ f n - */ -static int javascript_fn - (char *relpath, char *basedir, char *reldir, char *filename, void *arg) -{ - char fullname [FNSIZE]; - - /* only process inline scripts from .htm, .html, and .shtml*/ - - if(! (PL_strcaserstr(filename, ".htm") == filename + strlen(filename) -4) && - ! (PL_strcaserstr(filename, ".html") == filename + strlen(filename) -5)&& - ! (PL_strcaserstr(filename, ".shtml") == filename + strlen(filename)-6)){ - return 0; - } - - /* don't process scripts that signtool has already - extracted (those that are inside .arc directories) */ - - if(PL_strcaserstr(filename, ".arc") == filename + strlen(filename) - 4) - return 0; - - if(verbosity >= 0) { - PR_fprintf(outputFD, "Processing HTML file: %s\n", relpath); - } - - /* reset firstArchive at top of each HTML file */ - - /* skip directories that contain extracted scripts */ - - if(PL_strcaserstr(reldir, ".arc") == reldir + strlen(reldir) - 4) - return 0; - - sprintf (fullname, "%s/%s", basedir, relpath); - return extract_js (fullname); -} - -/*=========================================================================== - = - = D A T A S T R U C T U R E S - = -*/ -typedef enum { - TEXT_HTML_STATE=0, - SCRIPT_HTML_STATE -} HTML_STATE ; - -typedef enum { - /* we start in the start state */ - START_STATE, - - /* We are looking for or reading in an attribute */ - GET_ATT_STATE, - - /* We're burning ws before finding an attribute */ - PRE_ATT_WS_STATE, - - /* We're burning ws after an attribute. Looking for an '='. */ - POST_ATT_WS_STATE, - - /* We're burning ws after an '=', waiting for a value */ - PRE_VAL_WS_STATE, - - /* We're reading in a value */ - GET_VALUE_STATE, - - /* We're reading in a value that's inside quotes */ - GET_QUOTED_VAL_STATE, - - /* We've encountered the closing '>' */ - DONE_STATE, - - /* Error state */ - ERR_STATE -} TAG_STATE ; - -typedef struct AVPair_Str { - char *attribute; - char *value; - unsigned int valueLine; /* the line that the value ends on */ - struct AVPair_Str *next; -} AVPair; - -typedef enum { - APPLET_TAG, - SCRIPT_TAG, - LINK_TAG, - STYLE_TAG, - COMMENT_TAG, - OTHER_TAG -} TAG_TYPE ; - -typedef struct { - TAG_TYPE type; - AVPair *attList; - AVPair *attListTail; - char *text; -} TagItem; - -typedef enum { - TAG_ITEM, - TEXT_ITEM -} ITEM_TYPE ; - -typedef struct HTMLItem_Str{ - unsigned int startLine; - unsigned int endLine; - ITEM_TYPE type; - union { - TagItem *tag; - char *text; - } item; - struct HTMLItem_Str *next; -} HTMLItem; - -typedef struct { - PRFileDesc *fd; - PRInt32 curIndex; - PRBool IsEOF; -#define FILE_BUFFER_BUFSIZE 512 - char buf[FILE_BUFFER_BUFSIZE]; - PRInt32 startOffset; - PRInt32 maxIndex; - unsigned int lineNum; -} FileBuffer; - -/*=========================================================================== - = - = F U N C T I O N S - = -*/ -static HTMLItem* CreateTextItem(char *text, unsigned int startline, - unsigned int endline); -static HTMLItem* CreateTagItem(TagItem* ti, unsigned int startline, - unsigned int endline); -static TagItem* ProcessTag(FileBuffer* fb, char **errStr); -static void DestroyHTMLItem(HTMLItem *item); -static void DestroyTagItem(TagItem* ti); -static TAG_TYPE GetTagType(char *att); -static FileBuffer* FB_Create(PRFileDesc* fd); -static int FB_GetChar(FileBuffer *fb); -static PRInt32 FB_GetPointer(FileBuffer *fb); -static PRInt32 FB_GetRange(FileBuffer *fb, PRInt32 start, PRInt32 end, - char **buf); -static unsigned int FB_GetLineNum(FileBuffer *fb); -static void FB_Destroy(FileBuffer *fb); -static void PrintTagItem(PRFileDesc *fd, TagItem *ti); -static void PrintHTMLStream(PRFileDesc *fd, HTMLItem *head); - -/************************************************************************ - * - * C r e a t e T e x t I t e m - */ -static HTMLItem* -CreateTextItem(char *text, unsigned int startline, unsigned int endline) -{ - HTMLItem *item; - - item = PR_Malloc(sizeof(HTMLItem)); - if(!item) { - return NULL; - } - - item->type = TEXT_ITEM; - item->item.text = text; - item->next = NULL; - item->startLine = startline; - item->endLine = endline; - - return item; -} - -/************************************************************************ - * - * C r e a t e T a g I t e m - */ -static HTMLItem* -CreateTagItem(TagItem* ti, unsigned int startline, unsigned int endline) -{ - HTMLItem *item; - - item = PR_Malloc(sizeof(HTMLItem)); - if(!item) { - return NULL; - } - - item->type = TAG_ITEM; - item->item.tag = ti; - item->next = NULL; - item->startLine = startline; - item->endLine = endline; - - return item; -} - -static PRBool -isAttChar(char c) -{ - return (isalnum(c) || c=='/' || c=='-'); -} - -/************************************************************************ - * - * P r o c e s s T a g - */ -static TagItem* -ProcessTag(FileBuffer* fb, char **errStr) -{ - TAG_STATE state; - PRInt32 startText, startID, curPos; - PRBool firstAtt; - int curchar; - TagItem *ti=NULL; - AVPair *curPair=NULL; - char quotechar='\0'; - unsigned int linenum; - unsigned int startline; - - state = START_STATE; - - startID = FB_GetPointer(fb); - startText = startID; - firstAtt = PR_TRUE; - - ti = (TagItem*) PR_Malloc(sizeof(TagItem)); - if(!ti) out_of_memory(); - ti->type = OTHER_TAG; - ti->attList = NULL; - ti->attListTail = NULL; - ti->text = NULL; - - startline = FB_GetLineNum(fb); - - while(state != DONE_STATE && state != ERR_STATE) { - linenum = FB_GetLineNum(fb); - curchar = FB_GetChar(fb); - if(curchar == EOF) { - *errStr = PR_smprintf( - "line %d: Unexpected end-of-file while parsing tag starting at line %d.\n", linenum, startline); - state = ERR_STATE; - continue; - } - - switch(state) { - case START_STATE: - if(curchar=='!') { - /* - * SGML tag or comment - * Here's the general rule for SGML tags. Everything from - * <! to > is the tag. Inside the tag, comments are - * delimited with --. So we are looking for the first '>' - * that is not commented out, that is, not inside a pair - * of --: <!DOCTYPE --this is a comment >(psyche!) --> - */ - - PRBool inComment = PR_FALSE; - short hyphenCount = 0; /* number of consecutive hyphens */ - - while(1) { - linenum = FB_GetLineNum(fb); - curchar = FB_GetChar(fb); - if(curchar == EOF) { - /* Uh oh, EOF inside comment */ - *errStr = PR_smprintf( - "line %d: Unexpected end-of-file inside comment starting at line %d.\n", - linenum, startline); - state = ERR_STATE; - break; - } - if(curchar=='-') { - if(hyphenCount==1) { - /* This is a comment delimiter */ - inComment = !inComment; - hyphenCount=0; - } else { - /* beginning of a comment delimiter? */ - hyphenCount=1; - } - } else if(curchar=='>') { - if(!inComment) { - /* This is the end of the tag */ - state = DONE_STATE; - break; - } else { - /* The > is inside a comment, so it's not - * really the end of the tag */ - hyphenCount=0; - } - } else { - hyphenCount = 0; - } - } - ti->type = COMMENT_TAG; - break; - } - /* fall through */ - case GET_ATT_STATE: - if(isspace(curchar) || curchar=='=' || curchar=='>') { - /* end of the current attribute */ - curPos = FB_GetPointer(fb)-2; - if(curPos >= startID) { - /* We have an attribute */ - curPair = (AVPair*)PR_Malloc(sizeof(AVPair)); - if(!curPair) out_of_memory(); - curPair->value = NULL; - curPair->next = NULL; - FB_GetRange(fb, startID, curPos, &curPair->attribute); - - /* Stick this attribute on the list */ - if(ti->attListTail) { - ti->attListTail->next = curPair; - ti->attListTail = curPair; - } else { - ti->attList = ti->attListTail = curPair; - } - - /* If this is the first attribute, find the type of tag - * based on it. Also, start saving the text of the tag. */ - if(firstAtt) { - ti->type = GetTagType(curPair->attribute); - startText = FB_GetPointer(fb)-1; - firstAtt = PR_FALSE; - } - } else { - if(curchar=='=') { - /* If we don't have any attribute but we do have an - * equal sign, that's an error */ - *errStr = PR_smprintf("line %d: Malformed tag starting at line %d.\n", linenum, startline); - state = ERR_STATE; - break; - } - } - - /* Compute next state */ - if(curchar=='=') { - startID = FB_GetPointer(fb); - state = PRE_VAL_WS_STATE; - } else if(curchar=='>') { - state = DONE_STATE; - } else if(curPair) { - state = POST_ATT_WS_STATE; - } else { - state = PRE_ATT_WS_STATE; - } - } else if(isAttChar(curchar)) { - /* Just another char in the attribute. Do nothing */ - state = GET_ATT_STATE; - } else { - /* bogus char */ - *errStr= PR_smprintf("line %d: Bogus chararacter '%c' in tag.\n", - linenum, curchar); - state = ERR_STATE; - break; - } - break; - case PRE_ATT_WS_STATE: - if(curchar=='>') { - state = DONE_STATE; - } else if(isspace(curchar)) { - /* more whitespace, do nothing */ - } else if(isAttChar(curchar)) { - /* starting another attribute */ - startID = FB_GetPointer(fb)-1; - state = GET_ATT_STATE; - } else { - /* bogus char */ - *errStr = PR_smprintf("line %d: Bogus character '%c' in tag.\n", - linenum, curchar); - state = ERR_STATE; - break; - } - break; - case POST_ATT_WS_STATE: - if(curchar=='>') { - state = DONE_STATE; - } else if(isspace(curchar)) { - /* more whitespace, do nothing */ - } else if(isAttChar(curchar)) { - /* starting another attribute */ - startID = FB_GetPointer(fb)-1; - state = GET_ATT_STATE; - } else if(curchar=='=') { - /* there was whitespace between the attribute and its equal - * sign, which means there's a value coming up */ - state = PRE_VAL_WS_STATE; - } else { - /* bogus char */ - *errStr = PR_smprintf("line %d: Bogus character '%c' in tag.\n", - linenum, curchar); - state = ERR_STATE; - break; - } - break; - case PRE_VAL_WS_STATE: - if(curchar=='>') { - /* premature end-of-tag (sounds like a personal problem). */ - *errStr = PR_smprintf( - "line %d: End of tag while waiting for value.\n", linenum); - state = ERR_STATE; - break; - } else if(isspace(curchar)) { - /* more whitespace, do nothing */ - break; - } else { - /* this must be some sort of value. Fall through - * to GET_VALUE_STATE */ - startID=FB_GetPointer(fb)-1; - state = GET_VALUE_STATE; - } - /* Fall through if we didn't break on '>' or whitespace */ - case GET_VALUE_STATE: - if(isspace(curchar) || curchar=='>') { - /* end of value */ - curPos = FB_GetPointer(fb)-2; - if(curPos >= startID) { - /* Grab the value */ - FB_GetRange(fb, startID, curPos, &curPair->value); - curPair->valueLine = linenum; - } else { - /* empty value, leave as NULL */ - } - if(isspace(curchar)) { - state = PRE_ATT_WS_STATE; - } else { - state = DONE_STATE; - } - } else if(curchar=='\"' || curchar=='\'') { - /* quoted value. Start recording the value inside the quote*/ - startID = FB_GetPointer(fb); - state = GET_QUOTED_VAL_STATE; - PORT_Assert(quotechar == '\0'); - quotechar = curchar; /* look for matching quote type */ - } else { - /* just more value */ - } - break; - case GET_QUOTED_VAL_STATE: - PORT_Assert(quotechar != '\0'); - if(curchar == quotechar) { - /* end of quoted value */ - curPos = FB_GetPointer(fb)-2; - if(curPos >= startID) { - /* Grab the value */ - FB_GetRange(fb, startID, curPos, &curPair->value); - curPair->valueLine = linenum; - } else { - /* empty value, leave it as NULL */ - } - state = GET_ATT_STATE; - quotechar = '\0'; - startID = FB_GetPointer(fb); - } else { - /* more quoted value, continue */ - } - break; - case DONE_STATE: - case ERR_STATE: - default: - ; /* should never get here */ - } - } - - if(state == DONE_STATE) { - /* Get the text of the tag */ - curPos = FB_GetPointer(fb)-1; - FB_GetRange(fb, startText, curPos, &ti->text); - - /* Return the tag */ - return ti; - } - - /* Uh oh, an error. Kill the tag item*/ - DestroyTagItem(ti); - return NULL; -} - -/************************************************************************ - * - * D e s t r o y H T M L I t e m - */ -static void -DestroyHTMLItem(HTMLItem *item) -{ - if(item->type == TAG_ITEM) { - DestroyTagItem(item->item.tag); - } else { - if(item->item.text) { - PR_Free(item->item.text); - } - } -} - -/************************************************************************ - * - * D e s t r o y T a g I t e m - */ -static void -DestroyTagItem(TagItem* ti) -{ - AVPair *temp; - - if(ti->text) { - PR_Free(ti->text); ti->text = NULL; - } - - while(ti->attList) { - temp = ti->attList; - ti->attList = ti->attList->next; - - if(temp->attribute) { - PR_Free(temp->attribute); temp->attribute = NULL; - } - if(temp->value) { - PR_Free(temp->value); temp->value = NULL; - } - PR_Free(temp); - } - - PR_Free(ti); -} - -/************************************************************************ - * - * G e t T a g T y p e - */ -static TAG_TYPE -GetTagType(char *att) -{ - if(!PORT_Strcasecmp(att, "APPLET")) { - return APPLET_TAG; - } - if(!PORT_Strcasecmp(att, "SCRIPT")) { - return SCRIPT_TAG; - } - if(!PORT_Strcasecmp(att, "LINK")) { - return LINK_TAG; - } - if(!PORT_Strcasecmp(att, "STYLE")) { - return STYLE_TAG; - } - return OTHER_TAG; -} - -/************************************************************************ - * - * F B _ C r e a t e - */ -static FileBuffer* -FB_Create(PRFileDesc* fd) -{ - FileBuffer *fb; - PRInt32 amountRead; - PRInt32 storedOffset; - - fb = (FileBuffer*) PR_Malloc(sizeof(FileBuffer)); - fb->fd = fd; - storedOffset = PR_Seek(fd, 0, PR_SEEK_CUR); - PR_Seek(fd, 0, PR_SEEK_SET); - fb->startOffset = 0; - amountRead = PR_Read(fd, fb->buf, FILE_BUFFER_BUFSIZE); - if(amountRead == -1) goto loser; - fb->maxIndex = amountRead-1; - fb->curIndex = 0; - fb->IsEOF = (fb->curIndex>fb->maxIndex) ? PR_TRUE : PR_FALSE; - fb->lineNum = 1; - - PR_Seek(fd, storedOffset, PR_SEEK_SET); - return fb; -loser: - PR_Seek(fd, storedOffset, PR_SEEK_SET); - PR_Free(fb); - return NULL; -} - -/************************************************************************ - * - * F B _ G e t C h a r - */ -static int -FB_GetChar(FileBuffer *fb) -{ - PRInt32 storedOffset; - PRInt32 amountRead; - int retval=-1; - - if(fb->IsEOF) { - return EOF; - } - - storedOffset = PR_Seek(fb->fd, 0, PR_SEEK_CUR); - - retval = fb->buf[fb->curIndex++]; - if(retval=='\n') fb->lineNum++; - - if(fb->curIndex > fb->maxIndex) { - /* We're at the end of the buffer. Try to get some new data from the - * file */ - fb->startOffset += fb->maxIndex+1; - PR_Seek(fb->fd, fb->startOffset, PR_SEEK_SET); - amountRead = PR_Read(fb->fd, fb->buf, FILE_BUFFER_BUFSIZE); - if(amountRead==-1) goto loser; - fb->maxIndex = amountRead-1; - fb->curIndex = 0; - } - - fb->IsEOF = (fb->curIndex > fb->maxIndex) ? PR_TRUE : PR_FALSE; - -loser: - PR_Seek(fb->fd, storedOffset, PR_SEEK_SET); - return retval; -} - -/************************************************************************ - * - * F B _ G e t L i n e N u m - * - */ -static unsigned int -FB_GetLineNum(FileBuffer *fb) -{ - return fb->lineNum; -} - -/************************************************************************ - * - * F B _ G e t P o i n t e r - * - */ -static PRInt32 -FB_GetPointer(FileBuffer *fb) -{ - return fb->startOffset + fb->curIndex; -} - -/************************************************************************ - * - * F B _ G e t R a n g e - * - */ -static PRInt32 -FB_GetRange(FileBuffer *fb, PRInt32 start, PRInt32 end, char **buf) -{ - PRInt32 amountRead; - PRInt32 storedOffset; - - *buf = PR_Malloc(end-start+2); - if(*buf == NULL) { - return 0; - } - - storedOffset = PR_Seek(fb->fd, 0, PR_SEEK_CUR); - PR_Seek(fb->fd, start, PR_SEEK_SET); - amountRead = PR_Read(fb->fd, *buf, end-start+1); - PR_Seek(fb->fd, storedOffset, PR_SEEK_SET); - if(amountRead == -1) { - PR_Free(*buf); - *buf = NULL; - return 0; - } - - (*buf)[end-start+1] = '\0'; - return amountRead; -} - - -/************************************************************************ - * - * F B _ D e s t r o y - * - */ -static void -FB_Destroy(FileBuffer *fb) -{ - if(fb) { - PR_Free(fb); - } -} - -/************************************************************************ - * - * P r i n t T a g I t e m - * - */ -static void -PrintTagItem(PRFileDesc *fd, TagItem *ti) -{ - AVPair *pair; - - PR_fprintf(fd, "TAG:\n----\nType: "); - switch(ti->type) { - case APPLET_TAG: - PR_fprintf(fd, "applet\n"); - break; - case SCRIPT_TAG: - PR_fprintf(fd, "script\n"); - break; - case LINK_TAG: - PR_fprintf(fd, "link\n"); - break; - case STYLE_TAG: - PR_fprintf(fd, "style\n"); - break; - case COMMENT_TAG: - PR_fprintf(fd, "comment\n"); - break; - case OTHER_TAG: - default: - PR_fprintf(fd, "other\n"); - break; - } - - PR_fprintf(fd, "Attributes:\n"); - for(pair = ti->attList; pair; pair=pair->next) { - PR_fprintf(fd, "\t%s=%s\n", pair->attribute, - pair->value ? pair->value : ""); - } - PR_fprintf(fd, "Text:%s\n", ti->text ? ti->text : ""); - - PR_fprintf(fd, "---End of tag---\n"); -} - - -/************************************************************************ - * - * P r i n t H T M L S t r e a m - * - */ -static void -PrintHTMLStream(PRFileDesc *fd, HTMLItem *head) -{ - while(head) { - if(head->type==TAG_ITEM) { - PrintTagItem(fd, head->item.tag); - } else { - PR_fprintf(fd, "\nTEXT:\n-----\n%s\n-----\n\n", head->item.text); - } - head = head->next; - } -} - -/************************************************************************ - * - * S a v e I n l i n e S c r i p t - * - */ -static int -SaveInlineScript(char *text, char *id, char *basedir, char *archiveDir) -{ - char *filename=NULL; - PRFileDesc *fd=NULL; - int retval = -1; - PRInt32 writeLen; - char *ilDir=NULL; - - if(!text || !id || !archiveDir) { - return -1; - } - - if(dumpParse) { - PR_fprintf(outputFD, "SaveInlineScript: text=%s, id=%s, \n" - "basedir=%s, archiveDir=%s\n", - text, id, basedir, archiveDir); - } - - /* Make sure the archive directory is around */ - if(ensureExists(basedir, archiveDir) != PR_SUCCESS) { - PR_fprintf(errorFD, - "ERROR: Unable to create archive directory %s.\n", archiveDir); - errorCount++; - return -1; - } - - /* Make sure the inline script directory is around */ - ilDir = PR_smprintf("%s/inlineScripts", archiveDir); - scriptdir = "inlineScripts"; - if(ensureExists(basedir, ilDir) != PR_SUCCESS) { - PR_fprintf(errorFD, - "ERROR: Unable to create directory %s.\n", ilDir); - errorCount++; - return -1; - } - - filename = PR_smprintf("%s/%s/%s", basedir, ilDir, id); - - /* If the file already exists, give a warning, then blow it away */ - if(PR_Access(filename, PR_ACCESS_EXISTS) == PR_SUCCESS) { - PR_fprintf(errorFD, - "warning: file \"%s\" already exists--will overwrite.\n", - filename); - warningCount++; - if(rm_dash_r(filename)) { - PR_fprintf(errorFD, - "ERROR: Unable to delete %s.\n", filename); - errorCount++; - goto finish; - } - } - - /* Write text into file with name id */ - fd = PR_Open(filename, PR_WRONLY|PR_CREATE_FILE|PR_TRUNCATE, 0777); - if(!fd) { - PR_fprintf(errorFD, "ERROR: Unable to create file \"%s\".\n", - filename); - errorCount++; - goto finish; - } - writeLen = strlen(text); - if( PR_Write(fd, text, writeLen) != writeLen) { - PR_fprintf(errorFD, "ERROR: Unable to write to file \"%s\".\n", - filename); - errorCount++; - goto finish; - } - - retval = 0; -finish: - if(filename) { - PR_smprintf_free(filename); - } - if(ilDir) { - PR_smprintf_free(ilDir); - } - if(fd) { - PR_Close(fd); - } - return retval; -} - -/************************************************************************ - * - * S a v e U n n a m a b l e S c r i p t - * - */ -static int -SaveUnnamableScript(char *text, char *basedir, char *archiveDir, - char *HTMLfilename) -{ - char *id=NULL; - char *ext=NULL; - char *start=NULL; - int retval = -1; - - if(!text || !archiveDir || !HTMLfilename) { - return -1; - } - - if(dumpParse) { - PR_fprintf(outputFD, "SaveUnnamableScript: text=%s, basedir=%s,\n" - "archiveDir=%s, filename=%s\n", text, basedir, archiveDir, - HTMLfilename); - } - - /* Construct the filename */ - ext = PL_strrchr(HTMLfilename, '.'); - if(ext) { - *ext = '\0'; - } - for(start=HTMLfilename; strpbrk(start, "/\\"); - start=strpbrk(start, "/\\")+1); - if(*start=='\0') start = HTMLfilename; - id = PR_smprintf("_%s%d", start, idOrdinal++); - if(ext) { - *ext = '.'; - } - - /* Now call SaveInlineScript to do the work */ - retval = SaveInlineScript(text, id, basedir, archiveDir); - - PR_Free(id); - - return retval; -} - -/************************************************************************ - * - * S a v e S o u r c e - * - */ -static int -SaveSource(char *src, char *codebase, char *basedir, char *archiveDir) -{ - char *from=NULL, *to=NULL; - int retval = -1; - char *arcDir=NULL; - - if(!src || !archiveDir) { - return -1; - } - - if(dumpParse) { - PR_fprintf(outputFD, "SaveSource: src=%s, codebase=%s, basedir=%s,\n" - "archiveDir=%s\n", src, codebase, basedir, archiveDir); - } - - if(codebase) { - arcDir = PR_smprintf("%s/%s/%s/", basedir, codebase, archiveDir); - } else { - arcDir = PR_smprintf("%s/%s/", basedir, archiveDir); - } - - if(codebase) { - from = PR_smprintf("%s/%s/%s", basedir, codebase, src); - to = PR_smprintf("%s%s", arcDir, src); - } else { - from = PR_smprintf("%s/%s", basedir, src); - to = PR_smprintf("%s%s", arcDir, src); - } - - if(make_dirs(to, 0777)) { - PR_fprintf(errorFD, - "ERROR: Unable to create archive directory %s.\n", archiveDir); - errorCount++; - goto finish; - } - - retval = copyinto(from, to); -finish: - if(from) PR_Free(from); - if(to) PR_Free(to); - if(arcDir) PR_Free(arcDir); - return retval; -} - -/************************************************************************ - * - * T a g T y p e T o S t r i n g - * - */ -char * -TagTypeToString(TAG_TYPE type) -{ - switch(type) { - case APPLET_TAG: - return "APPLET"; - case SCRIPT_TAG: - return "SCRIPT"; - case LINK_TAG: - return "LINK"; - case STYLE_TAG: - return "STYLE"; - default: - break; - } - return "unknown"; -} - -/************************************************************************ - * - * e x t r a c t _ j s - * - */ -static int -extract_js(char *filename) -{ - PRFileDesc *fd=NULL; - FileBuffer *fb=NULL; - HTML_STATE state; - int curchar; - HTMLItem *head = NULL; - HTMLItem *tail = NULL; - PRInt32 textStart; - PRInt32 curOffset; - TagItem *tagp=NULL; - char *text=NULL; - HTMLItem *curitem=NULL; - int retval = -1; - char *tagerr=NULL; - unsigned int linenum, startLine; - char *archiveDir=NULL, *firstArchiveDir=NULL; - HTMLItem *styleList, *styleListTail; - HTMLItem *entityList, *entityListTail; - char *basedir=NULL; - - styleList = entityList = styleListTail = entityListTail = NULL; - - /* Initialize the implicit ID counter for each file */ - idOrdinal = 0; - - /* - * First, parse the HTML into a stream of tags and text. - */ - - fd = PR_Open(filename, PR_RDONLY, 0); - if(!fd) { - PR_fprintf(errorFD, "Unable to open %s for reading.\n", filename); - errorCount++; - return -1; - } - - /* Construct base directory of filename. */ - { - char *cp; - - basedir = PL_strdup(filename); - - /* Remove trailing slashes */ - while( (cp = PL_strprbrk(basedir, "/\\")) == - (basedir + strlen(basedir) - 1)) { - *cp = '\0'; - } - - /* Now remove everything from the last slash (which will be followed - * by a filename) to the end */ - cp = PL_strprbrk(basedir, "/\\"); - if(cp) { - *cp = '\0'; - } - } - - state = TEXT_HTML_STATE; - - fb = FB_Create(fd); - - textStart=0; - startLine = 0; - while(linenum=FB_GetLineNum(fb), (curchar = FB_GetChar(fb)) != EOF) { - switch(state) { - case TEXT_HTML_STATE: - if(curchar == '<') { - /* - * Found a tag - */ - /* Save the text so far to a new text item */ - curOffset = FB_GetPointer(fb)-2; - if(curOffset >= textStart) { - if(FB_GetRange(fb, textStart, curOffset, &text) != - curOffset-textStart+1) { - PR_fprintf(errorFD, - "Unable to read from %s.\n", filename); - errorCount++; - goto loser; - } - /* little fudge here. If the first character on a line - * is '<', meaning a new tag, the preceding text item - * actually ends on the previous line. In this case - * we will be saying that the text segment ends on the - * next line. I don't think this matters for text items. */ - curitem = CreateTextItem(text, startLine, linenum); - text = NULL; - if(tail == NULL) { - head = tail = curitem; - } else { - tail->next = curitem; - tail = curitem; - } - } - - /* Process the tag */ - tagp = ProcessTag(fb, &tagerr); - if(!tagp) { - if(tagerr) { - PR_fprintf(errorFD, "Error in file %s: %s\n", - filename, tagerr); - errorCount++; - } else { - PR_fprintf(errorFD, - "Error in file %s, in tag starting at line %d\n", - filename, linenum); - errorCount++; - } - goto loser; - } - /* Add the tag to the list */ - curitem = CreateTagItem(tagp, linenum, FB_GetLineNum(fb)); - if(tail == NULL) { - head = tail = curitem; - } else { - tail->next = curitem; - tail = curitem; - } - - /* What's the next state */ - if(tagp->type == SCRIPT_TAG) { - state = SCRIPT_HTML_STATE; - } - - /* Start recording text from the new offset */ - textStart = FB_GetPointer(fb); - startLine = FB_GetLineNum(fb); - } else { - /* regular character. Next! */ - } - break; - case SCRIPT_HTML_STATE: - if(curchar == '<') { - char *cp; - /* - * If this is a </script> tag, then we're at the end of the - * script. Otherwise, ignore - */ - curOffset = FB_GetPointer(fb)-1; - cp = NULL; - if(FB_GetRange(fb, curOffset, curOffset+8, &cp) != 9) { - if(cp) { PR_Free(cp); cp = NULL; } - } else { - /* compare the strings */ - if( !PORT_Strncasecmp(cp, "</script>", 9) ) { - /* This is the end of the script. Record the text. */ - curOffset--; - if(curOffset >= textStart) { - if(FB_GetRange(fb, textStart, curOffset, &text) != - curOffset-textStart+1) { - PR_fprintf(errorFD, - "Unable to read from %s.\n", filename); - errorCount++; - goto loser; - } - curitem = CreateTextItem(text, startLine, linenum); - text = NULL; - if(tail == NULL) { - head = tail = curitem; - } else { - tail->next = curitem; - tail = curitem; - } - } - - /* Now parse the /script tag and put it on the list */ - tagp = ProcessTag(fb, &tagerr); - if(!tagp) { - if(tagerr) { - PR_fprintf(errorFD, - "Error in file %s: %s\n", filename, tagerr); - } else { - PR_fprintf(errorFD, - "Error in file %s, in tag starting at" - " line %d\n", filename, linenum); - } - errorCount++; - goto loser; - } - curitem = CreateTagItem(tagp, linenum, - FB_GetLineNum(fb)); - if(tail == NULL) { - head = tail = curitem; - } else { - tail->next = curitem; - tail = curitem; - } - - /* go back to text state */ - state = TEXT_HTML_STATE; - - textStart = FB_GetPointer(fb); - startLine = FB_GetLineNum(fb); - } - } - } - break; - } - } - - /* End of the file. Wrap up any remaining text */ - if(state == SCRIPT_HTML_STATE) { - if(tail && tail->type==TAG_ITEM) { - PR_fprintf(errorFD, "ERROR: <SCRIPT> tag at %s:%d is not followed " - "by a </SCRIPT> tag.\n", filename, tail->startLine); - } else { - PR_fprintf(errorFD, "ERROR: <SCRIPT> tag in file %s is not followed" - " by a </SCRIPT tag.\n", filename); - } - errorCount++; - goto loser; - } - curOffset = FB_GetPointer(fb)-1; - if(curOffset >= textStart) { - text = NULL; - if( FB_GetRange(fb, textStart, curOffset, &text) != - curOffset-textStart+1) { - PR_fprintf(errorFD, "Unable to read from %s.\n", filename); - errorCount++; - goto loser; - } - curitem = CreateTextItem(text, startLine, linenum); - text = NULL; - if(tail == NULL) { - head = tail = curitem; - } else { - tail->next = curitem; - tail = curitem; - } - } - - if(dumpParse) { - PrintHTMLStream(outputFD, head); - } - - - - - /* - * Now we have a stream of tags and text. Go through and deal with each. - */ - for(curitem = head; curitem; curitem = curitem->next) { - TagItem *tagp=NULL; - AVPair *pairp=NULL; - char *src=NULL, *id=NULL, *codebase=NULL; - PRBool hasEventHandler=PR_FALSE; - int i; - - /* Reset archive directory for each tag */ - if(archiveDir) { - PR_Free(archiveDir); archiveDir = NULL; - } - - /* We only analyze tags */ - if(curitem->type != TAG_ITEM) { - continue; - } - - tagp = curitem->item.tag; - - /* go through the attributes to get information */ - for(pairp=tagp->attList; pairp; pairp=pairp->next) { - - /* ARCHIVE= */ - if( !PL_strcasecmp(pairp->attribute, "archive")) { - if(archiveDir) { - /* Duplicate attribute. Print warning */ - PR_fprintf(errorFD, - "warning: \"%s\" attribute overwrites previous attribute" - " in tag starting at %s:%d.\n", - pairp->attribute, filename, curitem->startLine); - warningCount++; - PR_Free(archiveDir); - } - archiveDir = PL_strdup(pairp->value); - - /* Substiture ".arc" for ".jar" */ - if( (PL_strlen(archiveDir)<4) || - PL_strcasecmp((archiveDir+strlen(archiveDir)-4), ".jar")){ - PR_fprintf(errorFD, - "warning: ARCHIVE attribute should end in \".jar\" in tag" - " starting on %s:%d.\n", filename, curitem->startLine); - warningCount++; - PR_Free(archiveDir); - archiveDir = PR_smprintf("%s.arc", archiveDir); - } else { - PL_strcpy(archiveDir+strlen(archiveDir)-4, ".arc"); - } - - /* Record the first archive. This will be used later if - * the archive is not specified */ - if(firstArchiveDir == NULL) { - firstArchiveDir = PL_strdup(archiveDir); - } - } - - /* CODEBASE= */ - else if( !PL_strcasecmp(pairp->attribute, "codebase")) { - if(codebase) { - /* Duplicate attribute. Print warning */ - PR_fprintf(errorFD, - "warning: \"%s\" attribute overwrites previous attribute" - " in tag staring at %s:%d.\n", - pairp->attribute, filename, curitem->startLine); - warningCount++; - } - codebase = pairp->value; - } - - /* SRC= and HREF= */ - else if( !PORT_Strcasecmp(pairp->attribute, "src") || - !PORT_Strcasecmp(pairp->attribute, "href") ) { - if(src) { - /* Duplicate attribute. Print warning */ - PR_fprintf(errorFD, - "warning: \"%s\" attribute overwrites previous attribute" - " in tag staring at %s:%d.\n", - pairp->attribute, filename, curitem->startLine); - warningCount++; - } - src = pairp->value; - } - - /* CODE= */ - else if(!PORT_Strcasecmp(pairp->attribute, "code") ) { - /*!!!XXX Change PORT to PL all over this code !!! */ - if(src) { - /* Duplicate attribute. Print warning */ - PR_fprintf(errorFD, - "warning: \"%s\" attribute overwrites previous attribute" - " ,in tag staring at %s:%d.\n", - pairp->attribute, filename, curitem->startLine); - warningCount++; - } - src = pairp->value; - - /* Append a .class if one is not already present */ - if( (PL_strlen(src)<6) || - PL_strcasecmp( (src + PL_strlen(src) - 6), ".class") ) { - src = PR_smprintf("%s.class", src); - /* Put this string back into the data structure so it - * will be deallocated properly */ - PR_Free(pairp->value); - pairp->value = src; - } - } - - /* ID= */ - else if (!PL_strcasecmp(pairp->attribute, "id") ) { - if(id) { - /* Duplicate attribute. Print warning */ - PR_fprintf(errorFD, - "warning: \"%s\" attribute overwrites previous attribute" - " in tag staring at %s:%d.\n", - pairp->attribute, filename, curitem->startLine); - warningCount++; - } - id = pairp->value; - } - - /* STYLE= */ - /* style= attributes, along with JS entities, are stored into - * files with dynamically generated names. The filenames are - * based on the order in which the text is found in the file. - * All JS entities on all lines up to and including the line - * containing the end of the tag that has this style= attribute - * will be processed before this style=attribute. So we need - * to record the line that this _tag_ (not the attribute) ends on. - */ - else if(!PL_strcasecmp(pairp->attribute, "style") && pairp->value) { - HTMLItem *styleItem; - /* Put this item on the style list */ - styleItem = CreateTextItem(PL_strdup(pairp->value), - curitem->startLine, curitem->endLine); - if(styleListTail == NULL) { - styleList = styleListTail = styleItem; - } else { - styleListTail->next = styleItem; - styleListTail = styleItem; - } - } - - /* Event handlers */ - else { - for(i=0; i < num_handlers; i++) { - if(!PL_strcasecmp(event_handlers[i], pairp->attribute)) { - hasEventHandler = PR_TRUE; - break; - } - } - } - - /* JS Entity */ - { - char *entityStart, *entityEnd; - HTMLItem *entityItem; - - /* go through each JavaScript entity ( &{...}; ) and store it - * in the entityList. The important thing is to record what - * line number it's on, so we can get it in the right order - * in relation to style= attributes. - * Apparently, these can't flow across lines, so the start and - * end line will be the same. That helps matters. - */ - entityEnd = pairp->value; - while( entityEnd && - (entityStart = PL_strstr(entityEnd, "&{")) != NULL) { - entityStart +=2; /* point at beginning of actual entity */ - entityEnd = PL_strstr(entityStart, "}"); - if(entityEnd) { - /* Put this item on the entity list */ - *entityEnd = '\0'; - entityItem = CreateTextItem(PL_strdup(entityStart), - pairp->valueLine, pairp->valueLine); - *entityEnd = '}'; - if(entityListTail) { - entityListTail->next = entityItem; - entityListTail = entityItem; - } else { - entityList = entityListTail = entityItem; - } - } - } - } - - } - - /* If no archive was supplied, we use the first one of the file */ - if(!archiveDir && firstArchiveDir) { - archiveDir = PL_strdup(firstArchiveDir); - } - - /* If we have an event handler, we need to archive this tag */ - if(hasEventHandler) { - if(!id) { - PR_fprintf(errorFD, - "warning: tag starting at %s:%d has event handler but" - " no ID attribute. The tag will not be signed.\n", - filename, curitem->startLine); - warningCount++; - } else if(!archiveDir) { - PR_fprintf(errorFD, - "warning: tag starting at %s:%d has event handler but" - " no ARCHIVE attribute. The tag will not be signed.\n", - filename, curitem->startLine); - warningCount++; - } else { - if(SaveInlineScript(tagp->text, id, basedir, archiveDir)) { - goto loser; - } - } - } - - switch(tagp->type) { - case APPLET_TAG: - if(!src) { - PR_fprintf(errorFD, - "error: APPLET tag starting on %s:%d has no CODE " - "attribute.\n", filename, curitem->startLine); - errorCount++; - goto loser; - } else if(!archiveDir) { - PR_fprintf(errorFD, - "error: APPLET tag starting on %s:%d has no ARCHIVE " - "attribute.\n", filename, curitem->startLine); - errorCount++; - goto loser; - } else { - if(SaveSource(src, codebase, basedir, archiveDir)) { - goto loser; - } - } - break; - case SCRIPT_TAG: - case LINK_TAG: - case STYLE_TAG: - if(!archiveDir) { - PR_fprintf(errorFD, - "error: %s tag starting on %s:%d has no ARCHIVE " - "attribute.\n", TagTypeToString(tagp->type), - filename, curitem->startLine); - errorCount++; - goto loser; - } else if(src) { - if(SaveSource(src, codebase, basedir, archiveDir)) { - goto loser; - } - } else if(id) { - /* Save the next text item */ - if(!curitem->next || (curitem->next->type != TEXT_ITEM)) { - PR_fprintf(errorFD, - "warning: %s tag starting on %s:%d is not followed" - " by script text.\n", TagTypeToString(tagp->type), - filename, curitem->startLine); - warningCount++; - /* just create empty file */ - if(SaveInlineScript("", id, basedir, archiveDir)) { - goto loser; - } - } else { - curitem = curitem->next; - if(SaveInlineScript(curitem->item.text, id, basedir, - archiveDir)){ - goto loser; - } - } - } else { - /* No src or id tag--warning */ - PR_fprintf(errorFD, - "warning: %s tag starting on %s:%d has no SRC or" - " ID attributes. Will not sign.\n", - TagTypeToString(tagp->type), filename, curitem->startLine); - warningCount++; - } - break; - default: - /* do nothing for other tags */ - break; - } - - } - - /* Now deal with all the unnamable scripts */ - if(firstArchiveDir) { - HTMLItem *style, *entity; - - /* Go through the lists of JS entities and style attributes. Do them - * in chronological order within a list. Pick the list with the lower - * endLine. In case of a tie, entities come first. - */ - style = styleList; entity = entityList; - while(style || entity) { - if(!entity || (style && (style->endLine < entity->endLine))) { - /* Process style */ - SaveUnnamableScript(style->item.text, basedir, firstArchiveDir, - filename); - style=style->next; - } else { - /* Process entity */ - SaveUnnamableScript(entity->item.text, basedir, firstArchiveDir, - filename); - entity=entity->next; - } - } - } - - - retval = 0; -loser: - /* Blow away the stream */ - while(head) { - curitem = head; - head = head->next; - DestroyHTMLItem(curitem); - } - while(styleList) { - curitem = styleList; - styleList = styleList->next; - DestroyHTMLItem(curitem); - } - while(entityList) { - curitem = entityList; - entityList = entityList->next; - DestroyHTMLItem(curitem); - } - if(text) { - PR_Free(text); text=NULL; - } - if(fb) { - FB_Destroy(fb); fb=NULL; - } - if(fd) { - PR_Close(fd); - } - if(tagerr) { - PR_smprintf_free(tagerr); tagerr=NULL; - } - if(archiveDir) { - PR_Free(archiveDir); archiveDir=NULL; - } - if(firstArchiveDir) { - PR_Free(firstArchiveDir); firstArchiveDir=NULL; - } - return retval; -} - -/********************************************************************** - * - * e n s u r e E x i s t s - * - * Check for existence of indicated directory. If it doesn't exist, - * it will be created. - * Returns PR_SUCCESS if the directory is present, PR_FAILURE otherwise. - */ -static PRStatus -ensureExists (char *base, char *path) -{ - char fn [FNSIZE]; - PRDir *dir; - sprintf (fn, "%s/%s", base, path); - - /*PR_fprintf(outputFD, "Trying to open directory %s.\n", fn);*/ - - if( (dir=PR_OpenDir(fn)) ) { - PR_CloseDir(dir); - return PR_SUCCESS; - } - return PR_MkDir(fn, 0777); -} - -/*************************************************************************** - * - * m a k e _ d i r s - * - * Ensure that the directory portion of the path exists. This may require - * making the directory, and its parent, and its parent's parent, etc. - */ -static int -make_dirs(char *path, int file_perms) -{ - char *Path; - char *start; - char *sep; - int ret = 0; - PRFileInfo info; - - if(!path) { - return 0; - } - - Path = PL_strdup(path); - start = strpbrk(Path, "/\\"); - if(!start) { - return 0; - } - start++; /* start right after first slash */ - - /* Each time through the loop add one more directory. */ - while( (sep=strpbrk(start, "/\\")) ) { - *sep = '\0'; - - if( PR_GetFileInfo(Path, &info) != PR_SUCCESS) { - /* No such dir, we have to create it */ - if( PR_MkDir(Path, file_perms) != PR_SUCCESS) { - PR_fprintf(errorFD, "ERROR: Unable to create directory %s.\n", - Path); - errorCount++; - ret = -1; - goto loser; - } - } else { - /* something exists by this name, make sure it's a directory */ - if( info.type != PR_FILE_DIRECTORY ) { - PR_fprintf(errorFD, "ERROR: Unable to create directory %s.\n", - Path); - errorCount++; - ret = -1; - goto loser; - } - } - - start = sep+1; /* start after the next slash */ - *sep = '/'; - } - -loser: - PR_Free(Path); - return ret; -} - -/* - * c o p y i n t o - * - * Function to copy file "from" to path "to". - * - */ -static int -copyinto (char *from, char *to) -{ - PRInt32 num; - char buf [BUFSIZ]; - PRFileDesc *infp=NULL, *outfp=NULL; - int retval = -1; - - if ((infp = PR_Open(from, PR_RDONLY, 0777)) == NULL) { - PR_fprintf(errorFD, "ERROR: Unable to open \"%s\" for reading.\n", - from); - errorCount++; - goto finish; - } - - /* If to already exists, print a warning before deleting it */ - if(PR_Access(to, PR_ACCESS_EXISTS) == PR_SUCCESS) { - PR_fprintf(errorFD, "warning: %s already exists--will overwrite\n", - to); - warningCount++; - if(rm_dash_r(to)) { - PR_fprintf(errorFD, - "ERROR: Unable to remove %s.\n", to); - errorCount++; - goto finish; - } - } - - if ((outfp = PR_Open(to, PR_WRONLY|PR_CREATE_FILE|PR_TRUNCATE, 0777)) - == NULL) { - char *errBuf=NULL; - - errBuf = PR_Malloc(PR_GetErrorTextLength()); - PR_fprintf(errorFD, "ERROR: Unable to open \"%s\" for writing.\n", - to); - if(PR_GetErrorText(errBuf)) { - PR_fprintf(errorFD, "Cause: %s\n", errBuf); - } - if(errBuf) { - PR_Free(errBuf); - } - errorCount++; - goto finish; - } - - while( (num = PR_Read(infp, buf, BUFSIZ)) >0) { - if(PR_Write(outfp, buf, num) != num) { - PR_fprintf(errorFD, "ERROR: Error writing to %s.\n", to); - errorCount++; - goto finish; - } - } - - retval = 0; -finish: - if(infp) PR_Close(infp); - if(outfp) PR_Close(outfp); - - return retval; -} diff --git a/security/nss/cmd/signtool/list.c b/security/nss/cmd/signtool/list.c deleted file mode 100644 index 33ec93d93..000000000 --- a/security/nss/cmd/signtool/list.c +++ /dev/null @@ -1,278 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -#include "signtool.h" -#include "pk11func.h" -#include "certdb.h" - -static int num_trav_certs = 0; -static SECStatus cert_trav_callback(CERTCertificate *cert, SECItem *k, - void *data); - -/********************************************************************* - * - * L i s t C e r t s - */ -int -ListCerts(char *key, int list_certs) -{ - int failed = 0; - SECStatus rv; - char *ugly_list; - CERTCertDBHandle *db; - - CERTCertificate *cert; - CERTVerifyLog errlog; - - errlog.arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if( errlog.arena == NULL) { - out_of_memory(); - } - errlog.head = NULL; - errlog.tail = NULL; - errlog.count = 0; - - ugly_list = PORT_ZAlloc (16); - - if (ugly_list == NULL) { - out_of_memory(); - } - - *ugly_list = 0; - - db= CERT_GetDefaultCertDB(); - - if (list_certs == 2) { - PR_fprintf(outputFD, "\nS Certificates\n"); - PR_fprintf(outputFD, "- ------------\n"); - } else { - PR_fprintf(outputFD, "\nObject signing certificates\n"); - PR_fprintf(outputFD, "---------------------------------------\n"); - } - - num_trav_certs = 0; - - /* Traverse non-internal DBs */ - rv = PK11_TraverseSlotCerts(cert_trav_callback, (void*)&list_certs, - NULL /*wincx*/); - - if (rv) { - PR_fprintf(outputFD, "**Traverse of non-internal DBs failed**\n"); - return -1; - } - - if (num_trav_certs == 0) { - PR_fprintf(outputFD, - "You don't appear to have any object signing certificates.\n"); - } - - if (list_certs == 2) { - PR_fprintf(outputFD, "- ------------\n"); - } else { - PR_fprintf(outputFD, "---------------------------------------\n"); - } - - if (list_certs == 1) { - PR_fprintf(outputFD, - "For a list including CA's, use \"%s -L\"\n", PROGRAM_NAME); - } - - if(list_certs == 2) { - PR_fprintf(outputFD, - "Certificates that can be used to sign objects have *'s to " - "their left.\n"); - } - - if (key) { - /* Do an analysis of the given cert */ - - cert = PK11_FindCertFromNickname(key, NULL /*wincx*/); - - if (cert) { - PR_fprintf(outputFD, - "\nThe certificate with nickname \"%s\" was found:\n", - cert->nickname); - PR_fprintf(outputFD, - "\tsubject name: %s\n", cert->subjectName); - PR_fprintf(outputFD, - "\tissuer name: %s\n", cert->issuerName); - - PR_fprintf(outputFD, "\n"); - - rv = CERT_CertTimesValid (cert); - if(rv != SECSuccess) { - PR_fprintf(outputFD, "**This certificate is expired**\n"); - } else { - PR_fprintf(outputFD, "This certificate is not expired.\n"); - } - - rv = CERT_VerifyCert (db, cert, PR_TRUE, - certUsageObjectSigner, PR_Now(), NULL, &errlog); - - if (rv != SECSuccess) { - failed = 1; - if(errlog.count > 0) { - PR_fprintf(outputFD, - "**Certificate validation failed for the " - "following reason(s):**\n"); - } else { - PR_fprintf(outputFD, "**Certificate validation failed**"); - } - } else { - PR_fprintf(outputFD, "This certificate is valid.\n"); - } - displayVerifyLog(&errlog); - - - } else { - failed = 1; - PR_fprintf(outputFD, - "The certificate with nickname \"%s\" was NOT FOUND\n", - key); - } - } - - if(errlog.arena != NULL) { - PORT_FreeArena(errlog.arena, PR_FALSE); - } - - if (failed) { - return -1; - } - return 0; -} - -/******************************************************************** - * - * c e r t _ t r a v _ c a l l b a c k - */ -static SECStatus -cert_trav_callback(CERTCertificate *cert, SECItem *k, void *data) -{ - int isSigningCert; - int list_certs = 1; - - char *name, *issuerCN, *expires; - CERTCertificate *issuerCert = NULL; - - if(data) { - list_certs = *((int*)data); - } - - if (cert->nickname) - { - name = cert->nickname; - - isSigningCert = cert->nsCertType & NS_CERT_TYPE_OBJECT_SIGNING; - issuerCert = CERT_FindCertIssuer (cert, PR_Now(), certUsageObjectSigner); - issuerCN = CERT_GetCommonName (&cert->issuer); - - if (!isSigningCert && list_certs == 1) - return (SECSuccess); - - /* Add this name or email to list */ - - if (name) - { - int rv; - - num_trav_certs++; - if(list_certs == 2) { - PR_fprintf(outputFD, "%s ", isSigningCert ? "*" : " "); - } - PR_fprintf(outputFD, "%s\n", name); - - if (list_certs == 1) - { - if(issuerCert == NULL) { - PR_fprintf(outputFD, - "\t++ Error ++ Unable to find issuer certificate\n"); - return SECSuccess; /*function was a success even if cert is bogus*/ - } - if (issuerCN == NULL) - PR_fprintf(outputFD, " Issued by: %s\n", issuerCert->nickname); - else - PR_fprintf(outputFD, - " Issued by: %s (%s)\n", issuerCert->nickname, issuerCN); - - expires = DER_UTCDayToAscii (&cert->validity.notAfter); - - if (expires) - PR_fprintf(outputFD, " Expires: %s\n", expires); - - rv = CERT_CertTimesValid (cert); - - if (rv != SECSuccess) - PR_fprintf(outputFD, " ++ Error ++ THIS CERTIFICATE IS EXPIRED\n"); - - if (rv == SECSuccess) - { - rv = CERT_VerifyCertNow (cert->dbhandle, cert, - PR_TRUE, certUsageObjectSigner, NULL); - - if (rv != SECSuccess) - { - rv = PORT_GetError(); - PR_fprintf(outputFD, - " ++ Error ++ THIS CERTIFICATE IS NOT VALID (%s)\n", - secErrorString(rv)); } - } - - expires = DER_UTCDayToAscii (&issuerCert->validity.notAfter); - if (expires == NULL) expires = "(unknown)"; - - rv = CERT_CertTimesValid (issuerCert); - - if (rv != SECSuccess) - PR_fprintf(outputFD, - " ++ Error ++ ISSUER CERT \"%s\" EXPIRED ON %s\n", - issuerCert->nickname, expires); - - if (rv == SECSuccess) - { - rv = CERT_VerifyCertNow (issuerCert->dbhandle, issuerCert, - PR_TRUE, certUsageVerifyCA, NULL); - if (rv != SECSuccess) - { - rv = PORT_GetError(); - PR_fprintf(outputFD, - " ++ Error ++ ISSUER CERT \"%s\" IS NOT VALID (%s)\n", issuerCert->nickname, secErrorString(rv)); - } - } - } - } - } - - return (SECSuccess); -} - diff --git a/security/nss/cmd/signtool/manifest.mn b/security/nss/cmd/signtool/manifest.mn deleted file mode 100644 index 448734056..000000000 --- a/security/nss/cmd/signtool/manifest.mn +++ /dev/null @@ -1,57 +0,0 @@ -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -CORE_DEPTH = ../../.. - -MODULE = nss - -EXPORTS = - -CSRCS = signtool.c \ - certgen.c \ - javascript.c \ - list.c \ - sign.c \ - util.c \ - verify.c \ - zip.c \ - $(NULL) - -PROGRAM = signtool - -REQUIRES = dbm seccmd - -DEFINES += -DNSPR20 - -USE_STATIC_LIBS = 1 - -EXTRA_LIBS = $(JAR_LIBS) diff --git a/security/nss/cmd/signtool/sign.c b/security/nss/cmd/signtool/sign.c deleted file mode 100644 index 59323c92d..000000000 --- a/security/nss/cmd/signtool/sign.c +++ /dev/null @@ -1,861 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -#include "signtool.h" -#include "zip.h" -#include "prmem.h" -#include "blapi.h" -#include "sechash.h" /* for HASH_GetHashObject() */ - -static int create_pk7 (char *dir, char *keyName, int *keyType); -static int jar_find_key_type (CERTCertificate *cert); -static int manifesto (char *dirname, char *install_script, PRBool recurse); -static int manifesto_fn(char *relpath, char *basedir, char *reldir, - char *filename, void *arg); -static int sign_all_arc_fn(char *relpath, char *basedir, char *reldir, - char *filename, void *arg); -static int add_meta (FILE *fp, char *name); -static int SignFile (FILE *outFile, FILE *inFile, CERTCertificate *cert); -static int generate_SF_file (char *manifile, char *who); -static int calculate_MD5_range (FILE *fp, long r1, long r2, JAR_Digest *dig); -static void SignOut (void *arg, const char *buf, unsigned long len); - -static char *metafile = NULL; -static int optimize = 0; -static FILE *mf; -static ZIPfile *zipfile=NULL; - -/* - * S i g n A r c h i v e - * - * Sign an individual archive tree. A directory - * called META-INF is created underneath this. - * - */ -int -SignArchive(char *tree, char *keyName, char *zip_file, int javascript, - char *meta_file, char *install_script, int _optimize, PRBool recurse) -{ - int status; - char tempfn [FNSIZE], fullfn [FNSIZE]; - int keyType = rsaKey; - - metafile = meta_file; - optimize = _optimize; - - if(zip_file) { - zipfile = JzipOpen(zip_file, NULL /*no comment*/); - } - - manifesto (tree, install_script, recurse); - - if (keyName) - { - status = create_pk7 (tree, keyName, &keyType); - if (status < 0) - { - PR_fprintf(errorFD, "the tree \"%s\" was NOT SUCCESSFULLY SIGNED\n", tree); - errorCount++; - exit (ERRX); - } - } - - /* mf to zip */ - - strcpy (tempfn, "META-INF/manifest.mf"); - sprintf (fullfn, "%s/%s", tree, tempfn); - JzipAdd(fullfn, tempfn, zipfile, compression_level); - - /* sf to zip */ - - sprintf (tempfn, "META-INF/%s.sf", base); - sprintf (fullfn, "%s/%s", tree, tempfn); - JzipAdd(fullfn, tempfn, zipfile, compression_level); - - /* rsa/dsa to zip */ - - sprintf (tempfn, "META-INF/%s.%s", base, (keyType==dsaKey ? "dsa" : "rsa")); - sprintf (fullfn, "%s/%s", tree, tempfn); - JzipAdd(fullfn, tempfn, zipfile, compression_level); - - JzipClose(zipfile); - - if(verbosity >= 0) { - if (javascript) { - PR_fprintf(outputFD,"jarfile \"%s\" signed successfully\n", - zip_file); - } else { - PR_fprintf(outputFD, "tree \"%s\" signed successfully\n", tree); - } - } - - return 0; -} - -typedef struct { - char *keyName; - int javascript; - char *metafile; - char *install_script; - int optimize; -} SignArcInfo; - -/* - * S i g n A l l A r c - * - * Javascript may generate multiple .arc directories, one - * for each jar archive needed. Sign them all. - * - */ -int -SignAllArc(char *jartree, char *keyName, int javascript, char *metafile, - char *install_script, int optimize, PRBool recurse) -{ - SignArcInfo info; - - info.keyName = keyName; - info.javascript = javascript; - info.metafile = metafile; - info.install_script = install_script; - info.optimize = optimize; - - return foreach(jartree, "", sign_all_arc_fn, recurse, - PR_TRUE /*include dirs*/, (void*)&info); -} - -static int -sign_all_arc_fn(char *relpath, char *basedir, char *reldir, char *filename, - void *arg) -{ - char *zipfile=NULL; - char *arc=NULL, *archive=NULL; - int retval=0; - SignArcInfo *infop = (SignArcInfo*)arg; - - /* Make sure there is one and only one ".arc" in the relative path, - * and that it is at the end of the path (don't sign .arcs within .arcs) */ - if ( (PL_strcaserstr(relpath, ".arc") == relpath + strlen(relpath) - 4) && - (PL_strcasestr(relpath, ".arc") == relpath + strlen(relpath) - 4) ) { - - if(!infop) { - PR_fprintf(errorFD, "%s: Internal failure\n", PROGRAM_NAME); - errorCount++; - retval = -1; - goto finish; - } - archive = PR_smprintf("%s/%s", basedir, relpath); - - zipfile = PL_strdup(archive); - arc = PORT_Strrchr (zipfile, '.'); - - if (arc == NULL) { - PR_fprintf(errorFD, "%s: Internal failure\n", PROGRAM_NAME); - errorCount++; - retval = -1; - goto finish; - } - - PL_strcpy (arc, ".jar"); - - if(verbosity >= 0) { - PR_fprintf(outputFD, "\nsigning: %s\n", zipfile); - } - retval = SignArchive(archive, infop->keyName, zipfile, - infop->javascript, infop->metafile, infop->install_script, - infop->optimize, PR_TRUE /* recurse */); - } -finish: - if(archive) PR_Free(archive); - if(zipfile) PR_Free(zipfile); - - return retval; -} - -/********************************************************************* - * - * c r e a t e _ p k 7 - */ -static int -create_pk7 (char *dir, char *keyName, int *keyType) -{ - int status = 0; - char *file_ext; - - CERTCertificate *cert; - CERTCertDBHandle *db; - - FILE *in, *out; - - char sf_file [FNSIZE]; - char pk7_file [FNSIZE]; - - - /* open cert database */ - db = CERT_GetDefaultCertDB(); - - if (db == NULL) - return -1; - - - /* find cert */ - /*cert = CERT_FindCertByNicknameOrEmailAddr(db, keyName);*/ - cert = PK11_FindCertFromNickname(keyName, NULL /*wincx*/); - - if (cert == NULL) - { - SECU_PrintError - ( - PROGRAM_NAME, - "the cert \"%s\" does not exist in the database", - keyName - ); - return -1; - } - - - /* determine the key type, which sets the extension for pkcs7 object */ - - *keyType = jar_find_key_type (cert); - file_ext = (*keyType == dsaKey) ? "dsa" : "rsa"; - - sprintf (sf_file, "%s/META-INF/%s.sf", dir, base); - sprintf (pk7_file, "%s/META-INF/%s.%s", dir, base, file_ext); - - if ((in = fopen (sf_file, "rb")) == NULL) - { - PR_fprintf(errorFD, "%s: Can't open %s for reading\n", PROGRAM_NAME, sf_file); - errorCount++; - exit (ERRX); - } - - if ((out = fopen (pk7_file, "wb")) == NULL) - { - PR_fprintf(errorFD, "%s: Can't open %s for writing\n", PROGRAM_NAME, sf_file); - errorCount++; - exit (ERRX); - } - - status = SignFile (out, in, cert); - - CERT_DestroyCertificate (cert); - fclose (in); - fclose (out); - - if (status) - { - PR_fprintf(errorFD, "%s: PROBLEM signing data (%s)\n", - PROGRAM_NAME, SECU_ErrorString ((int16) PORT_GetError())); - errorCount++; - return -1; - } - - return 0; -} - -/* - * j a r _ f i n d _ k e y _ t y p e - * - * Determine the key type for a given cert, which - * should be rsaKey or dsaKey. Any error return 0. - * - */ -static int -jar_find_key_type (CERTCertificate *cert) -{ - PK11SlotInfo *slot = NULL; - SECKEYPrivateKey *privk = NULL; - KeyType keyType; - - /* determine its type */ - PK11_FindObjectForCert (cert, /*wincx*/ NULL, &slot); - - if (slot == NULL) - { - PR_fprintf(errorFD, "warning - can't find slot for this cert\n"); - warningCount++; - return 0; - } - - privk = PK11_FindPrivateKeyFromCert (slot, cert, /*wincx*/ NULL); - PK11_FreeSlot (slot); - - if (privk == NULL) - { - PR_fprintf(errorFD, "warning - can't find private key for this cert\n"); - warningCount++; - return 0; - } - - keyType = privk->keyType; - SECKEY_DestroyPrivateKey (privk); - return keyType; - } - - -/* - * m a n i f e s t o - * - * Run once for every subdirectory in which a - * manifest is to be created -- usually exactly once. - * - */ -static int -manifesto (char *dirname, char *install_script, PRBool recurse) -{ - char metadir [FNSIZE], sfname [FNSIZE]; - - /* Create the META-INF directory to hold signing info */ - - if (PR_Access (dirname, PR_ACCESS_READ_OK)) - { - PR_fprintf(errorFD, "%s: unable to read your directory: %s\n", PROGRAM_NAME, - dirname); - errorCount++; - perror (dirname); - exit (ERRX); - } - - if (PR_Access (dirname, PR_ACCESS_WRITE_OK)) { - PR_fprintf(errorFD, "%s: unable to write to your directory: %s\n", - PROGRAM_NAME, dirname); - errorCount++; - perror(dirname); - exit(ERRX); - } - - sprintf (metadir, "%s/META-INF", dirname); - - strcpy (sfname, metadir); - - PR_MkDir (metadir, 0777); - - strcat (metadir, "/"); - strcat (metadir, MANIFEST); - - if ((mf = fopen (metadir, "wb")) == NULL) - { - perror (MANIFEST); - PR_fprintf(errorFD, "%s: Probably, the directory you are trying to" - - " sign has\n", PROGRAM_NAME); - PR_fprintf(errorFD, "%s: permissions problems or may not exist.\n", - PROGRAM_NAME); - errorCount++; - exit (ERRX); - } - - if(verbosity >= 0) { - PR_fprintf(outputFD, "Generating %s file..\n", metadir); - } - - fprintf(mf, "Manifest-Version: 1.0\n"); - fprintf (mf, "Created-By: %s\n", CREATOR); - fprintf (mf, "Comments: %s\n", BREAKAGE); - - if (scriptdir) - { - fprintf (mf, "Comments: --\n"); - fprintf (mf, "Comments: --\n"); - fprintf (mf, "Comments: -- This archive signs Javascripts which may not necessarily\n"); - fprintf (mf, "Comments: -- be included in the physical jar file.\n"); - fprintf (mf, "Comments: --\n"); - fprintf (mf, "Comments: --\n"); - } - - if (install_script) - fprintf (mf, "Install-Script: %s\n", install_script); - - if (metafile) - add_meta (mf, "+"); - - /* Loop through all files & subdirectories */ - foreach (dirname, "", manifesto_fn, recurse, PR_FALSE /*include dirs */, - (void*)NULL); - - fclose (mf); - - strcat (sfname, "/"); - strcat (sfname, base); - strcat (sfname, ".sf"); - - if(verbosity >= 0) { - PR_fprintf(outputFD, "Generating %s.sf file..\n", base); - } - generate_SF_file (metadir, sfname); - - return 0; -} - -/* - * m a n i f e s t o _ f n - * - * Called by pointer from manifesto(), once for - * each file within the directory. - * - */ -static int manifesto_fn - (char *relpath, char *basedir, char *reldir, char *filename, void *arg) -{ - int use_js; - - JAR_Digest dig; - char fullname [FNSIZE]; - - if(verbosity >= 0) { - PR_fprintf(outputFD, "--> %s\n", relpath); - } - - /* extension matching */ - if(extensionsGiven) { - char *ext; - - ext = PL_strrchr(relpath, '.'); - if(!ext) { - return 0; - } else { - if(!PL_HashTableLookup(extensions, ext)) { - return 0; - } - } - } - - sprintf (fullname, "%s/%s", basedir, relpath); - - fprintf (mf, "\n"); - - use_js = 0; - - if (scriptdir && !PORT_Strcmp (scriptdir, reldir)) - use_js++; - - /* sign non-.js files inside .arc directories - using the javascript magic */ - - if ( (PL_strcaserstr(filename, ".js") != filename + strlen(filename) - 3) - && (PL_strcaserstr(reldir, ".arc") == reldir + strlen(filename)-4)) - use_js++; - - if (use_js) - { - fprintf (mf, "Name: %s\n", filename); - fprintf (mf, "Magic: javascript\n"); - - if (optimize == 0) - fprintf (mf, "javascript.id: %s\n", filename); - - if (metafile) - add_meta (mf, filename); - } - else - { - fprintf (mf, "Name: %s\n", relpath); - if (metafile) - add_meta (mf, relpath); - } - - JAR_digest_file (fullname, &dig); - - - if (optimize == 0) - { - fprintf (mf, "Digest-Algorithms: MD5 SHA1\n"); - fprintf (mf, "MD5-Digest: %s\n", BTOA_DataToAscii (dig.md5, MD5_LENGTH)); - } - - fprintf (mf, "SHA1-Digest: %s\n", BTOA_DataToAscii (dig.sha1, SHA1_LENGTH)); - - if(!use_js) { - JzipAdd(fullname, relpath, zipfile, compression_level); - } - - return 0; -} - -/* - * a d d _ m e t a - * - * Parse the metainfo file, and add any details - * necessary to the manifest file. In most cases you - * should be using the -i option (ie, for SmartUpdate). - * - */ -static int add_meta (FILE *fp, char *name) -{ - FILE *met; - char buf [BUFSIZ]; - - int place; - char *pattern, *meta; - - int num = 0; - - if ((met = fopen (metafile, "r")) != NULL) - { - while (fgets (buf, BUFSIZ, met)) - { - char *s; - - for (s = buf; *s && *s != '\n' && *s != '\r'; s++); - *s = 0; - - if (*buf == 0) - continue; - - pattern = buf; - - /* skip to whitespace */ - for (s = buf; *s && *s != ' ' && *s != '\t'; s++); - - /* terminate pattern */ - if (*s == ' ' || *s == '\t') *s++ = 0; - - /* eat through whitespace */ - while (*s == ' ' || *s == '\t') s++; - - meta = s; - - /* this will eventually be regexp matching */ - - place = 0; - if (!PORT_Strcmp (pattern, name)) - place = 1; - - if (place) - { - num++; - if(verbosity >= 0) { - PR_fprintf(outputFD, "[%s] %s\n", name, meta); - } - fprintf (fp, "%s\n", meta); - } - } - fclose (met); - } - else - { - PR_fprintf(errorFD, "%s: can't open metafile: %s\n", PROGRAM_NAME, metafile); - errorCount++; - exit (ERRX); - } - - return num; -} - -/********************************************************************** - * - * S i g n F i l e - */ -static int -SignFile (FILE *outFile, FILE *inFile, CERTCertificate *cert) -{ - int nb; - char ibuf[4096], digestdata[32]; - const SECHashObject *hashObj; - void *hashcx; - unsigned int len; - - SECItem digest; - SEC_PKCS7ContentInfo *cinfo; - SECStatus rv; - - if (outFile == NULL || inFile == NULL || cert == NULL) - return -1; - - /* XXX probably want to extend interface to allow other hash algorithms */ - hashObj = HASH_GetHashObject(HASH_AlgSHA1); - - hashcx = (* hashObj->create)(); - if (hashcx == NULL) - return -1; - - (* hashObj->begin)(hashcx); - - for (;;) - { - if (feof(inFile)) break; - nb = fread(ibuf, 1, sizeof(ibuf), inFile); - if (nb == 0) - { - if (ferror(inFile)) - { - PORT_SetError(SEC_ERROR_IO); - (* hashObj->destroy)(hashcx, PR_TRUE); - return -1; - } - /* eof */ - break; - } - (* hashObj->update)(hashcx, (unsigned char *) ibuf, nb); - } - - (* hashObj->end)(hashcx, (unsigned char *) digestdata, &len, 32); - (* hashObj->destroy)(hashcx, PR_TRUE); - - digest.data = (unsigned char *) digestdata; - digest.len = len; - - cinfo = SEC_PKCS7CreateSignedData - (cert, certUsageObjectSigner, NULL, - SEC_OID_SHA1, &digest, NULL, NULL); - - if (cinfo == NULL) - return -1; - - rv = SEC_PKCS7IncludeCertChain (cinfo, NULL); - if (rv != SECSuccess) - { - SEC_PKCS7DestroyContentInfo (cinfo); - return -1; - } - - if (no_time == 0) - { - rv = SEC_PKCS7AddSigningTime (cinfo); - if (rv != SECSuccess) - { - /* don't check error */ - } - } - - if(password) { - rv = SEC_PKCS7Encode(cinfo, SignOut, outFile, NULL, - (SECKEYGetPasswordKey) password_hardcode, NULL); - } else { - rv = SEC_PKCS7Encode(cinfo, SignOut, outFile, NULL, NULL, - NULL); - } - - - SEC_PKCS7DestroyContentInfo (cinfo); - - if (rv != SECSuccess) - return -1; - - return 0; -} - -/* - * g e n e r a t e _ S F _ f i l e - * - * From the supplied manifest file, calculates - * digests on the various sections, creating a .SF - * file in the process. - * - */ -static int generate_SF_file (char *manifile, char *who) -{ - FILE *sf; - FILE *mf; - - long r1, r2, r3; - - char whofile [FNSIZE]; - char *buf, *name = NULL; - - JAR_Digest dig; - - int line = 0; - - strcpy (whofile, who); - - if ((mf = fopen (manifile, "rb")) == NULL) - { - perror (manifile); - exit (ERRX); - } - - if ((sf = fopen (whofile, "wb")) == NULL) - { - perror (who); - exit (ERRX); - } - - buf = (char *) PORT_ZAlloc (BUFSIZ); - - if (buf) - name = (char *) PORT_ZAlloc (BUFSIZ); - - if (buf == NULL || name == NULL) - out_of_memory(); - - fprintf (sf, "Signature-Version: 1.0\n"); - fprintf (sf, "Created-By: %s\n", CREATOR); - fprintf (sf, "Comments: %s\n", BREAKAGE); - - if (fgets (buf, BUFSIZ, mf) == NULL) - { - PR_fprintf(errorFD, "%s: empty manifest file!\n", PROGRAM_NAME); - errorCount++; - exit (ERRX); - } - - if (strncmp (buf, "Manifest-Version:", 17)) - { - PR_fprintf(errorFD, "%s: not a manifest file!\n", PROGRAM_NAME); - errorCount++; - exit (ERRX); - } - - fseek (mf, 0L, SEEK_SET); - - /* Process blocks of headers, and calculate their hashen */ - - while (1) - { - /* Beginning range */ - r1 = ftell (mf); - - if (fgets (name, BUFSIZ, mf) == NULL) - break; - - line++; - - if (r1 != 0 && strncmp (name, "Name:", 5)) - { - PR_fprintf(errorFD, "warning: unexpected input in manifest file \"%s\" at line %d:\n", manifile, line); - PR_fprintf(errorFD, "%s\n", name); - warningCount++; - } - - r2 = r1; - while (fgets (buf, BUFSIZ, mf)) - { - if (*buf == 0 || *buf == '\n' || *buf == '\r') - break; - - line++; - - /* Ending range for hashing */ - r2 = ftell (mf); - } - - r3 = ftell (mf); - - if (r1) - { - fprintf (sf, "\n"); - fprintf (sf, "%s", name); - } - - calculate_MD5_range (mf, r1, r2, &dig); - - if (optimize == 0) - { - fprintf (sf, "Digest-Algorithms: MD5 SHA1\n"); - fprintf (sf, "MD5-Digest: %s\n", - BTOA_DataToAscii (dig.md5, MD5_LENGTH)); - } - - fprintf (sf, "SHA1-Digest: %s\n", - BTOA_DataToAscii (dig.sha1, SHA1_LENGTH)); - - /* restore normalcy after changing offset position */ - fseek (mf, r3, SEEK_SET); - } - - PORT_Free (buf); - PORT_Free (name); - - fclose (sf); - fclose (mf); - - return 0; -} - -/* - * c a l c u l a t e _ M D 5 _ r a n g e - * - * Calculate the MD5 digest on a range of bytes in - * the specified fopen'd file. Returns base64. - * - */ -static int -calculate_MD5_range (FILE *fp, long r1, long r2, JAR_Digest *dig) -{ - int num; - int range; - unsigned char *buf; - - MD5Context *md5 = 0; - SHA1Context *sha1 = 0; - - unsigned int sha1_length, md5_length; - - range = r2 - r1; - - /* position to the beginning of range */ - fseek (fp, r1, SEEK_SET); - - buf = (unsigned char *) PORT_ZAlloc (range); - if (buf == NULL) - out_of_memory(); - - if ((num = fread (buf, 1, range, fp)) != range) - { - PR_fprintf(errorFD, "%s: expected %d bytes, got %d\n", PROGRAM_NAME, - range, num); - errorCount++; - exit (ERRX); - } - - md5 = MD5_NewContext(); - sha1 = SHA1_NewContext(); - - if (md5 == NULL || sha1 == NULL) - { - PR_fprintf(errorFD, "%s: can't generate digest context\n", PROGRAM_NAME); - errorCount++; - exit (ERRX); - } - - MD5_Begin (md5); - SHA1_Begin (sha1); - - MD5_Update (md5, buf, range); - SHA1_Update (sha1, buf, range); - - MD5_End (md5, dig->md5, &md5_length, MD5_LENGTH); - SHA1_End (sha1, dig->sha1, &sha1_length, SHA1_LENGTH); - - MD5_DestroyContext (md5, PR_TRUE); - SHA1_DestroyContext (sha1, PR_TRUE); - - PORT_Free (buf); - - return 0; -} - -static void SignOut (void *arg, const char *buf, unsigned long len) -{ - fwrite (buf, len, 1, (FILE *) arg); -} diff --git a/security/nss/cmd/signtool/signtool.c b/security/nss/cmd/signtool/signtool.c deleted file mode 100644 index 9b7bd1ed0..000000000 --- a/security/nss/cmd/signtool/signtool.c +++ /dev/null @@ -1,1055 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -/* - * SIGNTOOL - * - * A command line tool to create manifest files - * from a directory hierarchy. It is assumed that - * the tree will be equivalent to what resides - * or will reside in an archive. - * - * - */ - -#include "nss.h" -#include "signtool.h" -#include "prmem.h" -#include "prio.h" - -/*********************************************************************** - * Global Variable Definitions - */ -char *progName; /* argv[0] */ - -/* password on command line. Use for build testing only */ -char *password = NULL; - -/* directories or files to exclude in descent */ -PLHashTable *excludeDirs = NULL; -static PRBool exclusionsGiven = PR_FALSE; - -/* zatharus is the man who knows no time, dies tragic death */ -int no_time = 0; - -/* -b basename of .rsa, .sf files */ -char *base = DEFAULT_BASE_NAME; - -/* Only sign files with this extension */ -PLHashTable *extensions=NULL; -PRBool extensionsGiven = PR_FALSE; - -char *scriptdir = NULL; - -int verbosity = 0; - -PRFileDesc *outputFD=NULL, *errorFD=NULL; - -int errorCount=0, warningCount=0; - -int compression_level=DEFAULT_COMPRESSION_LEVEL; -PRBool compression_level_specified = PR_FALSE; - -/* Command-line arguments */ -static char *genkey = NULL; -static char *verify = NULL; -static char *zipfile = NULL; -static char *cert_dir = NULL; -static int javascript = 0; -static char *jartree = NULL; -static char *keyName = NULL; -static char *metafile = NULL; -static char *install_script = NULL; -static int list_certs = 0; -static int list_modules = 0; -static int optimize = 0; -static int enableOCSP = 0; -static char *tell_who = NULL; -static char *outfile = NULL; -static char *cmdFile = NULL; -static PRBool noRecurse = PR_FALSE; -static PRBool leaveArc = PR_FALSE; -static int keySize = -1; -static char *token = NULL; - -typedef enum { - UNKNOWN_OPT, - QUESTION_OPT, - BASE_OPT, - COMPRESSION_OPT, - CERT_DIR_OPT, - EXTENSION_OPT, - INSTALL_SCRIPT_OPT, - SCRIPTDIR_OPT, - CERTNAME_OPT, - LIST_OBJSIGN_CERTS_OPT, - LIST_ALL_CERTS_OPT, - METAFILE_OPT, - OPTIMIZE_OPT, - ENABLE_OCSP_OPT, - PASSWORD_OPT, - VERIFY_OPT, - WHO_OPT, - EXCLUDE_OPT, - NO_TIME_OPT, - JAVASCRIPT_OPT, - ZIPFILE_OPT, - GENKEY_OPT, - MODULES_OPT, - NORECURSE_OPT, - SIGNDIR_OPT, - OUTFILE_OPT, - COMMAND_FILE_OPT, - LEAVE_ARC_OPT, - VERBOSITY_OPT, - KEYSIZE_OPT, - TOKEN_OPT -} OPT_TYPE; - -typedef enum { - DUPLICATE_OPTION_ERR=0, - OPTION_NEEDS_ARG_ERR -} Error; - -static char *errStrings[] = { -"warning: %s option specified more than once. Only last specification will be used.\n", -"ERROR: option \"%s\" requires an argument.\n" -}; - - -static int ProcessOneOpt(OPT_TYPE type, char *arg); - -/********************************************************************* - * - * P r o c e s s C o m m a n d F i l e - */ -int -ProcessCommandFile() -{ - PRFileDesc *fd; -#define CMD_FILE_BUFSIZE 1024 - char buf[CMD_FILE_BUFSIZE]; - char *equals; - int linenum=0; - int retval=-1; - OPT_TYPE type; - - fd = PR_Open(cmdFile, PR_RDONLY, 0777); - if(!fd) { - PR_fprintf(errorFD, "ERROR: Unable to open command file %s.\n"); - errorCount++; - return -1; - } - - while(pr_fgets(buf, CMD_FILE_BUFSIZE, fd), buf && *buf!='\0') { - char *eol; - linenum++; - - /* Chop off final newline */ - eol = PL_strchr(buf, '\r'); - if(!eol) { - eol = PL_strchr(buf, '\n'); - } - if(eol) *eol = '\0'; - - equals = PL_strchr(buf, '='); - if(!equals) { - continue; - } - - *equals = '\0'; - equals++; - - /* Now buf points to the attribute, and equals points to the value. */ - - /* This is pretty straightforward, just deal with whatever attribute - * this is */ - if(!PL_strcasecmp(buf, "basename")) { - type = BASE_OPT; - } else if(!PL_strcasecmp(buf, "compression")) { - type = COMPRESSION_OPT; - } else if(!PL_strcasecmp(buf, "certdir")) { - type = CERT_DIR_OPT; - } else if(!PL_strcasecmp(buf, "extension")) { - type = EXTENSION_OPT; - } else if(!PL_strcasecmp(buf, "generate")) { - type = GENKEY_OPT; - } else if(!PL_strcasecmp(buf, "installScript")) { - type = INSTALL_SCRIPT_OPT; - } else if(!PL_strcasecmp(buf, "javascriptdir")) { - type = SCRIPTDIR_OPT; - } else if(!PL_strcasecmp(buf, "htmldir")) { - type = JAVASCRIPT_OPT; - if(jartree) { - PR_fprintf(errorFD, - "warning: directory to be signed specified more than once." - " Only last specification will be used.\n"); - warningCount++; - PR_Free(jartree); jartree=NULL; - } - jartree = PL_strdup(equals); - } else if(!PL_strcasecmp(buf, "certname")) { - type = CERTNAME_OPT; - } else if(!PL_strcasecmp(buf, "signdir")) { - type = SIGNDIR_OPT; - } else if(!PL_strcasecmp(buf, "list")) { - type = LIST_OBJSIGN_CERTS_OPT; - } else if(!PL_strcasecmp(buf, "listall")) { - type = LIST_ALL_CERTS_OPT; - } else if(!PL_strcasecmp(buf, "metafile")) { - type = METAFILE_OPT; - } else if(!PL_strcasecmp(buf, "modules")) { - type = MODULES_OPT; - } else if(!PL_strcasecmp(buf, "optimize")) { - type = OPTIMIZE_OPT; - } else if(!PL_strcasecmp(buf, "ocsp")) { - type = ENABLE_OCSP_OPT; - } else if(!PL_strcasecmp(buf, "password")) { - type = PASSWORD_OPT; - } else if(!PL_strcasecmp(buf, "verify")) { - type = VERIFY_OPT; - } else if(!PL_strcasecmp(buf, "who")) { - type = WHO_OPT; - } else if(!PL_strcasecmp(buf, "exclude")) { - type = EXCLUDE_OPT; - } else if(!PL_strcasecmp(buf, "notime")) { - type = NO_TIME_OPT; - } else if(!PL_strcasecmp(buf, "jarfile")) { - type = ZIPFILE_OPT; - } else if(!PL_strcasecmp(buf, "outfile")) { - type = OUTFILE_OPT; - } else if(!PL_strcasecmp(buf, "leavearc")) { - type = LEAVE_ARC_OPT; - } else if(!PL_strcasecmp(buf, "verbosity")) { - type = VERBOSITY_OPT; - } else if(!PL_strcasecmp(buf, "keysize")) { - type = KEYSIZE_OPT; - } else if(!PL_strcasecmp(buf, "token")) { - type = TOKEN_OPT; - } else { - PR_fprintf(errorFD, - "warning: unknown attribute \"%s\" in command file, line %d.\n", - buf, linenum); - warningCount++; - type = UNKNOWN_OPT; - } - - /* Process the option, whatever it is */ - if(type != UNKNOWN_OPT) { - if(ProcessOneOpt(type, equals)==-1) { - goto finish; - } - } - } - - retval = 0; - -finish: - PR_Close(fd); - return retval; -} - -/********************************************************************* - * - * p a r s e _ a r g s - */ -static int -parse_args(int argc, char *argv[]) -{ - char *opt; - char *arg; - int needsInc = 0; - int i; - OPT_TYPE type; - - /* Loop over all arguments */ - for(i=1; i < argc; i++) { - opt = argv[i]; - arg = NULL; - - if(opt[0] == '-') { - if(opt[1] == '-') { - /* word option */ - if(i < argc-1) { - needsInc = 1; - arg = argv[i+1]; - } else { - arg = NULL; - } - - if( !PL_strcasecmp(opt+2, "norecurse")) { - type = NORECURSE_OPT; - } else if( !PL_strcasecmp(opt+2, "leavearc")) { - type = LEAVE_ARC_OPT; - } else if( !PL_strcasecmp(opt+2, "verbosity")) { - type = VERBOSITY_OPT; - } else if( !PL_strcasecmp(opt+2, "outfile")) { - type = OUTFILE_OPT; - } else if( !PL_strcasecmp(opt+2, "keysize")) { - type = KEYSIZE_OPT; - } else if( !PL_strcasecmp(opt+2, "token")) { - type = TOKEN_OPT; - } else { - PR_fprintf(errorFD, "warning: unknown option: %s\n", opt); - warningCount++; - type = UNKNOWN_OPT; - } - } else { - /* char option */ - if(opt[2]!='\0') { - arg = opt+2; - } else if(i < argc-1) { - needsInc = 1; - arg = argv[i+1]; - } else { - arg = NULL; - } - - switch(opt[1]) { - case '?': - type = QUESTION_OPT; - break; - case 'b': - type = BASE_OPT; - break; - case 'c': - type = COMPRESSION_OPT; - break; - case 'd': - type = CERT_DIR_OPT; - break; - case 'e': - type = EXTENSION_OPT; - break; - case 'f': - type = COMMAND_FILE_OPT; - break; - case 'i': - type = INSTALL_SCRIPT_OPT; - break; - case 'j': - type = SCRIPTDIR_OPT; - break; - case 'k': - type = CERTNAME_OPT; - break; - case 'l': - type = LIST_OBJSIGN_CERTS_OPT; - break; - case 'L': - type = LIST_ALL_CERTS_OPT; - break; - case 'm': - type = METAFILE_OPT; - break; - case 'o': - type = OPTIMIZE_OPT; - break; - case 'O': - type = ENABLE_OCSP_OPT; - break; - case 'p': - type = PASSWORD_OPT; - break; - case 'v': - type = VERIFY_OPT; - break; - case 'w': - type = WHO_OPT; - break; - case 'x': - type = EXCLUDE_OPT; - break; - case 'z': - type = NO_TIME_OPT; - break; - case 'J': - type = JAVASCRIPT_OPT; - break; - case 'Z': - type = ZIPFILE_OPT; - break; - case 'G': - type = GENKEY_OPT; - break; - case 'M': - type = MODULES_OPT; - break; - case 's': - type = KEYSIZE_OPT; - break; - case 't': - type = TOKEN_OPT; - break; - default: - type = UNKNOWN_OPT; - PR_fprintf(errorFD, "warning: unrecognized option: -%c.\n", - opt[1]); - warningCount++; - break; - } - } - } else { - type = UNKNOWN_OPT; - if(i == argc-1) { - if(jartree) { - PR_fprintf(errorFD, - "warning: directory to be signed specified more than once." - " Only last specification will be used.\n"); - warningCount++; - PR_Free(jartree); jartree = NULL; - } - jartree = PL_strdup(opt); - } else { - PR_fprintf(errorFD, "warning: unrecognized option: %s\n", opt); - warningCount++; - } - } - - if(type != UNKNOWN_OPT) { - short ateArg; - - ateArg = ProcessOneOpt(type, arg); - if(ateArg==-1) { - /* error */ - return -1; - } else if(ateArg && needsInc) { - i++; - } - } - } - - return 0; -} - -/********************************************************************* - * - * P r o c e s s O n e O p t - * - * Since options can come from different places (command file, word options, - * char options), this is a central function that is called to deal with - * them no matter where they come from. - * - * type is the type of option. - * arg is the argument to the option, possibly NULL. - * Returns 1 if the argument was eaten, 0 if it wasn't, and -1 for error. - */ -static int -ProcessOneOpt(OPT_TYPE type, char *arg) -{ - int ate=0; - - switch(type) { - case QUESTION_OPT: - usage(); - break; - case BASE_OPT: - if(base) { - PR_fprintf(errorFD, errStrings[DUPLICATE_OPTION_ERR], "-b"); - warningCount++; - PR_Free(base); base=NULL; - } - if(!arg) { - PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR], "-b"); - errorCount++; - goto loser; - } - base = PL_strdup(arg); - ate = 1; - break; - case COMPRESSION_OPT: - if(compression_level_specified) { - PR_fprintf(errorFD, errStrings[DUPLICATE_OPTION_ERR], "-c"); - warningCount++; - } - if( !arg ) { - PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR], "-c"); - errorCount++; - goto loser; - } - compression_level = atoi(arg); - compression_level_specified = PR_TRUE; - ate = 1; - break; - case CERT_DIR_OPT: - if(cert_dir) { - PR_fprintf(errorFD, errStrings[DUPLICATE_OPTION_ERR], "-d"); - warningCount++; - PR_Free(cert_dir); cert_dir = NULL; - } - if(!arg) { - PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR], "-d"); - errorCount++; - goto loser; - } - cert_dir = PL_strdup(arg); - ate = 1; - break; - case EXTENSION_OPT: - if(!arg) { - PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR], - "extension (-e)"); - errorCount++; - goto loser; - } - PL_HashTableAdd(extensions, arg, arg); - extensionsGiven = PR_TRUE; - ate = 1; - break; - case INSTALL_SCRIPT_OPT: - if(install_script) { - PR_fprintf(errorFD, errStrings[DUPLICATE_OPTION_ERR], - "installScript (-i)"); - warningCount++; - PR_Free(install_script); install_script = NULL; - } - if(!arg) { - PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR], - "installScript (-i)"); - errorCount++; - goto loser; - } - install_script = PL_strdup(arg); - ate = 1; - break; - case SCRIPTDIR_OPT: - if(scriptdir) { - PR_fprintf(errorFD, errStrings[DUPLICATE_OPTION_ERR], - "javascriptdir (-j)"); - warningCount++; - PR_Free(scriptdir); scriptdir = NULL; - } - if(!arg) { - PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR], - "javascriptdir (-j)"); - errorCount++; - goto loser; - } - scriptdir = PL_strdup(arg); - ate = 1; - break; - case CERTNAME_OPT: - if(keyName) { - PR_fprintf(errorFD, errStrings[DUPLICATE_OPTION_ERR], - "keyName (-k)"); - warningCount++; - PR_Free(keyName); keyName = NULL; - } - if(!arg) { - PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR], - "keyName (-k)"); - errorCount++; - goto loser; - } - keyName = PL_strdup(arg); - ate = 1; - break; - case LIST_OBJSIGN_CERTS_OPT: - case LIST_ALL_CERTS_OPT: - if(list_certs != 0) { - PR_fprintf(errorFD, - "warning: only one of -l and -L may be specified.\n"); - warningCount++; - } - list_certs = (type==LIST_OBJSIGN_CERTS_OPT ? 1 : 2); - break; - case METAFILE_OPT: - if(metafile) { - PR_fprintf(errorFD, errStrings[DUPLICATE_OPTION_ERR], - "metafile (-m)"); - warningCount++; - PR_Free(metafile); metafile = NULL; - } - if(!arg) { - PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR], - "metafile (-m)"); - errorCount++; - goto loser; - } - metafile = PL_strdup(arg); - ate = 1; - break; - case OPTIMIZE_OPT: - optimize = 1; - break; - case ENABLE_OCSP_OPT: - enableOCSP = 1; - break; - case PASSWORD_OPT: - if(password) { - PR_fprintf(errorFD, errStrings[DUPLICATE_OPTION_ERR], - "password (-p)"); - warningCount++; - PR_Free(password); password= NULL; - } - if(!arg) { - PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR], - "password (-p)"); - errorCount++; - goto loser; - } - password = PL_strdup(arg); - ate = 1; - break; - case VERIFY_OPT: - if(verify) { - PR_fprintf(errorFD, errStrings[DUPLICATE_OPTION_ERR], - "verify (-v)"); - warningCount++; - PR_Free(verify); verify = NULL; - } - if(!arg) { - PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR], - "verify (-v)"); - errorCount++; - goto loser; - } - verify = PL_strdup(arg); - ate = 1; - break; - case WHO_OPT: - if(tell_who) { - PR_fprintf(errorFD, errStrings[DUPLICATE_OPTION_ERR], - "who (-v)"); - warningCount++; - PR_Free(tell_who); tell_who = NULL; - } - if(!arg) { - PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR], - "who (-w)"); - errorCount++; - goto loser; - } - tell_who = PL_strdup(arg); - ate = 1; - break; - case EXCLUDE_OPT: - if(!arg) { - PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR], - "exclude (-x)"); - errorCount++; - goto loser; - } - PL_HashTableAdd(excludeDirs, arg, arg); - exclusionsGiven = PR_TRUE; - ate = 1; - break; - case NO_TIME_OPT: - no_time = 1; - break; - case JAVASCRIPT_OPT: - javascript++; - break; - case ZIPFILE_OPT: - if(zipfile) { - PR_fprintf(errorFD, errStrings[DUPLICATE_OPTION_ERR], - "jarfile (-Z)"); - warningCount++; - PR_Free(zipfile); zipfile = NULL; - } - if(!arg) { - PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR], - "jarfile (-Z)"); - errorCount++; - goto loser; - } - zipfile = PL_strdup(arg); - ate = 1; - break; - case GENKEY_OPT: - if(genkey) { - PR_fprintf(errorFD, errStrings[DUPLICATE_OPTION_ERR], - "generate (-G)"); - warningCount++; - PR_Free(zipfile); zipfile = NULL; - } - if(!arg) { - PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR], - "generate (-G)"); - errorCount++; - goto loser; - } - genkey = PL_strdup(arg); - ate = 1; - break; - case MODULES_OPT: - list_modules++; - break; - case SIGNDIR_OPT: - if(jartree) { - PR_fprintf(errorFD, errStrings[DUPLICATE_OPTION_ERR], - "signdir"); - warningCount++; - PR_Free(jartree); jartree = NULL; - } - if(!arg) { - PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR], "signdir"); - errorCount++; - goto loser; - } - jartree = PL_strdup(arg); - ate = 1; - break; - case OUTFILE_OPT: - if(outfile) { - PR_fprintf(errorFD, errStrings[DUPLICATE_OPTION_ERR], - "outfile"); - warningCount++; - PR_Free(outfile); outfile = NULL; - } - if(!arg) { - PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR], "outfile"); - errorCount++; - goto loser; - } - outfile = PL_strdup(arg); - ate = 1; - break; - case COMMAND_FILE_OPT: - if(cmdFile) { - PR_fprintf(errorFD, errStrings[DUPLICATE_OPTION_ERR], "-f"); - warningCount++; - PR_Free(cmdFile); cmdFile = NULL; - } - if(!arg) { - PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR], "-f"); - errorCount++; - goto loser; - } - cmdFile = PL_strdup(arg); - ate = 1; - break; - case NORECURSE_OPT: - noRecurse = PR_TRUE; - break; - case LEAVE_ARC_OPT: - leaveArc = PR_TRUE; - break; - case VERBOSITY_OPT: - if(!arg) { - PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR], - "--verbosity"); - errorCount++; - goto loser; - } - verbosity = atoi(arg); - ate = 1; - break; - case KEYSIZE_OPT: - if( keySize != -1 ) { - PR_fprintf(errorFD, errStrings[DUPLICATE_OPTION_ERR], "-s"); - warningCount++; - } - keySize = atoi(arg); - ate = 1; - if( keySize < 1 || keySize > MAX_RSA_KEY_SIZE ) { - PR_fprintf(errorFD, "Invalid key size: %d.\n", keySize); - errorCount++; - goto loser; - } - break; - case TOKEN_OPT: - if( token ) { - PR_fprintf(errorFD, errStrings[DUPLICATE_OPTION_ERR], "-t"); - PR_Free(token); token = NULL; - } - if( ! arg ) { - PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR], "-t"); - errorCount++; - goto loser; - } - token = PL_strdup(arg); - ate = 1; - break; - default: - PR_fprintf(errorFD, "warning: unknown option\n"); - warningCount++; - break; - } - - return ate; -loser: - return -1; -} - - -/********************************************************************* - * - * m a i n - */ -int -main(int argc, char *argv[]) -{ - PRBool readOnly; - int retval=0; - - outputFD = PR_STDOUT; - errorFD = PR_STDERR; - - progName = argv[0]; - - if (argc < 2) - { - usage(); - } - - excludeDirs = PL_NewHashTable(10, PL_HashString, PL_CompareStrings, - PL_CompareStrings, NULL, NULL); - extensions = PL_NewHashTable(10, PL_HashString, PL_CompareStrings, - PL_CompareStrings, NULL, NULL); - - if(parse_args(argc, argv)) { - retval = -1; - goto cleanup; - } - - /* Parse the command file if one was given */ - if(cmdFile) { - if(ProcessCommandFile()) { - retval = -1; - goto cleanup; - } - } - - /* Set up output redirection */ - if(outfile) { - if(PR_Access(outfile, PR_ACCESS_EXISTS)==PR_SUCCESS) { - /* delete the file if it is already present */ - PR_fprintf(errorFD, - "warning: %s already exists and will be overwritten.\n", - outfile); - warningCount++; - if(PR_Delete(outfile) != PR_SUCCESS) { - PR_fprintf(errorFD, "ERROR: unable to delete %s.\n", outfile); - errorCount++; - exit(ERRX); - } - } - outputFD = PR_Open(outfile, - PR_WRONLY|PR_CREATE_FILE|PR_TRUNCATE, 0777); - if(!outputFD) { - PR_fprintf(errorFD, "ERROR: Unable to create %s.\n", outfile); - errorCount++; - exit(ERRX); - } - errorFD = outputFD; - } - - /* This seems to be a fairly common user error */ - - if (verify && list_certs > 0) - { - PR_fprintf (errorFD, "%s: Can't use -l and -v at the same time\n", - PROGRAM_NAME); - errorCount++; - retval = -1; - goto cleanup; - } - - /* -J assumes -Z now */ - - if (javascript && zipfile) - { - PR_fprintf (errorFD, "%s: Can't use -J and -Z at the same time\n", - PROGRAM_NAME); - PR_fprintf (errorFD, "%s: -J option will create the jar files for you\n", - PROGRAM_NAME); - errorCount++; - retval = -1; - goto cleanup; - } - - /* Less common mixing of -L with various options */ - - if (list_certs > 0 && - (tell_who || zipfile || javascript || - scriptdir || extensionsGiven || exclusionsGiven || install_script)) { - PR_fprintf(errorFD, "%s: Can't use -l or -L with that option\n", - PROGRAM_NAME); - errorCount++; - retval = -1; - goto cleanup; - } - - - if (!cert_dir) - cert_dir = get_default_cert_dir(); - - VerifyCertDir(cert_dir, keyName); - - - if( compression_level < MIN_COMPRESSION_LEVEL || - compression_level > MAX_COMPRESSION_LEVEL) { - PR_fprintf(errorFD, "Compression level must be between %d and %d.\n", - MIN_COMPRESSION_LEVEL, MAX_COMPRESSION_LEVEL); - errorCount++; - retval = -1; - goto cleanup; - } - - if(jartree && !keyName) { - PR_fprintf(errorFD, "You must specify a key with which to sign.\n"); - errorCount++; - retval = -1; - goto cleanup; - } - - readOnly = (genkey == NULL); /* only key generation requires write */ - if(InitCrypto(cert_dir, readOnly)) { - PR_fprintf(errorFD, "ERROR: Cryptographic initialization failed.\n"); - errorCount++; - retval = -1; - goto cleanup; - } - - if (enableOCSP) { - SECStatus rv = CERT_EnableOCSPChecking(CERT_GetDefaultCertDB()); - if (rv != SECSuccess) { - PR_fprintf(errorFD, "ERROR: Attempt to enable OCSP Checking failed.\n"); - errorCount++; - retval = -1; - } - } - - if (verify) - { - if (VerifyJar(verify)) - { - errorCount++; - retval = -1; - goto cleanup; - } - } - else if (list_certs) - { - if (ListCerts(keyName, list_certs)) - { - errorCount++; - retval = -1; - goto cleanup; - } - } - else if (list_modules) - { - JarListModules(); - } - else if (genkey) - { - if (GenerateCert(genkey, keySize, token)) - { - errorCount++; - retval = -1; - goto cleanup; - } - } - else if (tell_who) - { - if (JarWho(tell_who)) - { - errorCount++; - retval = -1; - goto cleanup; - } - } - else if (javascript && jartree) - { - /* make sure directory exists */ - PRDir *dir; - dir = PR_OpenDir(jartree); - if(!dir) { - PR_fprintf(errorFD, "ERROR: unable to open directory %s.\n", jartree); - errorCount++; - retval = -1; - goto cleanup; - } else { - PR_CloseDir(dir); - } - - /* undo junk from prior runs of signtool*/ - if(RemoveAllArc(jartree)) { - PR_fprintf(errorFD, "Error removing archive directories under %s\n", jartree); - errorCount++; - retval = -1; - goto cleanup; - } - - /* traverse all the htm|html files in the directory */ - if(InlineJavaScript(jartree, !noRecurse)) { - retval = -1; - goto cleanup; - } - - /* sign any resultant .arc directories created in above step */ - if(SignAllArc(jartree, keyName, javascript, metafile, install_script, - optimize, !noRecurse)) { - retval = -1; - goto cleanup; - } - - if(!leaveArc) { - RemoveAllArc(jartree); - } - - if(errorCount>0 || warningCount>0) { - PR_fprintf(outputFD, "%d error%s, %d warning%s.\n", errorCount, - errorCount==1?"":"s", warningCount, warningCount==1?"":"s"); - } else { - PR_fprintf(outputFD, "Directory %s signed successfully.\n", jartree); - } - } else if (jartree) - { - SignArchive(jartree, keyName, zipfile, javascript, metafile, - install_script, optimize, !noRecurse); - } - else - usage(); - -cleanup: - if(extensions) { - PL_HashTableDestroy(extensions); extensions = NULL; - } - if(excludeDirs) { - PL_HashTableDestroy(excludeDirs); excludeDirs = NULL; - } - if(outputFD != PR_STDOUT) { - PR_Close(outputFD); - } - rm_dash_r(TMP_OUTPUT); - if (retval == 0) { - if (NSS_Shutdown() != SECSuccess) { - exit(1); - } - } - return retval; -} - diff --git a/security/nss/cmd/signtool/signtool.h b/security/nss/cmd/signtool/signtool.h deleted file mode 100644 index 5c6ad0284..000000000 --- a/security/nss/cmd/signtool/signtool.h +++ /dev/null @@ -1,140 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -#ifndef SIGNTOOL_H -#define SIGNTOOL_H - -#define DJN_TEST - -#include <stdio.h> -#include <string.h> -#include <errno.h> - -#include "prprf.h" -#include "prio.h" -#include "secutil.h" -#include "ocsp.h" -#include "jar.h" -#include "jarfile.h" -#include "secpkcs7.h" -#include "pk11func.h" -#include "secmod.h" -#include "plhash.h" - -#ifdef _UNIX -#include <unistd.h> -#endif - -/********************************************************************** - * General Defines - */ -#define JAR_BASE_END JAR_BASE + 100 -#define ERRX (-1) /* the exit code used on failure */ -#define FNSIZE 256 /* the maximum length for filenames */ -#define MAX_RSA_KEY_SIZE 4096 -#define DEFAULT_RSA_KEY_SIZE 1024 -#define MANIFEST "manifest.mf" -#define DEFAULT_X509_BASENAME "x509" -#define DEFAULT_COMMON_NAME "Signtool 1.3 Testing Certificate" -#define CREATOR "Signtool (signtool 1.3)" -#define BREAKAGE "PLEASE DO NOT EDIT THIS FILE. YOU WILL BREAK IT." -#define MIN_COMPRESSION_LEVEL (-1) -#define MAX_COMPRESSION_LEVEL 9 -#define DEFAULT_COMPRESSION_LEVEL (-1) /* zlib understands this to be default*/ -#define STDIN_BUF_SIZE 160 -#define PROGRAM_NAME "signtool" -#define LONG_PROGRAM_NAME "Signing Tool" -#define DEFAULT_BASE_NAME "zigbert" -#define VERSION "1.3" -#define TMP_OUTPUT "signtool.tmp" - - -/*************************************************************** - * Main Task Functions - */ -int GenerateCert(char *nickname, int keysize, char *token); -int ListCerts(char *key, int list_certs); -int VerifyJar(char *filename); -int SignArchive(char *tree, char *keyName, char *zip_file, int javascript, - char *meta_file, char *install_script, int _optimize, PRBool recurse); -int SignAllArc(char *jartree, char *keyName, int javascript, char *metafile, - char *install_script, int optimize, PRBool recurse); -int InlineJavaScript(char *dir, PRBool recurse); -int JarWho(char *filename); -void JarListModules(void); - -/************************************************************** - * Utility Functions - */ -CERTCertDBHandle *OpenCertDB (PRBool readOnly); - -int RemoveAllArc(char *tree); -void VerifyCertDir(char *dir, char *keyName); -int InitCrypto(char *cert_dir, PRBool readOnly); -int foreach (char *dirname, char *prefix, - int (*fn)(char *filename, char *dirname, char *basedir,char *base,void*arg), - PRBool recurse, PRBool includeDirs, void *arg); -void print_error (int i); -void give_help (int status); -const char* secErrorString(long code); -void displayVerifyLog(CERTVerifyLog *log); -void usage (void); -char* chop(char*); -void out_of_memory(void); -void FatalError(char *msg); -char* get_default_cert_dir(void); -SECItem *password_hardcode(void *arg, void *handle); -char* pk11_password_hardcode(PK11SlotInfo *slot, PRBool retry, void *arg); -int rm_dash_r(char *path); -char* pr_fgets(char *buf, int size, PRFileDesc *file); - - -/***************************************************************** - * Global Variables (*gag*) - */ -extern char *password; /* the password passed in on the command line */ -extern PLHashTable *excludeDirs; /* directory entry to skip while recursing */ -extern int no_time; -extern char *base; /* basename of ".rsa" and ".sf" files */ -extern long *mozilla_event_queue; -extern char *progName; /* argv[0] */ -extern PLHashTable *extensions;/* only sign files with this extension */ -extern PRBool extensionsGiven; -extern char *scriptdir; -extern int compression_level; -extern PRFileDesc *outputFD, *errorFD; -extern int verbosity; -extern int errorCount; -extern int warningCount; - -#endif /* SIGNTOOL_H */ diff --git a/security/nss/cmd/signtool/util.c b/security/nss/cmd/signtool/util.c deleted file mode 100644 index efaa916db..000000000 --- a/security/nss/cmd/signtool/util.c +++ /dev/null @@ -1,990 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -#include "signtool.h" -#include "prio.h" -#include "prmem.h" -#include "nss.h" - -static int is_dir (char *filename); - -/*********************************************************** - * Nasty hackish function definitions - */ - -long *mozilla_event_queue = 0; - -#ifndef XP_WIN -char *XP_GetString (int i) -{ - return SECU_ErrorStringRaw ((int16) i); -} -#endif - -void FE_SetPasswordEnabled() -{ -} - -void /*MWContext*/ *FE_GetInitContext (void) -{ - return 0; -} - -void /*MWContext*/ *XP_FindSomeContext() -{ - /* No windows context in command tools */ - return NULL; -} - -void ET_moz_CallFunction() -{ -} - - -/* - * R e m o v e A l l A r c - * - * Remove .arc directories that are lingering - * from a previous run of signtool. - * - */ -int -RemoveAllArc(char *tree) -{ - PRDir *dir; - PRDirEntry *entry; - char *archive=NULL; - int retval = 0; - - dir = PR_OpenDir (tree); - if (!dir) return -1; - - for (entry = PR_ReadDir (dir,0); entry; entry = PR_ReadDir (dir,0)) { - - if(entry->name[0] == '.') { - continue; - } - - if(archive) PR_Free(archive); - archive = PR_smprintf("%s/%s", tree, entry->name); - - if (PL_strcaserstr (entry->name, ".arc") - == (entry->name + strlen(entry->name) - 4) ) { - - if(verbosity >= 0) { - PR_fprintf(outputFD, "removing: %s\n", archive); - } - - if(rm_dash_r(archive)) { - PR_fprintf(errorFD, "Error removing %s\n", archive); - errorCount++; - retval = -1; - goto finish; - } - } else if(is_dir(archive)) { - if(RemoveAllArc(archive)) { - retval = -1; - goto finish; - } - } - } - -finish: - PR_CloseDir (dir); - if(archive) PR_Free(archive); - - return retval; -} - -/* - * r m _ d a s h _ r - * - * Remove a file, or a directory recursively. - * - */ -int rm_dash_r (char *path) -{ - PRDir *dir; - PRDirEntry *entry; - PRFileInfo fileinfo; - char filename[FNSIZE]; - - if(PR_GetFileInfo(path, &fileinfo) != PR_SUCCESS) { - /*fprintf(stderr, "Error: Unable to access %s\n", filename);*/ - return -1; - } - if(fileinfo.type == PR_FILE_DIRECTORY) { - - dir = PR_OpenDir(path); - if(!dir) { - PR_fprintf(errorFD, "Error: Unable to open directory %s.\n", path); - errorCount++; - return -1; - } - - /* Recursively delete all entries in the directory */ - while((entry = PR_ReadDir(dir, PR_SKIP_BOTH)) != NULL) { - sprintf(filename, "%s/%s", path, entry->name); - if(rm_dash_r(filename)) return -1; - } - - if(PR_CloseDir(dir) != PR_SUCCESS) { - PR_fprintf(errorFD, "Error: Could not close %s.\n", path); - errorCount++; - return -1; - } - - /* Delete the directory itself */ - if(PR_RmDir(path) != PR_SUCCESS) { - PR_fprintf(errorFD, "Error: Unable to delete %s\n", path); - errorCount++; - return -1; - } - } else { - if(PR_Delete(path) != PR_SUCCESS) { - PR_fprintf(errorFD, "Error: Unable to delete %s\n", path); - errorCount++; - return -1; - } - } - return 0; -} - -/* - * u s a g e - * - * Print some useful help information - * - */ -void -usage (void) -{ - PR_fprintf(outputFD, "\n"); - PR_fprintf(outputFD, "%s %s - a signing tool for jar files\n", LONG_PROGRAM_NAME, VERSION); - PR_fprintf(outputFD, "\n"); - PR_fprintf(outputFD, "Usage: %s [options] directory-tree \n\n", PROGRAM_NAME); - PR_fprintf(outputFD, " -b\"basename\"\t\tbasename of .sf, .rsa files for signing\n"); - PR_fprintf(outputFD, " -c#\t\t\t\tCompression level, 0-9, 0=none\n"); - PR_fprintf(outputFD, " -d\"certificate directory\"\tcontains cert*.db and key*.db\n"); - PR_fprintf(outputFD, " -e\".ext\"\t\t\tsign only files with this extension\n"); - PR_fprintf(outputFD, " -f\"filename\"\t\t\tread commands from file\n"); - PR_fprintf(outputFD, " -G\"nickname\"\t\tcreate object-signing cert with this nickname\n"); - PR_fprintf(outputFD, " -i\"installer script\"\tassign installer javascript\n"); - PR_fprintf(outputFD, " -j\"javascript directory\"\tsign javascript files in this subtree\n"); - PR_fprintf(outputFD, " -J\t\t\t\tdirectory contains HTML files. Javascript will\n" - "\t\t\t\tbe extracted and signed.\n"); - PR_fprintf(outputFD, " -k\"cert nickname\"\t\tsign with this certificate\n"); - PR_fprintf(outputFD, " --leavearc\t\t\tdo not delete .arc directories created\n" - "\t\t\t\tby -J option\n"); - PR_fprintf(outputFD, " -m\"metafile\"\t\tinclude custom meta-information\n"); - PR_fprintf(outputFD, " --norecurse\t\t\tdo not operate on subdirectories\n"); - PR_fprintf(outputFD, " -o\t\t\t\toptimize - omit optional headers\n"); - PR_fprintf(outputFD, " -O\t\t\t\tenableOCSP - enable OCSP checking\n"); - PR_fprintf(outputFD, " --outfile \"filename\"\tredirect output to file\n"); - PR_fprintf(outputFD, " -p\"password\"\t\tfor password on command line (insecure)\n"); - PR_fprintf(outputFD, " -s keysize\t\t\tkeysize in bits of generated cert\n"); - PR_fprintf(outputFD, " -t token\t\t\tname of token on which to generate cert\n"); - PR_fprintf(outputFD, " --verbosity #\t\tSet amount of debugging information to generate.\n" - "\t\t\t\tLower number means less output, 0 is default.\n"); - PR_fprintf(outputFD, " -x\"name\"\t\t\tdirectory or filename to exclude\n"); - PR_fprintf(outputFD, " -z\t\t\t\tomit signing time from signature\n"); - PR_fprintf(outputFD, " -Z\"jarfile\"\t\t\tcreate JAR file with the given name.\n" - "\t\t\t\t(Default compression level is 6.)\n"); - PR_fprintf(outputFD, "\n"); - PR_fprintf(outputFD, "%s -l\n", PROGRAM_NAME); - PR_fprintf(outputFD, " lists the signing certificates in your database\n"); - PR_fprintf(outputFD, "\n"); - PR_fprintf(outputFD, "%s -L\n", PROGRAM_NAME); - PR_fprintf(outputFD, " lists all certificates in your database, marks object-signing certificates\n"); - PR_fprintf(outputFD, "\n"); - PR_fprintf(outputFD, "%s -M\n", PROGRAM_NAME); - PR_fprintf(outputFD, " lists the PKCS #11 modules available to %s\n", PROGRAM_NAME); - PR_fprintf(outputFD, "\n"); - PR_fprintf(outputFD, "%s -v file.jar\n", PROGRAM_NAME); - PR_fprintf(outputFD, " show the contents of the specified jar file\n"); - PR_fprintf(outputFD, "\n"); - PR_fprintf(outputFD, "%s -w file.jar\n", PROGRAM_NAME); - PR_fprintf(outputFD, " if valid, tries to tell you who signed the jar file\n"); - PR_fprintf(outputFD, "\n"); - PR_fprintf(outputFD, "For more details, visit\n"); - PR_fprintf(outputFD, -" http://developer.netscape.com/library/documentation/signedobj/signtool/\n"); - - exit (ERRX); -} - -/* - * p r i n t _ e r r o r - * - * For the undocumented -E function. If an older version - * of communicator gives you a numeric error, we can see what - * really happened without doing hex math. - * - */ - -void -print_error (int err) -{ - PR_fprintf(errorFD, "Error %d: %s\n", err, JAR_get_error (err)); - errorCount++; - give_help (err); -} - -/* - * o u t _ o f _ m e m o r y - * - * Out of memory, exit Signtool. - * - */ -void -out_of_memory (void) -{ - PR_fprintf(errorFD, "%s: out of memory\n", PROGRAM_NAME); - errorCount++; - exit (ERRX); -} - -/* - * V e r i f y C e r t D i r - * - * Validate that the specified directory - * contains a certificate database - * - */ -void -VerifyCertDir(char *dir, char *keyName) -{ - char fn [FNSIZE]; - - /* don't try verifying if we don't have a local directory */ - if (strncmp(dir,"multiaccess:",sizeof("multiaccess:")-1) == 0) { - return; - } - - /* This code is really broken because it makes underlying assumptions about - * how the NSS profile directory is laid out, but these names can change - * from release to release. */ - sprintf (fn, "%s/cert8.db", dir); - - if (PR_Access (fn, PR_ACCESS_EXISTS)) - { - PR_fprintf(errorFD, "%s: No certificate database in \"%s\"\n", PROGRAM_NAME, - dir); - PR_fprintf(errorFD, "%s: Check the -d arguments that you gave\n", - PROGRAM_NAME); - errorCount++; - exit (ERRX); - } - - if(verbosity >= 0) { - PR_fprintf(outputFD, "using certificate directory: %s\n", dir); - } - - if (keyName == NULL) - return; - - /* if the user gave the -k key argument, verify that - a key database already exists */ - - sprintf (fn, "%s/key3.db", dir); - - if (PR_Access (fn, PR_ACCESS_EXISTS)) - { - PR_fprintf(errorFD, "%s: No private key database in \"%s\"\n", PROGRAM_NAME, - dir); - PR_fprintf(errorFD, "%s: Check the -d arguments that you gave\n", - PROGRAM_NAME); - errorCount++; - exit (ERRX); - } -} - -/* - * f o r e a c h - * - * A recursive function to loop through all names in - * the specified directory, as well as all subdirectories. - * - * FIX: Need to see if all platforms allow multiple - * opendir's to be called. - * - */ - -int -foreach(char *dirname, char *prefix, - int (*fn)(char *relpath, char *basedir, char *reldir, char *filename, - void* arg), - PRBool recurse, PRBool includeDirs, void *arg) { - char newdir [FNSIZE]; - int retval = 0; - - PRDir *dir; - PRDirEntry *entry; - - strcpy (newdir, dirname); - if (*prefix) { - strcat (newdir, "/"); - strcat (newdir, prefix); - } - - dir = PR_OpenDir (newdir); - if (!dir) return -1; - - for (entry = PR_ReadDir (dir,0); entry; entry = PR_ReadDir (dir,0)) { - if ( strcmp(entry->name, ".")==0 || - strcmp(entry->name, "..")==0 ) - { - /* no infinite recursion, please */ - continue; - } - - /* can't sign self */ - if (!strcmp (entry->name, "META-INF")) - continue; - - /* -x option */ - if (PL_HashTableLookup(excludeDirs, entry->name)) - continue; - - strcpy (newdir, dirname); - if (*dirname) - strcat (newdir, "/"); - - if (*prefix) { - strcat (newdir, prefix); - strcat (newdir, "/"); - } - strcat (newdir, entry->name); - - if(!is_dir(newdir) || includeDirs) { - char newpath [FNSIZE]; - - strcpy (newpath, prefix); - if (*newpath) - strcat (newpath, "/"); - strcat (newpath, entry->name); - - if( (*fn) (newpath, dirname, prefix, (char *) entry->name, arg)) { - retval = -1; - break; - } - } - - if (is_dir (newdir)) { - if(recurse) { - char newprefix [FNSIZE]; - - strcpy (newprefix, prefix); - if (*newprefix) { - strcat (newprefix, "/"); - } - strcat (newprefix, entry->name); - - if(foreach (dirname, newprefix, fn, recurse, includeDirs,arg)) { - retval = -1; - break; - } - } - } - - } - - PR_CloseDir (dir); - - return retval; -} - -/* - * i s _ d i r - * - * Return 1 if file is a directory. - * Wonder if this runs on a mac, trust not. - * - */ -static int is_dir (char *filename) -{ - PRFileInfo finfo; - - if( PR_GetFileInfo(filename, &finfo) != PR_SUCCESS ) { - printf("Unable to get information about %s\n", filename); - return 0; - } - - return ( finfo.type == PR_FILE_DIRECTORY ); -} - -/* - * p a s s w o r d _ h a r d c o d e - * - * A function to use the password passed in the -p(password) argument - * of the command line. This is only to be used for build & testing purposes, - * as it's extraordinarily insecure. - * - * After use once, null it out otherwise PKCS11 calls us forever. - * - */ -SECItem * -password_hardcode(void *arg, void *handle) -{ - SECItem *pw = NULL; - if (password) { - pw = SECITEM_AllocItem(NULL, NULL, PL_strlen(password)); - pw->data = (unsigned char *)PL_strdup(password); - password = NULL; - } - return pw; -} - -char * -pk11_password_hardcode(PK11SlotInfo *slot, PRBool retry, void *arg) -{ - char *pw; - if (retry) { - return NULL; /* the password is incorrect, fail */ - } - pw = password ? PORT_Strdup (password) : NULL; - /* XXX don't do this, or FIPS won't work */ - /*password = NULL;*/ - return pw; -} - -/************************************************************************ - * - * c e r t D B N a m e C a l l b a c k - */ -static char * -certDBNameCallback(void *arg, int dbVersion) -{ - char *fnarg; - char *dir; - char *filename; - - dir = SECU_ConfigDirectory (NULL); - - switch ( dbVersion ) { - case 7: - fnarg = "7"; - break; - case 6: - fnarg = "6"; - break; - case 5: - fnarg = "5"; - break; - case 4: - default: - fnarg = ""; - break; - } - filename = PR_smprintf("%s/cert%s.db", dir, fnarg); - return(filename); -} - -/*************************************************************** - * - * s e c E r r o r S t r i n g - * - * Returns an error string corresponding to the given error code. - * Doesn't cover all errors; returns a default for many. - * Returned string is only valid until the next call of this function. - */ -const char* -secErrorString(long code) -{ - static char errstring[80]; /* dynamically constructed error string */ - char *c; /* the returned string */ - - switch(code) { - case SEC_ERROR_IO: c = "io error"; - break; - case SEC_ERROR_LIBRARY_FAILURE: c = "security library failure"; - break; - case SEC_ERROR_BAD_DATA: c = "bad data"; - break; - case SEC_ERROR_OUTPUT_LEN: c = "output length"; - break; - case SEC_ERROR_INPUT_LEN: c = "input length"; - break; - case SEC_ERROR_INVALID_ARGS: c = "invalid args"; - break; - case SEC_ERROR_EXPIRED_CERTIFICATE: c = "expired certificate"; - break; - case SEC_ERROR_REVOKED_CERTIFICATE: c = "revoked certificate"; - break; - case SEC_ERROR_INADEQUATE_KEY_USAGE: c = "inadequate key usage"; - break; - case SEC_ERROR_INADEQUATE_CERT_TYPE: c = "inadequate certificate type"; - break; - case SEC_ERROR_UNTRUSTED_CERT: c = "untrusted cert"; - break; - case SEC_ERROR_NO_KRL: c = "no key revocation list"; - break; - case SEC_ERROR_KRL_BAD_SIGNATURE: c = "key revocation list: bad signature"; - break; - case SEC_ERROR_KRL_EXPIRED: c = "key revocation list expired"; - break; - case SEC_ERROR_REVOKED_KEY: c = "revoked key"; - break; - case SEC_ERROR_CRL_BAD_SIGNATURE: - c = "certificate revocation list: bad signature"; - break; - case SEC_ERROR_CRL_EXPIRED: c = "certificate revocation list expired"; - break; - case SEC_ERROR_CRL_NOT_YET_VALID: - c = "certificate revocation list not yet valid"; - break; - case SEC_ERROR_UNKNOWN_ISSUER: c = "unknown issuer"; - break; - case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE: c = "expired issuer certificate"; - break; - case SEC_ERROR_BAD_SIGNATURE: c = "bad signature"; - break; - case SEC_ERROR_BAD_KEY: c = "bad key"; - break; - case SEC_ERROR_NOT_FORTEZZA_ISSUER: c = "not fortezza issuer"; - break; - case SEC_ERROR_CA_CERT_INVALID: - c = "Certificate Authority certificate invalid"; - break; - case SEC_ERROR_EXTENSION_NOT_FOUND: c = "extension not found"; - break; - case SEC_ERROR_CERT_NOT_IN_NAME_SPACE: c = "certificate not in name space"; - break; - case SEC_ERROR_UNTRUSTED_ISSUER: c = "untrusted issuer"; - break; - default: - sprintf(errstring, "security error %ld", code); - c = errstring; - break; - } - - return c; -} - -/*************************************************************** - * - * d i s p l a y V e r i f y L o g - * - * Prints the log of a cert verification. - */ -void -displayVerifyLog(CERTVerifyLog *log) -{ - CERTVerifyLogNode *node; - CERTCertificate *cert; - char *name; - - if( !log || (log->count <= 0) ) { - return; - } - - for(node = log->head; node != NULL; node = node->next) { - - if( !(cert = node->cert) ) { - continue; - } - - /* Get a name for this cert */ - if(cert->nickname != NULL) { - name = cert->nickname; - } else if(cert->emailAddr && cert->emailAddr[0]) { - name = cert->emailAddr; - } else { - name = cert->subjectName; - } - - printf( "%s%s:\n", - name, - (node->depth > 0) ? " [Certificate Authority]" : "" - ); - - printf("\t%s\n", secErrorString(node->error)); - - } -} -/* - * J a r L i s t M o d u l e s - * - * Print a list of the PKCS11 modules that are - * available. This is useful for smartcard people to - * make sure they have the drivers loaded. - * - */ -void -JarListModules(void) -{ - int i; - int count = 0; - - SECMODModuleList *modules = NULL; - static SECMODListLock *moduleLock = NULL; - - SECMODModuleList *mlp; - - modules = SECMOD_GetDefaultModuleList(); - - if (modules == NULL) - { - PR_fprintf(errorFD, "%s: Can't get module list\n", PROGRAM_NAME); - errorCount++; - exit (ERRX); - } - - if ((moduleLock = SECMOD_NewListLock()) == NULL) - { - /* this is the wrong text */ - PR_fprintf(errorFD, "%s: unable to acquire lock on module list\n", - PROGRAM_NAME); - errorCount++; - exit (ERRX); - } - - SECMOD_GetReadLock (moduleLock); - - PR_fprintf(outputFD, "\nListing of PKCS11 modules\n"); - PR_fprintf(outputFD, "-----------------------------------------------\n"); - - for (mlp = modules; mlp != NULL; mlp = mlp->next) - { - count++; - PR_fprintf(outputFD, "%3d. %s\n", count, mlp->module->commonName); - - if (mlp->module->internal) - PR_fprintf(outputFD, " (this module is internally loaded)\n"); - else - PR_fprintf(outputFD, " (this is an external module)\n"); - - if (mlp->module->dllName) - PR_fprintf(outputFD, " DLL name: %s\n", mlp->module->dllName); - - if (mlp->module->slotCount == 0) - PR_fprintf(outputFD, " slots: There are no slots attached to this module\n"); - else - PR_fprintf(outputFD, " slots: %d slots attached\n", mlp->module->slotCount); - - if (mlp->module->loaded == 0) - PR_fprintf(outputFD, " status: Not loaded\n"); - else - PR_fprintf(outputFD, " status: loaded\n"); - - for (i = 0; i < mlp->module->slotCount; i++) - { - PK11SlotInfo *slot = mlp->module->slots[i]; - - PR_fprintf(outputFD, "\n"); - PR_fprintf(outputFD, " slot: %s\n", PK11_GetSlotName(slot)); - PR_fprintf(outputFD, " token: %s\n", PK11_GetTokenName(slot)); - } - } - - PR_fprintf(outputFD, "-----------------------------------------------\n"); - - if (count == 0) - PR_fprintf(outputFD, - "Warning: no modules were found (should have at least one)\n"); - - SECMOD_ReleaseReadLock (moduleLock); -} - -/********************************************************************** - * c h o p - * - * Eliminates leading and trailing whitespace. Returns a pointer to the - * beginning of non-whitespace, or an empty string if it's all whitespace. - */ -char* -chop(char *str) -{ - char *start, *end; - - if(str) { - start = str; - - /* Nip leading whitespace */ - while(isspace(*start)) { - start++; - } - - /* Nip trailing whitespace */ - if(*start) { - end = start + strlen(start) - 1; - while(isspace(*end) && end > start) { - end--; - } - *(end+1) = '\0'; - } - - return start; - } else { - return NULL; - } -} - -/*********************************************************************** - * - * F a t a l E r r o r - * - * Outputs an error message and bails out of the program. - */ -void -FatalError(char *msg) -{ - if(!msg) msg = ""; - - PR_fprintf(errorFD, "FATAL ERROR: %s\n", msg); - errorCount++; - exit(ERRX); -} - -/************************************************************************* - * - * I n i t C r y p t o - */ -int -InitCrypto(char *cert_dir, PRBool readOnly) -{ - SECStatus rv; - static int prior = 0; - PK11SlotInfo *slotinfo; - - CERTCertDBHandle *db; - - if (prior == 0) { - /* some functions such as OpenKeyDB expect this path to be - * implicitly set prior to calling */ - if (readOnly) { - rv = NSS_Init(cert_dir); - } else { - rv = NSS_InitReadWrite(cert_dir); - } - if (rv != SECSuccess) { - SECU_PrintPRandOSError(PROGRAM_NAME); - exit(-1); - } - - SECU_ConfigDirectory (cert_dir); - - /* Been there done that */ - prior++; - - if(password) { - PK11_SetPasswordFunc(pk11_password_hardcode); - } - - /* Must login to FIPS before you do anything else */ - if(PK11_IsFIPS()) { - slotinfo = PK11_GetInternalSlot(); - if(!slotinfo) { - fprintf(stderr, "%s: Unable to get PKCS #11 Internal Slot." - "\n", PROGRAM_NAME); - return -1; - } - if(PK11_Authenticate(slotinfo, PR_FALSE /*loadCerts*/, - NULL /*wincx*/) != SECSuccess) { - fprintf(stderr, "%s: Unable to authenticate to %s.\n", - PROGRAM_NAME, PK11_GetSlotName(slotinfo)); - PK11_FreeSlot(slotinfo); - return -1; - } - PK11_FreeSlot(slotinfo); - } - - /* Make sure there is a password set on the internal key slot */ - slotinfo = PK11_GetInternalKeySlot(); - if(!slotinfo) { - fprintf(stderr, "%s: Unable to get PKCS #11 Internal Key Slot." - "\n", PROGRAM_NAME); - return -1; - } - if(PK11_NeedUserInit(slotinfo)) { - PR_fprintf(errorFD, -"\nWARNING: No password set on internal key database. Most operations will fail." -"\nYou must use Communicator to create a password.\n"); - warningCount++; - } - - /* Make sure we can authenticate to the key slot in FIPS mode */ - if(PK11_IsFIPS()) { - if(PK11_Authenticate(slotinfo, PR_FALSE /*loadCerts*/, - NULL /*wincx*/) != SECSuccess) { - fprintf(stderr, "%s: Unable to authenticate to %s.\n", - PROGRAM_NAME, PK11_GetSlotName(slotinfo)); - PK11_FreeSlot(slotinfo); - return -1; - } - } - PK11_FreeSlot(slotinfo); - } - - return 0; -} - -/* Windows foolishness is now in the secutil lib */ - -/***************************************************************** - * g e t _ d e f a u l t _ c e r t _ d i r - * - * Attempt to locate a certificate directory. - * Failing that, complain that the user needs to - * use the -d(irectory) parameter. - * - */ -char *get_default_cert_dir (void) -{ - char *home; - - char *cd = NULL; - static char db [FNSIZE]; - -#ifdef XP_UNIX - home = getenv ("HOME"); - - if (home && *home) - { - sprintf (db, "%s/.netscape", home); - cd = db; - } -#endif - -#ifdef XP_PC - FILE *fp; - - /* first check the environment override */ - - home = getenv ("JAR_HOME"); - - if (home && *home) - { - sprintf (db, "%s/cert7.db", home); - - if ((fp = fopen (db, "r")) != NULL) - { - fclose (fp); - cd = home; - } - } - - /* try the old navigator directory */ - - if (cd == NULL) - { - home = "c:/Program Files/Netscape/Navigator"; - - sprintf (db, "%s/cert7.db", home); - - if ((fp = fopen (db, "r")) != NULL) - { - fclose (fp); - cd = home; - } - } - - /* Try the current directory, I wonder if this - is really a good idea. Remember, Windows only.. */ - - if (cd == NULL) - { - home = "."; - - sprintf (db, "%s/cert7.db", home); - - if ((fp = fopen (db, "r")) != NULL) - { - fclose (fp); - cd = home; - } - } - -#endif - - if (!cd) - { - PR_fprintf(errorFD, - "You must specify the location of your certificate directory\n"); - PR_fprintf(errorFD, - "with the -d option. Example: -d ~/.netscape in many cases with Unix.\n"); - errorCount++; - exit (ERRX); - } - - return cd; -} - -/************************************************************************ - * g i v e _ h e l p - */ -void give_help (int status) -{ - if (status == SEC_ERROR_UNKNOWN_ISSUER) - { - PR_fprintf(errorFD, - "The Certificate Authority (CA) for this certificate\n"); - PR_fprintf(errorFD, - "does not appear to be in your database. You should contact\n"); - PR_fprintf(errorFD, - "the organization which issued this certificate to obtain\n"); - PR_fprintf(errorFD, "a copy of its CA Certificate.\n"); - } -} - -/************************************************************************** - * - * p r _ f g e t s - * - * fgets implemented with NSPR. - */ -char* -pr_fgets(char *buf, int size, PRFileDesc *file) -{ - int i; - int status; - char c; - - i=0; - while(i < size-1) { - status = PR_Read(file, (void*) &c, 1); - if(status==-1) { - return NULL; - } else if(status==0) { - break; - } - buf[i++] = c; - if(c=='\n') { - break; - } - } - buf[i]='\0'; - - return buf; -} - diff --git a/security/nss/cmd/signtool/verify.c b/security/nss/cmd/signtool/verify.c deleted file mode 100644 index fd80ef737..000000000 --- a/security/nss/cmd/signtool/verify.c +++ /dev/null @@ -1,382 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -#include "signtool.h" - - -static int jar_cb(int status, JAR *jar, const char *metafile, - char *pathname, char *errortext); -static int verify_global (JAR *jar); - -/************************************************************************* - * - * V e r i f y J a r - */ -int -VerifyJar(char *filename) -{ - FILE *fp; - - int ret; - int status; - int failed = 0; - char *err; - - JAR *jar; - JAR_Context *ctx; - - JAR_Item *it; - - jar = JAR_new(); - - if ((fp = fopen (filename, "r")) == NULL) - { - perror (filename); - exit (ERRX); - } - else - fclose (fp); - - JAR_set_callback (JAR_CB_SIGNAL, jar, jar_cb); - - - status = JAR_pass_archive (jar, jarArchGuess, filename, "some-url"); - - if (status < 0 || jar->valid < 0) - { - failed = 1; - PR_fprintf(outputFD, "\nNOTE -- \"%s\" archive DID NOT PASS crypto verification.\n", filename); - if (status < 0) - { - char *errtext; - - if (status >= JAR_BASE && status <= JAR_BASE_END) - { - errtext = JAR_get_error (status); - } - else - { - errtext = SECU_ErrorString ((int16) PORT_GetError()); - } - - PR_fprintf(outputFD, " (reported reason: %s)\n\n", errtext); - - /* corrupt files should not have their contents listed */ - - if (status == JAR_ERR_CORRUPT) - return -1; - } - PR_fprintf(outputFD, - "entries shown below will have their digests checked only.\n"); - jar->valid = 0; - } - else - PR_fprintf(outputFD, - "archive \"%s\" has passed crypto verification.\n", filename); - - if (verify_global (jar)) - failed = 1; - - PR_fprintf(outputFD, "\n"); - PR_fprintf(outputFD, "%16s %s\n", "status", "path"); - PR_fprintf(outputFD, "%16s %s\n", "------------", "-------------------"); - - ctx = JAR_find (jar, NULL, jarTypeMF); - - while (JAR_find_next (ctx, &it) >= 0) - { - if (it && it->pathname) - { - rm_dash_r(TMP_OUTPUT); - ret = JAR_verified_extract (jar, it->pathname, TMP_OUTPUT); - /* if (ret < 0) printf ("error %d on %s\n", ret, it->pathname); */ - if (ret < 0) failed = 1; - - if (ret == JAR_ERR_PNF) - err = "NOT PRESENT"; - else if (ret == JAR_ERR_HASH) - err = "HASH FAILED"; - else - err = "NOT VERIFIED"; - - PR_fprintf(outputFD, "%16s %s\n", - ret >= 0 ? "verified" : err, it->pathname); - - if (ret != 0 && ret != JAR_ERR_PNF && ret != JAR_ERR_HASH) - PR_fprintf(outputFD, " (reason: %s)\n", JAR_get_error (ret)); - } - } - - JAR_find_end (ctx); - - if (status < 0 || jar->valid < 0) - { - failed = 1; - PR_fprintf(outputFD, - "\nNOTE -- \"%s\" archive DID NOT PASS crypto verification.\n", filename); - give_help (status); - } - - JAR_destroy (jar); - - if (failed) - return -1; - return 0; -} - -/*************************************************************************** - * - * v e r i f y _ g l o b a l - */ -static int -verify_global (JAR *jar) -{ - FILE *fp; - JAR_Context *ctx; - - char *ext; - - JAR_Item *it; - JAR_Digest *globaldig; - - unsigned int sha1_length, md5_length; - - char buf [BUFSIZ]; - - unsigned char *md5_digest, *sha1_digest; - - int retval = 0; - - ctx = JAR_find (jar, "*", jarTypePhy); - - while (JAR_find_next (ctx, &it) >= 0) { - if (!PORT_Strncmp (it->pathname, "META-INF", 8)) { - for (ext = it->pathname; *ext; ext++); - while (ext > it->pathname && *ext != '.') ext--; - - if(verbosity >= 0) { - if (!PORT_Strcasecmp (ext, ".rsa")) { - PR_fprintf(outputFD, "found a RSA signature file: %s\n", - it->pathname); - } - - if(!PORT_Strcasecmp (ext, ".dsa")) { - PR_fprintf(outputFD, "found a DSA signature file: %s\n", - it->pathname); - } - - if (!PORT_Strcasecmp (ext, ".mf")) { - PR_fprintf(outputFD, - "found a MF master manifest file: %s\n", it->pathname); - } - } - - if (!PORT_Strcasecmp (ext, ".sf")) { - if(verbosity >= 0) { - PR_fprintf(outputFD, - "found a SF signature manifest file: %s\n", it->pathname); - } - - rm_dash_r(TMP_OUTPUT); - if (JAR_extract (jar, it->pathname, TMP_OUTPUT) < 0) { - PR_fprintf(errorFD, "%s: error extracting %s\n", PROGRAM_NAME, - it->pathname); - errorCount++; - retval = -1; - continue; - } - - md5_digest = NULL; - sha1_digest = NULL; - - if ((fp = fopen (TMP_OUTPUT, "rb")) != NULL) { - while (fgets (buf, BUFSIZ, fp)) { - char *s; - - if (*buf == 0 || *buf == '\n' || *buf == '\r') break; - - for (s = buf; *s && *s != '\n' && *s != '\r'; s++); - *s = 0; - - if (!PORT_Strncmp (buf, "MD5-Digest: ", 12)) { - md5_digest = ATOB_AsciiToData (buf + 12, &md5_length); - } - - if (!PORT_Strncmp (buf, "SHA1-Digest: ", 13)) { - sha1_digest = ATOB_AsciiToData (buf + 13, &sha1_length); - } - - if (!PORT_Strncmp (buf, "SHA-Digest: ", 12)) { - sha1_digest = ATOB_AsciiToData (buf + 12, &sha1_length); - } - } - - globaldig = jar->globalmeta; - - if (globaldig && md5_digest) { - if(verbosity >= 0) { - PR_fprintf(outputFD, - " md5 digest on global metainfo: %s\n", - PORT_Memcmp (md5_digest, globaldig->md5, MD5_LENGTH) ? - "no match" : "match"); - } - } - - if (globaldig && sha1_digest) { - if(verbosity >= 0) { - PR_fprintf(outputFD, - " sha digest on global metainfo: %s\n", - PORT_Memcmp(sha1_digest, globaldig->sha1, - SHA1_LENGTH) ? "no match" : "match"); - } - } - - if (globaldig == NULL) { - if(verbosity >= 0) { - PR_fprintf(outputFD, - "global metadigest is not available, strange.\n"); - } - } - - fclose (fp); - } - } - } - } - - JAR_find_end (ctx); - - return retval; -} - -/************************************************************************ - * - * J a r W h o - */ -int -JarWho(char *filename) - { - FILE *fp; - - JAR *jar; - JAR_Context *ctx; - - int status; - int retval = 0; - - JAR_Item *it; - JAR_Cert *fing; - - CERTCertificate *cert, *prev = NULL; - - jar = JAR_new(); - - if ((fp = fopen (filename, "r")) == NULL) - { - perror (filename); - exit (ERRX); - } - else - fclose (fp); - - status = JAR_pass_archive (jar, jarArchGuess, filename, "some-url"); - - if (status < 0 || jar->valid < 0) - { - PR_fprintf(outputFD, - "NOTE -- \"%s\" archive DID NOT PASS crypto verification.\n", filename); - retval = -1; - if (jar->valid < 0 || status != -1) - { - char *errtext; - - if (status >= JAR_BASE && status <= JAR_BASE_END) - { - errtext = JAR_get_error (status); - } - else - { - errtext = SECU_ErrorString ((int16) PORT_GetError()); - } - - PR_fprintf(outputFD, " (reported reason: %s)\n\n", errtext); - } - } - - PR_fprintf(outputFD, "\nSigner information:\n\n"); - - ctx = JAR_find (jar, NULL, jarTypeSign); - - while (JAR_find_next (ctx, &it) >= 0) - { - fing = (JAR_Cert *) it->data; - cert = fing->cert; - - if (cert) - { - if (prev == cert) - break; - - if (cert->nickname) - PR_fprintf(outputFD, "nickname: %s\n", cert->nickname); - if (cert->subjectName) - PR_fprintf(outputFD, "subject name: %s\n", cert->subjectName); - if (cert->issuerName) - PR_fprintf(outputFD, "issuer name: %s\n", cert->issuerName); - } - else - { - PR_fprintf(outputFD, "no certificate could be found\n"); - retval = -1; - } - - prev = cert; - } - - JAR_find_end (ctx); - - JAR_destroy (jar); - return retval; -} - -/************************************************************************ - * j a r _ c b - */ -static int jar_cb(int status, JAR *jar, const char *metafile, - char *pathname, char *errortext) -{ - PR_fprintf(errorFD, "error %d: %s IN FILE %s\n", status, errortext, pathname); - errorCount++; - return 0; -} - diff --git a/security/nss/cmd/signtool/zip.c b/security/nss/cmd/signtool/zip.c deleted file mode 100644 index 62e885137..000000000 --- a/security/nss/cmd/signtool/zip.c +++ /dev/null @@ -1,678 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -#include "signtool.h" -#include "zip.h" -#include "zlib.h" -#include "prmem.h" - -static void inttox (int in, char *out); -static void longtox (long in, char *out); - -/**************************************************************** - * - * J z i p O p e n - * - * Opens a new ZIP file and creates a new ZIPfile structure to - * control the process of installing files into a zip. - */ -ZIPfile* -JzipOpen(char *filename, char *comment) -{ - ZIPfile *zipfile; - PRExplodedTime prtime; - - zipfile = PORT_ZAlloc(sizeof(ZIPfile)); - if(!zipfile) out_of_memory(); - - /* Construct time and date */ - PR_ExplodeTime(PR_Now(), PR_LocalTimeParameters, &prtime); - zipfile->date = ((prtime.tm_year-1980) << 9) | - ((prtime.tm_month+1) << 5) | - prtime.tm_mday; - zipfile->time = (prtime.tm_hour<<11) | - (prtime.tm_min<<5) | - (prtime.tm_sec&0x3f); - - if (filename && - (zipfile->fp = PR_Open(filename, - PR_WRONLY|PR_CREATE_FILE|PR_TRUNCATE, 0777)) == NULL) { - char *nsprErr; - if(PR_GetErrorTextLength()) { - nsprErr = PR_Malloc(PR_GetErrorTextLength()); - PR_GetErrorText(nsprErr); - } else { - nsprErr = NULL; - } - PR_fprintf(errorFD, "%s: can't open output jar, %s.%s\n", PROGRAM_NAME, - filename, nsprErr ? nsprErr : ""); - if(nsprErr) PR_Free(nsprErr); - errorCount++; - exit (ERRX); - } - - zipfile->list = NULL; - if(filename) { - zipfile->filename = PORT_ZAlloc(strlen(filename)+1); - if(!zipfile->filename) out_of_memory(); - PORT_Strcpy(zipfile->filename, filename); - } - if(comment) { - zipfile->comment = PORT_ZAlloc(strlen(comment)+1); - if(!zipfile->comment) out_of_memory(); - PORT_Strcpy(zipfile->comment, comment); - } - - return zipfile; -} - -static -void* -my_alloc_func(void* opaque, uInt items, uInt size) -{ - return PORT_Alloc(items*size); -} - -static -void -my_free_func(void* opaque, void* address) -{ - PORT_Free(address); -} - -static -void -handle_zerror(int err, char *msg) -{ - if(!msg) { - msg = ""; - } - - errorCount++; /* unless Z_OK...see below */ - - switch(err) { - case Z_OK: - PR_fprintf(errorFD, "No error: %s\n", msg); - errorCount--; /* this was incremented above */ - break; - case Z_MEM_ERROR: - PR_fprintf(errorFD, "Deflation ran out of memory: %s\n", msg); - break; - case Z_STREAM_ERROR: - PR_fprintf(errorFD, "Invalid compression level: %s\n", msg); - break; - case Z_VERSION_ERROR: - PR_fprintf(errorFD, "Incompatible compression library version: %s\n", msg); - break; - case Z_DATA_ERROR: - PR_fprintf(errorFD, "Compression data error: %s\n", msg); - break; - default: - PR_fprintf(errorFD, "Unknown error in compression library: %s\n", msg); - break; - } -} - - -/**************************************************************** - * - * J z i p A d d - * - * Adds a new file into a ZIP file. The ZIP file must have already - * been opened with JzipOpen. - */ -int -JzipAdd(char *fullname, char *filename, ZIPfile *zipfile, int compression_level) -{ - ZIPentry *entry; - PRFileDesc *readfp; - PRFileDesc *zipfp; - int num; - Bytef inbuf[BUFSIZ], outbuf[BUFSIZ]; - unsigned long crc; - z_stream zstream; - int err; - unsigned long local_size_pos; - int deflate_percent; - - - if( !fullname || !filename || !zipfile) { - return -1; - } - - zipfp = zipfile->fp; - - - if( (readfp = PR_Open(fullname, PR_RDONLY, 0777)) == NULL) { - char *nsprErr; - if(PR_GetErrorTextLength()) { - nsprErr = PR_Malloc(PR_GetErrorTextLength()); - PR_GetErrorText(nsprErr); - } else { - nsprErr = NULL; - } - PR_fprintf(errorFD, "%s: %s\n", fullname, nsprErr ? nsprErr : ""); - errorCount++; - if(nsprErr) PR_Free(nsprErr); - exit(ERRX); - } - - /* - * Make sure the input file is not the output file. - * Add a few bytes to the end of the JAR file and see if the input file - * twitches - */ - { - PRInt32 endOfJar; - PRInt32 inputSize; - PRBool isSame; - - inputSize = PR_Available(readfp); - - endOfJar = PR_Seek(zipfp, 0L, PR_SEEK_CUR); - - if(PR_Write(zipfp, "abcde", 5) < 5) { - char *nsprErr; - - if(PR_GetErrorTextLength()) { - nsprErr = PR_Malloc(PR_GetErrorTextLength()); - PR_GetErrorText(nsprErr); - } else { - nsprErr = NULL; - } - PR_fprintf(errorFD, "Writing to zip file: %s\n", - nsprErr ? nsprErr : ""); - if(nsprErr) PR_Free(nsprErr); - errorCount++; - exit(ERRX); - } - - isSame = (PR_Available(readfp) != inputSize); - - PR_Seek(zipfp, endOfJar, PR_SEEK_SET); - - if(isSame) { - /* It's the same file! Forget it! */ - PR_Close(readfp); - return 0; - } - } - - if(verbosity >= 0) { - PR_fprintf(outputFD, "adding %s to %s...", fullname, zipfile->filename); - } - - entry = PORT_ZAlloc(sizeof(ZIPentry)); - if(!entry) out_of_memory(); - - entry->filename = PORT_Strdup(filename); - entry->comment = NULL; - - /* Set up local file header */ - longtox(LSIG, entry->local.signature); - inttox(strlen(filename), entry->local.filename_len); - inttox(zipfile->time, entry->local.time); - inttox(zipfile->date, entry->local.date); - inttox(Z_DEFLATED, entry->local.method); - - /* Set up central directory entry */ - longtox(CSIG, entry->central.signature); - inttox(strlen(filename), entry->central.filename_len); - if(entry->comment) { - inttox(strlen(entry->comment), entry->central.commentfield_len); - } - longtox(PR_Seek(zipfile->fp, 0, PR_SEEK_CUR), - entry->central.localhdr_offset); - inttox(zipfile->time, entry->central.time); - inttox(zipfile->date, entry->central.date); - inttox(Z_DEFLATED, entry->central.method); - - /* Compute crc. Too bad we have to process the whole file to do this*/ - crc = crc32(0L, NULL, 0); - while( (num = PR_Read(readfp, inbuf, BUFSIZ)) > 0) { - crc = crc32(crc, inbuf, num); - } - PR_Seek(readfp, 0L, PR_SEEK_SET); - - /* Store CRC */ - longtox(crc, entry->local.crc32); - longtox(crc, entry->central.crc32); - - /* Stick this entry onto the end of the list */ - entry->next = NULL; - if( zipfile->list == NULL ) { - /* First entry */ - zipfile->list = entry; - } else { - ZIPentry *pe; - - pe = zipfile->list; - while(pe->next != NULL) { - pe = pe->next; - } - pe->next = entry; - } - - /* - * Start writing stuff out - */ - - local_size_pos = PR_Seek(zipfp, 0, PR_SEEK_CUR) + 18; - /* File header */ - if(PR_Write(zipfp, &entry->local, sizeof(struct ZipLocal)) - < sizeof(struct ZipLocal)) { - char *nsprErr; - if(PR_GetErrorTextLength()) { - nsprErr = PR_Malloc(PR_GetErrorTextLength()); - PR_GetErrorText(nsprErr); - } else { - nsprErr = NULL; - } - PR_fprintf(errorFD, "Writing zip data: %s\n", nsprErr ? nsprErr : ""); - if(nsprErr) PR_Free(nsprErr); - errorCount++; - exit(ERRX); - } - - /* File Name */ - if( PR_Write(zipfp, filename, strlen(filename)) < strlen(filename)) { - char *nsprErr; - if(PR_GetErrorTextLength()) { - nsprErr = PR_Malloc(PR_GetErrorTextLength()); - PR_GetErrorText(nsprErr); - } else { - nsprErr = NULL; - } - PR_fprintf(errorFD, "Writing zip data: %s\n", nsprErr ? nsprErr : ""); - if(nsprErr) PR_Free(nsprErr); - errorCount++; - exit(ERRX); - } - - /* - * File data - */ - /* Initialize zstream */ - zstream.zalloc = my_alloc_func; - zstream.zfree = my_free_func; - zstream.opaque = NULL; - zstream.next_in = inbuf; - zstream.avail_in = BUFSIZ; - zstream.next_out = outbuf; - zstream.avail_out = BUFSIZ; - /* Setting the windowBits to -MAX_WBITS is an undocumented feature of - * zlib (see deflate.c in zlib). It is the same thing that Java does - * when you specify the nowrap option for deflation in java.util.zip. - * It causes zlib to leave out its headers and footers, which don't - * work in PKZIP files. - */ - err = deflateInit2(&zstream, compression_level, Z_DEFLATED, - -MAX_WBITS, 8 /*default*/, Z_DEFAULT_STRATEGY); - if(err != Z_OK) { - handle_zerror(err, zstream.msg); - exit(ERRX); - } - - while( (zstream.avail_in = PR_Read(readfp, inbuf, BUFSIZ)) > 0) { - zstream.next_in = inbuf; - /* Process this chunk of data */ - while(zstream.avail_in > 0) { - err = deflate(&zstream, Z_NO_FLUSH); - if(err != Z_OK) { - handle_zerror(err, zstream.msg); - exit(ERRX); - } - if(zstream.avail_out <= 0) { - if( PR_Write(zipfp, outbuf, BUFSIZ) < BUFSIZ) { - char *nsprErr; - if(PR_GetErrorTextLength()) { - nsprErr = PR_Malloc(PR_GetErrorTextLength()); - PR_GetErrorText(nsprErr); - } else { - nsprErr = NULL; - } - PR_fprintf(errorFD, "Writing zip data: %s\n", - nsprErr ? nsprErr : ""); - if(nsprErr) PR_Free(nsprErr); - errorCount++; - exit(ERRX); - } - zstream.next_out = outbuf; - zstream.avail_out = BUFSIZ; - } - } - } - - /* Now flush everything */ - while(1) { - err = deflate(&zstream, Z_FINISH); - if(err == Z_STREAM_END) { - break; - } else if(err == Z_OK) { - /* output buffer full, repeat */ - } else { - handle_zerror(err, zstream.msg); - exit(ERRX); - } - if( PR_Write(zipfp, outbuf, BUFSIZ) < BUFSIZ) { - char *nsprErr; - if(PR_GetErrorTextLength()) { - nsprErr = PR_Malloc(PR_GetErrorTextLength()); - PR_GetErrorText(nsprErr); - } else { - nsprErr = NULL; - } - PR_fprintf(errorFD, "Writing zip data: %s\n", - nsprErr ? nsprErr : ""); - if(nsprErr) PR_Free(nsprErr); - errorCount++; - exit(ERRX); - } - zstream.avail_out = BUFSIZ; - zstream.next_out = outbuf; - } - - /* If there's any output left, write it out. */ - if(zstream.next_out != outbuf) { - if( PR_Write(zipfp, outbuf, zstream.next_out-outbuf) < - zstream.next_out-outbuf) { - char *nsprErr; - if(PR_GetErrorTextLength()) { - nsprErr = PR_Malloc(PR_GetErrorTextLength()); - PR_GetErrorText(nsprErr); - } else { - nsprErr = NULL; - } - PR_fprintf(errorFD, "Writing zip data: %s\n", - nsprErr ? nsprErr : ""); - if(nsprErr) PR_Free(nsprErr); - errorCount++; - exit(ERRX); - } - zstream.avail_out = BUFSIZ; - zstream.next_out = outbuf; - } - - /* Now that we know the compressed size, write this to the headers */ - longtox(zstream.total_in, entry->local.orglen); - longtox(zstream.total_out, entry->local.size); - if(PR_Seek(zipfp, local_size_pos, PR_SEEK_SET) == -1) { - char *nsprErr; - if(PR_GetErrorTextLength()) { - nsprErr = PR_Malloc(PR_GetErrorTextLength()); - PR_GetErrorText(nsprErr); - } else { - nsprErr = NULL; - } - PR_fprintf(errorFD, "Accessing zip file: %s\n", nsprErr ? nsprErr : ""); - if(nsprErr) PR_Free(nsprErr); - errorCount++; - exit(ERRX); - } - if( PR_Write(zipfp, entry->local.size, 8) != 8) { - char *nsprErr; - if(PR_GetErrorTextLength()) { - nsprErr = PR_Malloc(PR_GetErrorTextLength()); - PR_GetErrorText(nsprErr); - } else { - nsprErr = NULL; - } - PR_fprintf(errorFD, "Writing zip data: %s\n", nsprErr ? nsprErr : ""); - if(nsprErr) PR_Free(nsprErr); - errorCount++; - exit(ERRX); - } - if(PR_Seek(zipfp, 0L, PR_SEEK_END) == -1) { - char *nsprErr; - if(PR_GetErrorTextLength()) { - nsprErr = PR_Malloc(PR_GetErrorTextLength()); - PR_GetErrorText(nsprErr); - } else { - nsprErr = NULL; - } - PR_fprintf(errorFD, "Accessing zip file: %s\n", nsprErr ? nsprErr : ""); - if(nsprErr) PR_Free(nsprErr); - errorCount++; - exit(ERRX); - } - longtox(zstream.total_in, entry->central.orglen); - longtox(zstream.total_out, entry->central.size); - - /* Close out the deflation operation */ - err = deflateEnd(&zstream); - if(err != Z_OK) { - handle_zerror(err, zstream.msg); - exit(ERRX); - } - - PR_Close(readfp); - - if((zstream.total_in > zstream.total_out) && (zstream.total_in > 0)) { - deflate_percent = (int) ( (zstream.total_in-zstream.total_out)*100 / - zstream.total_in ); - } else { - deflate_percent = 0; - } - if(verbosity >= 0) { - PR_fprintf(outputFD, "(deflated %d%%)\n", deflate_percent); - } - - return 0; -} - -/******************************************************************** - * J z i p C l o s e - * - * Finishes the ZipFile. ALSO DELETES THE ZIPFILE STRUCTURE PASSED IN!! - */ -int -JzipClose(ZIPfile *zipfile) -{ - ZIPentry *pe, *dead; - PRFileDesc *zipfp; - struct ZipEnd zipend; - unsigned int entrycount = 0; - - if(!zipfile) { - return -1; - } - - if(!zipfile->filename) { - /* bogus */ - return 0; - } - - zipfp = zipfile->fp; - zipfile->central_start = PR_Seek(zipfp, 0L, PR_SEEK_CUR); - - /* Write out all the central directories */ - pe = zipfile->list; - while(pe) { - entrycount++; - - /* Write central directory info */ - if( PR_Write(zipfp, &pe->central, sizeof(struct ZipCentral)) - < sizeof(struct ZipCentral)) { - char *nsprErr; - if(PR_GetErrorTextLength()) { - nsprErr = PR_Malloc(PR_GetErrorTextLength()); - PR_GetErrorText(nsprErr); - } else { - nsprErr = NULL; - } - PR_fprintf(errorFD, "Writing zip data: %s\n", - nsprErr ? nsprErr : ""); - if(nsprErr) PR_Free(nsprErr); - errorCount++; - exit(ERRX); - } - - /* Write filename */ - if( PR_Write(zipfp, pe->filename, strlen(pe->filename)) - < strlen(pe->filename)) { - char *nsprErr; - if(PR_GetErrorTextLength()) { - nsprErr = PR_Malloc(PR_GetErrorTextLength()); - PR_GetErrorText(nsprErr); - } else { - nsprErr = NULL; - } - PR_fprintf(errorFD, "Writing zip data: %s\n", - nsprErr ? nsprErr : ""); - if(nsprErr) PR_Free(nsprErr); - errorCount++; - exit(ERRX); - } - - /* Write file comment */ - if(pe->comment) { - if( PR_Write(zipfp, pe->comment, strlen(pe->comment)) - < strlen(pe->comment)) { - char *nsprErr; - if(PR_GetErrorTextLength()) { - nsprErr = PR_Malloc(PR_GetErrorTextLength()); - PR_GetErrorText(nsprErr); - } else { - nsprErr = NULL; - } - PR_fprintf(errorFD, "Writing zip data: %s\n", - nsprErr ? nsprErr : ""); - if(nsprErr) PR_Free(nsprErr); - errorCount++; - exit(ERRX); - } - } - - /* Delete the structure */ - dead = pe; - pe = pe->next; - if(dead->filename) { - PORT_Free(dead->filename); - } - if(dead->comment) { - PORT_Free(dead->comment); - } - PORT_Free(dead); - } - zipfile->central_end = PR_Seek(zipfile->fp, 0L, PR_SEEK_CUR); - - /* Create the ZipEnd structure */ - PORT_Memset(&zipend, 0, sizeof(zipend)); - longtox(ESIG, zipend.signature); - inttox(entrycount, zipend.total_entries_disk); - inttox(entrycount, zipend.total_entries_archive); - longtox(zipfile->central_end-zipfile->central_start, - zipend.central_dir_size); - longtox(zipfile->central_start, zipend.offset_central_dir); - if(zipfile->comment) { - inttox(strlen(zipfile->comment), zipend.commentfield_len); - } - - /* Write out ZipEnd xtructure */ - if( PR_Write(zipfp, &zipend, sizeof(zipend)) < sizeof(zipend)) { - char *nsprErr; - if(PR_GetErrorTextLength()) { - nsprErr = PR_Malloc(PR_GetErrorTextLength()); - PR_GetErrorText(nsprErr); - } else { - nsprErr = NULL; - } - PR_fprintf(errorFD, "Writing zip data: %s\n", nsprErr ? nsprErr : ""); - if(nsprErr) PR_Free(nsprErr); - errorCount++; - exit(ERRX); - } - - /* Write out Zipfile comment */ - if(zipfile->comment) { - if( PR_Write(zipfp, zipfile->comment, strlen(zipfile->comment)) - < strlen(zipfile->comment)) { - char *nsprErr; - if(PR_GetErrorTextLength()) { - nsprErr = PR_Malloc(PR_GetErrorTextLength()); - PR_GetErrorText(nsprErr); - } else { - nsprErr = NULL; - } - PR_fprintf(errorFD, "Writing zip data: %s\n", - nsprErr ? nsprErr : ""); - if(nsprErr) PR_Free(nsprErr); - errorCount++; - exit(ERRX); - } - } - - PR_Close(zipfp); - - /* Free the memory of the zipfile structure */ - if(zipfile->filename) { - PORT_Free(zipfile->filename); - } - if(zipfile->comment) { - PORT_Free(zipfile->comment); - } - PORT_Free(zipfile); - - return 0; -} - -/********************************************** - * i n t t o x - * - * Converts a two byte ugly endianed integer - * to our platform's integer. - * - */ - -static void inttox (int in, char *out) -{ - out [0] = (in & 0xFF); - out [1] = (in & 0xFF00) >> 8; -} - -/********************************************* - * l o n g t o x - * - * Converts a four byte ugly endianed integer - * to our platform's integer. - * - */ - -static void longtox (long in, char *out) -{ - out [0] = (in & 0xFF); - out [1] = (in & 0xFF00) >> 8; - out [2] = (in & 0xFF0000) >> 16; - out [3] = (in & 0xFF000000) >> 24; -} - diff --git a/security/nss/cmd/signtool/zip.h b/security/nss/cmd/signtool/zip.h deleted file mode 100644 index 08512f3c4..000000000 --- a/security/nss/cmd/signtool/zip.h +++ /dev/null @@ -1,100 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -/* zip.h - * Structures and functions for creating ZIP archives. - */ -#ifndef ZIP_H -#define ZIP_H - -/* For general information on ZIP formats, you can look at jarfile.h - * in ns/security/lib/jar. Or look it up on the web... - */ - -/* One entry in a ZIPfile. This corresponds to one file in the archive. - * We have to save this information because first all the files go into - * the archive with local headers; then at the end of the file we have to - * put the central directory entries for each file. - */ -typedef struct ZIPentry_s { - struct ZipLocal local; /* local header info */ - struct ZipCentral central; /* central directory info */ - char *filename; /* name of file */ - char *comment; /* comment for this file -- optional */ - - struct ZIPentry_s *next; -} ZIPentry; - -/* This structure contains the necessary data for putting a ZIP file - * together. Has some overall information and a list of ZIPentrys. - */ -typedef struct ZIPfile_s { - char *filename; /* ZIP file name */ - char *comment; /* ZIP file comment -- may be NULL */ - PRFileDesc *fp; /* ZIP file pointer */ - ZIPentry *list; /* one entry for each file in the archive */ - unsigned int time; /* the GMT time of creation, in DOS format */ - unsigned int date; /* the GMT date of creation, in DOS format */ - unsigned long central_start; /* starting offset of central directory */ - unsigned long central_end; /*index right after the last byte of central*/ -} ZIPfile; - - -/* Open a new ZIP file. Takes the name of the zip file and an optional - * comment to be included in the file. Returns a new ZIPfile structure - * which is used by JzipAdd and JzipClose - */ -ZIPfile* JzipOpen(char *filename, char *comment); - -/* Add a file to a ZIP archive. Fullname is the path relative to the - * current directory. Filename is what the name will be stored as in the - * archive, and thus what it will be restored as. zipfile is a structure - * returned from a previous call to JzipOpen. - * - * Non-zero return code means error (although usually the function will - * call exit() rather than return an error--gotta fix this). - */ -int JzipAdd(char *fullname, char *filename, ZIPfile *zipfile, - int compression_level); - -/* Finalize a ZIP archive. Adds all the footer information to the end of - * the file and closes it. Also DELETES THE ZIPFILE STRUCTURE that was - * passed in. So you never have to allocate or free a ZIPfile yourself. - * - * Non-zero return code means error (although usually the function will - * call exit() rather than return an error--gotta fix this). - */ -int JzipClose (ZIPfile *zipfile); - - -#endif /* ZIP_H */ diff --git a/security/nss/cmd/signver/Makefile b/security/nss/cmd/signver/Makefile deleted file mode 100644 index e4a3a6069..000000000 --- a/security/nss/cmd/signver/Makefile +++ /dev/null @@ -1,71 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - -include ../platlibs.mk - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - -include ../platrules.mk diff --git a/security/nss/cmd/signver/examples/1/form.pl b/security/nss/cmd/signver/examples/1/form.pl deleted file mode 100755 index 2034bf728..000000000 --- a/security/nss/cmd/signver/examples/1/form.pl +++ /dev/null @@ -1,50 +0,0 @@ -#! /usr/bin/perl -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - - -print "Content-type: text/html\n\n"; -print "<B>Server Name:</B> ", $ENV{'SERVER_NAME'}, "<BR>", "\n"; -print "<B>Server Port:</B> ", $ENV{'SERVER_PORT'}, "<BR>", "\n"; -print "<B>Server Software:</B> ", $ENV{'SERVER_SOFTWARE'}, "<BR>", "\n"; -print "<B>Server Protocol:</B> ", $ENV{'SERVER_PROTOCOL'}, "<BR>", "\n"; -print "<B>CGI Revision:</B> ", $ENV{'GATEWAY_INTERFACE'}, "<BR>", "\n"; -print "<B>Browser:</B> ", $ENV{'HTTP_USER_AGENT'}, "<BR>", "\n"; -print "<B>Remote Address:</B> ", $ENV{'REMOTE_ADDR'}, "<BR>", "\n"; -print "<B>Remote Host:</B> ", $ENV{'REMOTE_HOST'}, "<BR>", "\n"; -print "<B>Remote User:</B> ", $ENV{'REMOTE_USER'}, "<BR>", "\n"; -print "You typed:\n"; - -while( $_ = <STDIN>) { - print "$_"; -} - diff --git a/security/nss/cmd/signver/examples/1/signedForm.html b/security/nss/cmd/signver/examples/1/signedForm.html deleted file mode 100644 index 1444a1775..000000000 --- a/security/nss/cmd/signver/examples/1/signedForm.html +++ /dev/null @@ -1,84 +0,0 @@ -<html> -<!-- - - The contents of this file are subject to the Mozilla Public - - License Version 1.1 (the "License"); you may not use this file - - except in compliance with the License. You may obtain a copy of - - the License at http://www.mozilla.org/MPL/ - - - - Software distributed under the License is distributed on an "AS - - IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - - implied. See the License for the specific language governing - - rights and limitations under the License. - - - - The Original Code is the Netscape security libraries. - - - - The Initial Developer of the Original Code is Netscape - - Communications Corporation. Portions created by Netscape are - - Copyright (C) 1994-2000 Netscape Communications Corporation. All - - Rights Reserved. - - - - Contributor(s): - - - - Alternatively, the contents of this file may be used under the - - terms of the GNU General Public License Version 2 or later (the - - "GPL"), in which case the provisions of the GPL are applicable - - instead of those above. If you wish to allow use of your - - version of this file only under the terms of the GPL and not to - - allow others to use your version of this file under the MPL, - - indicate your decision by deleting the provisions above and - - replace them with the notice and other provisions required by - - the GPL. If you do not delete the provisions above, a recipient - - may use your version of this file under either the MPL or the - - GPL. - --> -<head> -<title>Form to sign</title> -<script language="javascript"> -<!-- -function submitSigned(form){ - var signature = ""; - var dataToSign = ""; - var i; - - form.action='signedForm.pl'; - for (i = 0; i < form.length; i++) - if (form.elements[i].type == "text") - dataToSign += form.elements[i].value; - - // alert("Data to sign:\n" + dataToSign); - signature = crypto.signText(dataToSign, "ask"); - /* alert("You cannot see this alert"); - alert("Data signature:\n" + signature); */ - - if (signature != "error:userCancel") { - for (i = 0; i < form.length; i++) { - if (form.elements[i].type == "hidden") { - if (form.elements[i].name == "dataToSign") - form.elements[i].value = dataToSign; - if (form.elements[i].name == "dataSignature") - form.elements[i].value = signature; - } - } - form.submit(); - } -} -//--> -</script> -</head> - -<body> -<form method=post Action="form.pl"> -<input type=hidden size=30 name=dataSignature> -<input type=hidden size=30 name=dataToSign> -<input type=text size=30 name=p> -<BR> -<input type=text size=30 name=q> -<BR> -<input type=text size=30 name=r> -<BR> -<input type=submit value="Submit Data"> -<input type=button value="Sign and Submit Data" onclick=submitSigned(this.form)> -<input type=reset value=Reset> -</form> -</body> -</html> diff --git a/security/nss/cmd/signver/examples/1/signedForm.nt.html b/security/nss/cmd/signver/examples/1/signedForm.nt.html deleted file mode 100644 index 5487739ce..000000000 --- a/security/nss/cmd/signver/examples/1/signedForm.nt.html +++ /dev/null @@ -1,84 +0,0 @@ -<html> -<!-- - - The contents of this file are subject to the Mozilla Public - - License Version 1.1 (the "License"); you may not use this file - - except in compliance with the License. You may obtain a copy of - - the License at http://www.mozilla.org/MPL/ - - - - Software distributed under the License is distributed on an "AS - - IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - - implied. See the License for the specific language governing - - rights and limitations under the License. - - - - The Original Code is the Netscape security libraries. - - - - The Initial Developer of the Original Code is Netscape - - Communications Corporation. Portions created by Netscape are - - Copyright (C) 1994-2000 Netscape Communications Corporation. All - - Rights Reserved. - - - - Contributor(s): - - - - Alternatively, the contents of this file may be used under the - - terms of the GNU General Public License Version 2 or later (the - - "GPL"), in which case the provisions of the GPL are applicable - - instead of those above. If you wish to allow use of your - - version of this file only under the terms of the GPL and not to - - allow others to use your version of this file under the MPL, - - indicate your decision by deleting the provisions above and - - replace them with the notice and other provisions required by - - the GPL. If you do not delete the provisions above, a recipient - - may use your version of this file under either the MPL or the - - GPL. - --> -<head> -<title>Form to sign</title> -<script language="javascript"> -<!-- -function submitSigned(form){ - var signature = ""; - var dataToSign = ""; - var i; - - form.action='cgi-bin/signedForm.pl'; - for (i = 0; i < form.length; i++) - if (form.elements[i].type == "text") - dataToSign += form.elements[i].value; - - // alert("Data to sign:\n" + dataToSign); - signature = crypto.signText(dataToSign, "ask"); - /* alert("You cannot see this alert"); - alert("Data signature:\n" + signature); */ - - if (signature != "error:userCancel") { - for (i = 0; i < form.length; i++) { - if (form.elements[i].type == "hidden") { - if (form.elements[i].name == "dataToSign") - form.elements[i].value = dataToSign; - if (form.elements[i].name == "dataSignature") - form.elements[i].value = signature; - } - } - form.submit(); - } -} -//--> -</script> -</head> - -<body> -<form method=post Action="cgi-bin/form.pl"> -<input type=hidden size=30 name=dataSignature> -<input type=hidden size=30 name=dataToSign> -<input type=text size=30 name=p> -<BR> -<input type=text size=30 name=q> -<BR> -<input type=text size=30 name=r> -<BR> -<input type=submit value="Submit Data"> -<input type=button value="Sign and Submit Data" onclick=submitSigned(this.form)> -<input type=reset value=Reset> -</form> -</body> -</html> diff --git a/security/nss/cmd/signver/examples/1/signedForm.pl b/security/nss/cmd/signver/examples/1/signedForm.pl deleted file mode 100755 index 3c2cd0ed3..000000000 --- a/security/nss/cmd/signver/examples/1/signedForm.pl +++ /dev/null @@ -1,88 +0,0 @@ -#! /usr/bin/perl -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - - - -sub decode { - read (STDIN, $buffer, $ENV{'CONTENT_LENGTH'}); - @pairs = split(/&/, $buffer); - foreach $pair (@pairs) - { - ($name, $value) = split(/=/, $pair); - $value =~tr/+/ /; - $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg; - $FORM{$name} = $value; -# print "name=$name value=$value<BR>\n"; - } -} - -print "Content-type: text/html\n\n"; - -&decode(); - -$dataSignature = $FORM{'dataSignature'}; -$dataToSign = $FORM{'dataToSign'}; - -unlink("signature"); -open(FILE1,">signature") || die("Cannot open file for writing\n"); - -print FILE1 "$dataSignature"; - -close(FILE1); - - -unlink("data"); -open(FILE2,">data") || die("Cannot open file for writing\n"); - -print FILE2 "$dataToSign"; - -close(FILE2); - - -print "<BR><B>Signed Data:</B><BR>", "$dataToSign", "<BR>"; - -print "<BR><b>Verification Info:</b><BR>"; - -$verInfo = `./signver -D . -s signature -d data -v`; -print "<font color=red><b>$verInfo</b></font><BR>"; - -print "<BR><B>Signature Data:</B><BR>", "$dataSignature", "<BR>"; - -print "<BR><b>Signature Info:</b><BR>"; - -foreach $line (`./signver -s signature -A`) { - print "$line<BR>\n"; -} - -print "<b>End of Info</b><BR>"; - diff --git a/security/nss/cmd/signver/manifest.mn b/security/nss/cmd/signver/manifest.mn deleted file mode 100644 index 9efdaad29..000000000 --- a/security/nss/cmd/signver/manifest.mn +++ /dev/null @@ -1,54 +0,0 @@ -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -CORE_DEPTH = ../../.. - -MODULE = nss - -CSRCS = signver.c \ - pk7print.c \ - $(NULL) - -REQUIRES = dbm seccmd - -PROGRAM = signver - -PACKAGE_FILES = README.txt signedForm.html signedForm.pl form.pl -ifeq ($(subst /,_,$(shell uname -s)),WINNT) -PACKAGE_FILES += signedForm.nt.pl signver.exe -else -PACKAGE_FILES += signver -endif - -ARCHIVE_NAME = signver - -USE_STATIC_LIBS = 1 diff --git a/security/nss/cmd/signver/pk7print.c b/security/nss/cmd/signver/pk7print.c deleted file mode 100644 index 2b19df1d1..000000000 --- a/security/nss/cmd/signver/pk7print.c +++ /dev/null @@ -1,891 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -/* -** secutil.c - various functions used by security stuff -** -*/ - -/* pkcs #7 -related functions */ - - -#include "secutil.h" -#include "secpkcs7.h" -#include "secoid.h" -#include <sys/stat.h> -#include <stdarg.h> - -#ifdef XP_UNIX -#include <unistd.h> -#endif - -/* for SEC_TraverseNames */ -#include "cert.h" -#include "prtypes.h" -#include "prtime.h" - -#include "prlong.h" -#include "secmod.h" -#include "pk11func.h" -#include "prerror.h" - - - - -/* -** PKCS7 Support -*/ - -/* forward declaration */ -int -sv_PrintPKCS7ContentInfo(FILE *, SEC_PKCS7ContentInfo *, char *); - - -void -sv_PrintAsHex(FILE *out, SECItem *data, char *m) -{ - unsigned i; - - if (m) fprintf(out, m); - - for (i = 0; i < data->len; i++) { - if (i < data->len - 1) { - fprintf(out, "%02x:", data->data[i]); - } else { - fprintf(out, "%02x\n", data->data[i]); - break; - } - } -} - -void -sv_PrintInteger(FILE *out, SECItem *i, char *m) -{ - int iv; - - if (i->len > 4) { - sv_PrintAsHex(out, i, m); - } else { - iv = DER_GetInteger(i); - fprintf(out, "%s%d (0x%x)\n", m, iv, iv); - } -} - - -int -sv_PrintTime(FILE *out, SECItem *t, char *m) -{ - PRExplodedTime printableTime; - int64 time; - char *timeString; - int rv; - - rv = CERT_DecodeTimeChoice(&time, t); - if (rv) return rv; - - /* Convert to local time */ - PR_ExplodeTime(time, PR_LocalTimeParameters, &printableTime); - - timeString = (char *)PORT_Alloc(100); - - if ( timeString ) { - PR_FormatTime( timeString, 100, "%a %b %d %H:%M:%S %Y", &printableTime ); - fprintf(out, "%s%s\n", m, timeString); - PORT_Free(timeString); - return 0; - } - return SECFailure; -} - -int -sv_PrintValidity(FILE *out, CERTValidity *v, char *m) -{ - int rv; - - fprintf(out, m); - rv = sv_PrintTime(out, &v->notBefore, "notBefore="); - if (rv) return rv; - fprintf(out, m); - sv_PrintTime(out, &v->notAfter, "notAfter="); - return rv; -} - -void -sv_PrintObjectID(FILE *out, SECItem *oid, char *m) -{ - const char *name; - SECOidData *oiddata; - - oiddata = SECOID_FindOID(oid); - if (oiddata == NULL) { - sv_PrintAsHex(out, oid, m); - return; - } - name = oiddata->desc; - - if (m != NULL) - fprintf(out, "%s", m); - fprintf(out, "%s\n", name); -} - -void -sv_PrintAlgorithmID(FILE *out, SECAlgorithmID *a, char *m) -{ - sv_PrintObjectID(out, &a->algorithm, m); - - if ((a->parameters.len != 2) || - (PORT_Memcmp(a->parameters.data, "\005\000", 2) != 0)) { - /* Print args to algorithm */ - sv_PrintAsHex(out, &a->parameters, "Args="); - } -} - -void -sv_PrintAttribute(FILE *out, SEC_PKCS7Attribute *attr, char *m) -{ - SECItem *value; - int i; - char om[100]; - - fprintf(out, m); - - /* - * XXX Make this smarter; look at the type field and then decode - * and print the value(s) appropriately! - */ - sv_PrintObjectID(out, &(attr->type), "type="); - if (attr->values != NULL) { - i = 0; - while ((value = attr->values[i]) != NULL) { - sprintf(om, "%svalue[%d]=%s", m, i++, attr->encoded ? "(encoded)" : ""); - if (attr->encoded || attr->typeTag == NULL) { - sv_PrintAsHex(out, value, om); - } else { - switch (attr->typeTag->offset) { - default: - sv_PrintAsHex(out, value, om); - break; - case SEC_OID_PKCS9_CONTENT_TYPE: - sv_PrintObjectID(out, value, om); - break; - case SEC_OID_PKCS9_SIGNING_TIME: - sv_PrintTime(out, value, om); - break; - } - } - } - } -} - -void -sv_PrintName(FILE *out, CERTName *name, char *msg) -{ - char *str; - - str = CERT_NameToAscii(name); - fprintf(out, "%s%s\n", msg, str); - PORT_Free(str); -} - - -#if 0 -/* -** secu_PrintPKCS7EncContent -** Prints a SEC_PKCS7EncryptedContentInfo (without decrypting it) -*/ -void -secu_PrintPKCS7EncContent(FILE *out, SEC_PKCS7EncryptedContentInfo *src, - char *m, int level) -{ - if (src->contentTypeTag == NULL) - src->contentTypeTag = SECOID_FindOID(&(src->contentType)); - - secu_Indent(out, level); - fprintf(out, "%s:\n", m); - secu_Indent(out, level + 1); - fprintf(out, "Content Type: %s\n", - (src->contentTypeTag != NULL) ? src->contentTypeTag->desc - : "Unknown"); - sv_PrintAlgorithmID(out, &(src->contentEncAlg), - "Content Encryption Algorithm"); - sv_PrintAsHex(out, &(src->encContent), - "Encrypted Content", level+1); -} - -/* -** secu_PrintRecipientInfo -** Prints a PKCS7RecipientInfo type -*/ -void -secu_PrintRecipientInfo(FILE *out, SEC_PKCS7RecipientInfo *info, char *m, - int level) -{ - secu_Indent(out, level); fprintf(out, "%s:\n", m); - sv_PrintInteger(out, &(info->version), "Version"); - - sv_PrintName(out, &(info->issuerAndSN->issuer), "Issuer"); - sv_PrintInteger(out, &(info->issuerAndSN->serialNumber), - "Serial Number"); - - /* Parse and display encrypted key */ - sv_PrintAlgorithmID(out, &(info->keyEncAlg), - "Key Encryption Algorithm"); - sv_PrintAsHex(out, &(info->encKey), "Encrypted Key", level + 1); -} -#endif - -/* -** secu_PrintSignerInfo -** Prints a PKCS7SingerInfo type -*/ -void -sv_PrintSignerInfo(FILE *out, SEC_PKCS7SignerInfo *info, char *m) -{ - SEC_PKCS7Attribute *attr; - int iv; - - fprintf(out, m); - sv_PrintInteger(out, &(info->version), "version="); - - fprintf(out, m); - sv_PrintName(out, &(info->issuerAndSN->issuer), "issuerName="); - fprintf(out, m); - sv_PrintInteger(out, &(info->issuerAndSN->serialNumber), - "serialNumber="); - - fprintf(out, m); - sv_PrintAlgorithmID(out, &(info->digestAlg), "digestAlgorithm="); - - if (info->authAttr != NULL) { - char mm[120]; - - iv = 0; - while (info->authAttr[iv] != NULL) iv++; - fprintf(out, "%sauthenticatedAttributes=%d\n", m, iv); - iv = 0; - while ((attr = info->authAttr[iv]) != NULL) { - sprintf(mm, "%sattribute[%d].", m, iv++); - sv_PrintAttribute(out, attr, mm); - } - } - - /* Parse and display signature */ - fprintf(out, m); - sv_PrintAlgorithmID(out, &(info->digestEncAlg), "digestEncryptionAlgorithm="); - fprintf(out, m); - sv_PrintAsHex(out, &(info->encDigest), "encryptedDigest="); - - if (info->unAuthAttr != NULL) { - char mm[120]; - - iv = 0; - while (info->unAuthAttr[iv] != NULL) iv++; - fprintf(out, "%sunauthenticatedAttributes=%d\n", m, iv); - iv = 0; - while ((attr = info->unAuthAttr[iv]) != NULL) { - sprintf(mm, "%sattribute[%d].", m, iv++); - sv_PrintAttribute(out, attr, mm); - } - } -} - -void -sv_PrintRSAPublicKey(FILE *out, SECKEYPublicKey *pk, char *m) -{ - fprintf(out, m); - sv_PrintInteger(out, &pk->u.rsa.modulus, "modulus="); - fprintf(out, m); - sv_PrintInteger(out, &pk->u.rsa.publicExponent, "exponent="); -} - -void -sv_PrintDSAPublicKey(FILE *out, SECKEYPublicKey *pk, char *m) -{ - fprintf(out, m); - sv_PrintInteger(out, &pk->u.dsa.params.prime, "prime="); - fprintf(out, m); - sv_PrintInteger(out, &pk->u.dsa.params.subPrime, "subprime="); - fprintf(out, m); - sv_PrintInteger(out, &pk->u.dsa.params.base, "base="); - fprintf(out, m); - sv_PrintInteger(out, &pk->u.dsa.publicValue, "publicValue="); -} - -int -sv_PrintSubjectPublicKeyInfo(FILE *out, PRArenaPool *arena, - CERTSubjectPublicKeyInfo *i, char *msg) -{ - SECKEYPublicKey *pk; - int rv; - char mm[200]; - - sprintf(mm, "%s.publicKeyAlgorithm=", msg); - sv_PrintAlgorithmID(out, &i->algorithm, mm); - - pk = (SECKEYPublicKey*) PORT_ZAlloc(sizeof(SECKEYPublicKey)); - if (!pk) return PORT_GetError(); - - DER_ConvertBitString(&i->subjectPublicKey); - switch(SECOID_FindOIDTag(&i->algorithm.algorithm)) { - case SEC_OID_PKCS1_RSA_ENCRYPTION: - rv = SEC_ASN1DecodeItem(arena, pk, SECKEY_RSAPublicKeyTemplate, - &i->subjectPublicKey); - if (rv) return rv; - sprintf(mm, "%s.rsaPublicKey.", msg); - sv_PrintRSAPublicKey(out, pk, mm); - break; - case SEC_OID_ANSIX9_DSA_SIGNATURE: - rv = SEC_ASN1DecodeItem(arena, pk, SECKEY_DSAPublicKeyTemplate, - &i->subjectPublicKey); - if (rv) return rv; - sprintf(mm, "%s.dsaPublicKey.", msg); - sv_PrintDSAPublicKey(out, pk, mm); - break; - default: - fprintf(out, "%s=bad SPKI algorithm type\n", msg); - return 0; - } - - return 0; -} - -SECStatus -sv_PrintInvalidDateExten (FILE *out, SECItem *value, char *msg) -{ - SECItem decodedValue; - SECStatus rv; - int64 invalidTime; - char *formattedTime = NULL; - - decodedValue.data = NULL; - rv = SEC_ASN1DecodeItem (NULL, &decodedValue, SEC_GeneralizedTimeTemplate, - value); - if (rv == SECSuccess) { - rv = DER_GeneralizedTimeToTime(&invalidTime, &decodedValue); - if (rv == SECSuccess) { - formattedTime = CERT_GenTime2FormattedAscii(invalidTime, "%a %b %d %H:%M:%S %Y"); - fprintf (out, "%s: %s\n", msg, formattedTime); - PORT_Free (formattedTime); - } - } - PORT_Free (decodedValue.data); - - return (rv); -} - -int -sv_PrintExtensions(FILE *out, CERTCertExtension **extensions, char *msg) -{ - SECOidTag oidTag; - - if (extensions) { - - while ( *extensions ) { - SECItem *tmpitem; - - fprintf(out, "%sname=", msg); - - tmpitem = &(*extensions)->id; - sv_PrintObjectID(out, tmpitem, NULL); - - tmpitem = &(*extensions)->critical; - if ( tmpitem->len ) - fprintf(out, "%scritical=%s\n", msg, - (tmpitem->data && tmpitem->data[0])? "True": "False"); - - oidTag = SECOID_FindOIDTag (&((*extensions)->id)); - - fprintf(out, msg); - tmpitem = &((*extensions)->value); - if (oidTag == SEC_OID_X509_INVALID_DATE) - sv_PrintInvalidDateExten (out, tmpitem,"invalidExt"); - else - sv_PrintAsHex(out,tmpitem, "data="); - - /*fprintf(out, "\n");*/ - extensions++; - } - } - - return 0; -} - -/* callers of this function must make sure that the CERTSignedCrl - from which they are extracting the CERTCrl has been fully-decoded. - Otherwise it will not have the entries even though the CRL may have - some */ -void -sv_PrintCRLInfo(FILE *out, CERTCrl *crl, char *m) -{ - CERTCrlEntry *entry; - int iv; - char om[100]; - - fprintf(out, m); - sv_PrintAlgorithmID(out, &(crl->signatureAlg), "signatureAlgorithm="); - fprintf(out, m); - sv_PrintName(out, &(crl->name), "name="); - fprintf(out, m); - sv_PrintTime(out, &(crl->lastUpdate), "lastUpdate="); - fprintf(out, m); - sv_PrintTime(out, &(crl->nextUpdate), "nextUpdate="); - - if (crl->entries != NULL) { - iv = 0; - while ((entry = crl->entries[iv]) != NULL) { - fprintf(out, "%sentry[%d].", m, iv); - sv_PrintInteger(out, &(entry->serialNumber), "serialNumber="); - fprintf(out, "%sentry[%d].", m, iv); - sv_PrintTime(out, &(entry->revocationDate), "revocationDate="); - sprintf(om, "%sentry[%d].signedCRLEntriesExtensions.", m, iv++); - sv_PrintExtensions(out, entry->extensions, om); - } - } - sprintf(om, "%ssignedCRLEntriesExtensions.", m); - sv_PrintExtensions(out, crl->extensions, om); -} - - -int -sv_PrintCertificate(FILE *out, SECItem *der, char *m, int level) -{ - PRArenaPool *arena = NULL; - CERTCertificate *c; - int rv; - int iv; - char mm[200]; - - /* Decode certificate */ - c = (CERTCertificate*) PORT_ZAlloc(sizeof(CERTCertificate)); - if (!c) return PORT_GetError(); - - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if (!arena) return SEC_ERROR_NO_MEMORY; - - rv = SEC_ASN1DecodeItem(arena, c, CERT_CertificateTemplate, der); - if (rv) { - PORT_FreeArena(arena, PR_FALSE); - return rv; - } - - /* Pretty print it out */ - iv = DER_GetInteger(&c->version); - fprintf(out, "%sversion=%d (0x%x)\n", m, iv + 1, iv); - sprintf(mm, "%sserialNumber=", m); - sv_PrintInteger(out, &c->serialNumber, mm); - sprintf(mm, "%ssignatureAlgorithm=", m); - sv_PrintAlgorithmID(out, &c->signature, mm); - sprintf(mm, "%sissuerName=", m); - sv_PrintName(out, &c->issuer, mm); - sprintf(mm, "%svalidity.", m); - sv_PrintValidity(out, &c->validity, mm); - sprintf(mm, "%ssubject=", m); - sv_PrintName(out, &c->subject, mm); - sprintf(mm, "%ssubjectPublicKeyInfo", m); - rv = sv_PrintSubjectPublicKeyInfo(out, arena, &c->subjectPublicKeyInfo, mm); - if (rv) { - PORT_FreeArena(arena, PR_FALSE); - return rv; - } - sprintf(mm, "%ssignedExtensions.", m); - sv_PrintExtensions(out, c->extensions, mm); - - PORT_FreeArena(arena, PR_FALSE); - return 0; -} - -int -sv_PrintSignedData(FILE *out, SECItem *der, char *m, SECU_PPFunc inner) -{ - PRArenaPool *arena = NULL; - CERTSignedData *sd; - int rv; - - /* Strip off the signature */ - sd = (CERTSignedData*) PORT_ZAlloc(sizeof(CERTSignedData)); - if (!sd) return PORT_GetError(); - - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if (!arena) return SEC_ERROR_NO_MEMORY; - - rv = SEC_ASN1DecodeItem(arena, sd, CERT_SignedDataTemplate, der); - if (rv) { - PORT_FreeArena(arena, PR_FALSE); - return rv; - } - -/* fprintf(out, "%s:\n", m); */ - PORT_Strcat(m, "data."); - - rv = (*inner)(out, &sd->data, m, 0); - if (rv) { - PORT_FreeArena(arena, PR_FALSE); - return rv; - } - - m[PORT_Strlen(m) - 5] = 0; - fprintf(out, m); - sv_PrintAlgorithmID(out, &sd->signatureAlgorithm, "signatureAlgorithm="); - DER_ConvertBitString(&sd->signature); - fprintf(out, m); - sv_PrintAsHex(out, &sd->signature, "signature="); - - PORT_FreeArena(arena, PR_FALSE); - return 0; - -} - - -/* -** secu_PrintPKCS7Signed -** Pretty print a PKCS7 signed data type (up to version 1). -*/ -int -sv_PrintPKCS7Signed(FILE *out, SEC_PKCS7SignedData *src) -{ - SECAlgorithmID *digAlg; /* digest algorithms */ - SECItem *aCert; /* certificate */ - CERTSignedCrl *aCrl; /* certificate revocation list */ - SEC_PKCS7SignerInfo *sigInfo; /* signer information */ - int rv, iv; - char om[120]; - - sv_PrintInteger(out, &(src->version), "pkcs7.version="); - - /* Parse and list digest algorithms (if any) */ - if (src->digestAlgorithms != NULL) { - iv = 0; - while (src->digestAlgorithms[iv] != NULL) - iv++; - fprintf(out, "pkcs7.digestAlgorithmListLength=%d\n", iv); - iv = 0; - while ((digAlg = src->digestAlgorithms[iv]) != NULL) { - sprintf(om, "pkcs7.digestAlgorithm[%d]=", iv++); - sv_PrintAlgorithmID(out, digAlg, om); - } - } - - /* Now for the content */ - rv = sv_PrintPKCS7ContentInfo(out, &(src->contentInfo), - "pkcs7.contentInformation="); - if (rv != 0) return rv; - - /* Parse and list certificates (if any) */ - if (src->rawCerts != NULL) { - iv = 0; - while (src->rawCerts[iv] != NULL) - iv++; - fprintf(out, "pkcs7.certificateListLength=%d\n", iv); - - iv = 0; - while ((aCert = src->rawCerts[iv]) != NULL) { - sprintf(om, "certificate[%d].", iv++); - rv = sv_PrintSignedData(out, aCert, om, sv_PrintCertificate); - if (rv) return rv; - } - } - - /* Parse and list CRL's (if any) */ - if (src->crls != NULL) { - iv = 0; - while (src->crls[iv] != NULL) iv++; - fprintf(out, "pkcs7.signedRevocationLists=%d\n", iv); - iv = 0; - while ((aCrl = src->crls[iv]) != NULL) { - sprintf(om, "signedRevocationList[%d].", iv); - fprintf(out, om); - sv_PrintAlgorithmID(out, &aCrl->signatureWrap.signatureAlgorithm, - "signatureAlgorithm="); - DER_ConvertBitString(&aCrl->signatureWrap.signature); - fprintf(out, om); - sv_PrintAsHex(out, &aCrl->signatureWrap.signature, "signature="); - sprintf(om, "certificateRevocationList[%d].", iv); - sv_PrintCRLInfo(out, &aCrl->crl, om); - iv++; - } - } - - /* Parse and list signatures (if any) */ - if (src->signerInfos != NULL) { - iv = 0; - while (src->signerInfos[iv] != NULL) - iv++; - fprintf(out, "pkcs7.signerInformationListLength=%d\n", iv); - iv = 0; - while ((sigInfo = src->signerInfos[iv]) != NULL) { - sprintf(om, "signerInformation[%d].", iv++); - sv_PrintSignerInfo(out, sigInfo, om); - } - } - - return 0; -} - -#if 0 -/* -** secu_PrintPKCS7Enveloped -** Pretty print a PKCS7 enveloped data type (up to version 1). -*/ -void -secu_PrintPKCS7Enveloped(FILE *out, SEC_PKCS7EnvelopedData *src, - char *m, int level) -{ - SEC_PKCS7RecipientInfo *recInfo; /* pointer for signer information */ - int iv; - char om[100]; - - secu_Indent(out, level); fprintf(out, "%s:\n", m); - sv_PrintInteger(out, &(src->version), "Version", level + 1); - - /* Parse and list recipients (this is not optional) */ - if (src->recipientInfos != NULL) { - secu_Indent(out, level + 1); - fprintf(out, "Recipient Information List:\n"); - iv = 0; - while ((recInfo = src->recipientInfos[iv++]) != NULL) { - sprintf(om, "Recipient Information (%x)", iv); - secu_PrintRecipientInfo(out, recInfo, om, level + 2); - } - } - - secu_PrintPKCS7EncContent(out, &src->encContentInfo, - "Encrypted Content Information", level + 1); -} - -/* -** secu_PrintPKCS7SignedEnveloped -** Pretty print a PKCS7 singed and enveloped data type (up to version 1). -*/ -int -secu_PrintPKCS7SignedAndEnveloped(FILE *out, - SEC_PKCS7SignedAndEnvelopedData *src, - char *m, int level) -{ - SECAlgorithmID *digAlg; /* pointer for digest algorithms */ - SECItem *aCert; /* pointer for certificate */ - CERTSignedCrl *aCrl; /* pointer for certificate revocation list */ - SEC_PKCS7SignerInfo *sigInfo; /* pointer for signer information */ - SEC_PKCS7RecipientInfo *recInfo; /* pointer for recipient information */ - int rv, iv; - char om[100]; - - secu_Indent(out, level); fprintf(out, "%s:\n", m); - sv_PrintInteger(out, &(src->version), "Version", level + 1); - - /* Parse and list recipients (this is not optional) */ - if (src->recipientInfos != NULL) { - secu_Indent(out, level + 1); - fprintf(out, "Recipient Information List:\n"); - iv = 0; - while ((recInfo = src->recipientInfos[iv++]) != NULL) { - sprintf(om, "Recipient Information (%x)", iv); - secu_PrintRecipientInfo(out, recInfo, om, level + 2); - } - } - - /* Parse and list digest algorithms (if any) */ - if (src->digestAlgorithms != NULL) { - secu_Indent(out, level + 1); fprintf(out, "Digest Algorithm List:\n"); - iv = 0; - while ((digAlg = src->digestAlgorithms[iv++]) != NULL) { - sprintf(om, "Digest Algorithm (%x)", iv); - sv_PrintAlgorithmID(out, digAlg, om); - } - } - - secu_PrintPKCS7EncContent(out, &src->encContentInfo, - "Encrypted Content Information", level + 1); - - /* Parse and list certificates (if any) */ - if (src->rawCerts != NULL) { - secu_Indent(out, level + 1); fprintf(out, "Certificate List:\n"); - iv = 0; - while ((aCert = src->rawCerts[iv++]) != NULL) { - sprintf(om, "Certificate (%x)", iv); - rv = SECU_PrintSignedData(out, aCert, om, level + 2, - SECU_PrintCertificate); - if (rv) - return rv; - } - } - - /* Parse and list CRL's (if any) */ - if (src->crls != NULL) { - secu_Indent(out, level + 1); - fprintf(out, "Signed Revocation Lists:\n"); - iv = 0; - while ((aCrl = src->crls[iv++]) != NULL) { - sprintf(om, "Signed Revocation List (%x)", iv); - secu_Indent(out, level + 2); fprintf(out, "%s:\n", om); - sv_PrintAlgorithmID(out, &aCrl->signatureWrap.signatureAlgorithm, - "Signature Algorithm"); - DER_ConvertBitString(&aCrl->signatureWrap.signature); - sv_PrintAsHex(out, &aCrl->signatureWrap.signature, "Signature", - level+3); - SECU_PrintCRLInfo(out, &aCrl->crl, "Certificate Revocation List", - level + 3); - } - } - - /* Parse and list signatures (if any) */ - if (src->signerInfos != NULL) { - secu_Indent(out, level + 1); - fprintf(out, "Signer Information List:\n"); - iv = 0; - while ((sigInfo = src->signerInfos[iv++]) != NULL) { - sprintf(om, "Signer Information (%x)", iv); - secu_PrintSignerInfo(out, sigInfo, om, level + 2); - } - } - - return 0; -} - -/* -** secu_PrintPKCS7Encrypted -** Pretty print a PKCS7 encrypted data type (up to version 1). -*/ -void -secu_PrintPKCS7Encrypted(FILE *out, SEC_PKCS7EncryptedData *src, - char *m, int level) -{ - secu_Indent(out, level); fprintf(out, "%s:\n", m); - sv_PrintInteger(out, &(src->version), "Version", level + 1); - - secu_PrintPKCS7EncContent(out, &src->encContentInfo, - "Encrypted Content Information", level + 1); -} - -/* -** secu_PrintPKCS7Digested -** Pretty print a PKCS7 digested data type (up to version 1). -*/ -void -sv_PrintPKCS7Digested(FILE *out, SEC_PKCS7DigestedData *src) -{ - secu_Indent(out, level); fprintf(out, "%s:\n", m); - sv_PrintInteger(out, &(src->version), "Version", level + 1); - - sv_PrintAlgorithmID(out, &src->digestAlg, "Digest Algorithm"); - sv_PrintPKCS7ContentInfo(out, &src->contentInfo, "Content Information", - level + 1); - sv_PrintAsHex(out, &src->digest, "Digest", level + 1); -} - -#endif - -/* -** secu_PrintPKCS7ContentInfo -** Takes a SEC_PKCS7ContentInfo type and sends the contents to the -** appropriate function -*/ -int -sv_PrintPKCS7ContentInfo(FILE *out, SEC_PKCS7ContentInfo *src, char *m) -{ - const char *desc; - SECOidTag kind; - int rv; - - if (src->contentTypeTag == NULL) - src->contentTypeTag = SECOID_FindOID(&(src->contentType)); - - if (src->contentTypeTag == NULL) { - desc = "Unknown"; - kind = SEC_OID_PKCS7_DATA; - } else { - desc = src->contentTypeTag->desc; - kind = src->contentTypeTag->offset; - } - - fprintf(out, "%s%s\n", m, desc); - - if (src->content.data == NULL) { - fprintf(out, "pkcs7.data=<no content>\n"); - return 0; - } - - rv = 0; - switch (kind) { - case SEC_OID_PKCS7_SIGNED_DATA: /* Signed Data */ - rv = sv_PrintPKCS7Signed(out, src->content.signedData); - break; - - case SEC_OID_PKCS7_ENVELOPED_DATA: /* Enveloped Data */ - fprintf(out, "pkcs7EnvelopedData=<unsupported>\n"); - /*sv_PrintPKCS7Enveloped(out, src->content.envelopedData);*/ - break; - - case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA: /* Signed and Enveloped */ - fprintf(out, "pkcs7SignedEnvelopedData=<unsupported>\n"); - /*rv = sv_PrintPKCS7SignedAndEnveloped(out, - src->content.signedAndEnvelopedData);*/ - break; - - case SEC_OID_PKCS7_DIGESTED_DATA: /* Digested Data */ - fprintf(out, "pkcs7DigestedData=<unsupported>\n"); - /*sv_PrintPKCS7Digested(out, src->content.digestedData);*/ - break; - - case SEC_OID_PKCS7_ENCRYPTED_DATA: /* Encrypted Data */ - fprintf(out, "pkcs7EncryptedData=<unsupported>\n"); - /*sv_PrintPKCS7Encrypted(out, src->content.encryptedData);*/ - break; - - default: - fprintf(out, "pkcs7UnknownData=<unsupported>\n"); - /*sv_PrintAsHex(out, src->content.data);*/ - break; - } - - return rv; -} - - -int -SV_PrintPKCS7ContentInfo(FILE *out, SECItem *der) -{ - SEC_PKCS7ContentInfo *cinfo; - int rv = -1; - - cinfo = SEC_PKCS7DecodeItem(der, NULL, NULL, NULL, NULL, NULL, NULL, NULL); - - if (cinfo != NULL) { - rv = sv_PrintPKCS7ContentInfo(out, cinfo, "pkcs7.contentInfo="); - SEC_PKCS7DestroyContentInfo(cinfo); - } - - return rv; -} -/* -** End of PKCS7 functions -*/ diff --git a/security/nss/cmd/signver/signver.c b/security/nss/cmd/signver/signver.c deleted file mode 100644 index ca56bc862..000000000 --- a/security/nss/cmd/signver/signver.c +++ /dev/null @@ -1,455 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -#include "secutil.h" -#include "secmod.h" -#include "cert.h" -#include "secoid.h" -#include "nss.h" - -/* NSPR 2.0 header files */ -#include "prinit.h" -#include "prprf.h" -#include "prsystem.h" -#include "prmem.h" -/* Portable layer header files */ -#include "plstr.h" -#include "sechash.h" /* for HASH_GetHashObject() */ - -static int debugInfo = 0; - -static char *usageInfo[] = { - "Options:", - " -a signature file is ASCII", - " -d certdir directory containing cert database", - " -i dataFileName input file name containing data,", - " leave filename blank to use stdin", - " -s signatureFileName input file name containing signature,", - " leave filename blank to use stdin", - " -o outputFileName output file name, default stdout", - " -A display all information from pkcs #7", - " -C display all information from all certs", - " -C -n display number of certificates", - " -C -n certNum display all information from the certNum", - " certificate in pkcs #7 signed object", - " -C -n certNum f1 ... fN display information about specified", - " fields from the certNum certificate in", - " the pkcs #7 signed object", - " -S display signer information list", - " -S -n display number of signer information blocks", - " -S -n signerNum display all information from the signerNum", - " signer information block in pkcs #7", - " -S -n signerNum f1 ... fN display information about specified", - " fields from the signerNum signer", - " information block in pkcs #7 object", - " -V verify the signed object and display result", - " -V -v verify the signed object and display", - " result and reason for failure", - "Version 2.0" -}; -static int nUsageInfo = sizeof(usageInfo)/sizeof(char *); - -extern int SV_PrintPKCS7ContentInfo(FILE *, SECItem *); - -static void Usage(char *progName, FILE *outFile) -{ - int i; - fprintf(outFile, "Usage: %s options\n", progName); - for (i = 0; i < nUsageInfo; i++) - fprintf(outFile, "%s\n", usageInfo[i]); - exit(-1); -} - -static HASH_HashType -AlgorithmToHashType(SECAlgorithmID *digestAlgorithms) -{ - SECOidTag tag; - - tag = SECOID_GetAlgorithmTag(digestAlgorithms); - - switch (tag) { - case SEC_OID_MD2: - if (debugInfo) PR_fprintf(PR_STDERR, "Hash algorithm: HASH_AlgMD2 SEC_OID_MD2\n"); - return HASH_AlgMD2; - case SEC_OID_MD5: - if (debugInfo) PR_fprintf(PR_STDERR, "Hash algorithm: HASH_AlgMD5 SEC_OID_MD5\n"); - return HASH_AlgMD5; - case SEC_OID_SHA1: - if (debugInfo) PR_fprintf(PR_STDERR, "Hash algorithm: HASH_AlgSHA1 SEC_OID_SHA1\n"); - return HASH_AlgSHA1; - default: - if (debugInfo) PR_fprintf(PR_STDERR, "should never get here\n"); - return HASH_AlgNULL; - } -} - - -static int -DigestData (unsigned char *digest, unsigned char *data, - unsigned int *len, unsigned int maxLen, - HASH_HashType hashType) -{ - const SECHashObject *hashObj; - void *hashcx; - - hashObj = HASH_GetHashObject(hashType); - hashcx = (* hashObj->create)(); - if (hashcx == NULL) - return -1; - - (* hashObj->begin)(hashcx); - (* hashObj->update)(hashcx, data, PORT_Strlen((char *)data)); - (* hashObj->end)(hashcx, digest, len, maxLen); - (* hashObj->destroy)(hashcx, PR_TRUE); - - return 0; -} - -enum { - cmd_DisplayAllPCKS7Info = 0, - cmd_DisplayCertInfo, - cmd_DisplaySignerInfo, - cmd_VerifySignedObj -}; - -enum { - opt_ASCII, - opt_CertDir, - opt_InputDataFile, - opt_ItemNumber, - opt_OutputFile, - opt_InputSigFile, - opt_TypeTag, - opt_PrintWhyFailure -}; - -static secuCommandFlag signver_commands[] = -{ - { /* cmd_DisplayAllPCKS7Info*/ 'A', PR_FALSE, 0, PR_FALSE }, - { /* cmd_DisplayCertInfo */ 'C', PR_FALSE, 0, PR_FALSE }, - { /* cmd_DisplaySignerInfo */ 'S', PR_FALSE, 0, PR_FALSE }, - { /* cmd_VerifySignedObj */ 'V', PR_FALSE, 0, PR_FALSE } -}; - -static secuCommandFlag signver_options[] = -{ - { /* opt_ASCII */ 'a', PR_FALSE, 0, PR_FALSE }, - { /* opt_CertDir */ 'd', PR_TRUE, 0, PR_FALSE }, - { /* opt_InputDataFile */ 'i', PR_TRUE, 0, PR_FALSE }, - { /* opt_ItemNumber */ 'n', PR_FALSE, 0, PR_FALSE }, - { /* opt_OutputFile */ 'o', PR_TRUE, 0, PR_FALSE }, - { /* opt_InputSigFile */ 's', PR_TRUE, 0, PR_FALSE }, - { /* opt_TypeTag */ 't', PR_TRUE, 0, PR_FALSE }, - { /* opt_PrintWhyFailure */ 'v', PR_FALSE, 0, PR_FALSE } -}; - -int main(int argc, char **argv) -{ - PRExplodedTime explodedCurrent; - SECItem der, data; - char *progName; - int rv; - PRFileDesc *dataFile = 0; - PRFileDesc *signFile = 0; - FILE *outFile = stdout; - char *typeTag = 0; - PRBool displayAllCerts = PR_FALSE; - PRBool displayAllSigners = PR_FALSE; - PRFileInfo info; - PRInt32 nb; - SECStatus secstatus; - - secuCommand signver; - signver.numCommands = sizeof(signver_commands) /sizeof(secuCommandFlag); - signver.numOptions = sizeof(signver_options) / sizeof(secuCommandFlag); - signver.commands = signver_commands; - signver.options = signver_options; - -#ifdef XP_PC - progName = strrchr(argv[0], '\\'); -#else - progName = strrchr(argv[0], '/'); -#endif - progName = progName ? progName+1 : argv[0]; - - /*_asm int 3*/ - - PR_ExplodeTime(PR_Now(), PR_LocalTimeParameters, &explodedCurrent); -#if 0 - if (explodedCurrent.tm_year >= 1998 - && explodedCurrent.tm_month >= 5 /* months past tm_year (0-11, Jan = 0) */ - && explodedCurrent.tm_mday >= 1) { - PR_fprintf(PR_STDERR, "%s: expired\n", progName); - return -1; - } -#endif - - SECU_ParseCommandLine(argc, argv, progName, &signver); - - /* Set the certdb directory (default is ~/.{browser}) */ - SECU_ConfigDirectory(signver.options[opt_CertDir].arg); - - /* Set the certificate type. */ - typeTag = SECU_GetOptionArg(&signver, opt_TypeTag); - - /* -i and -s without filenames */ - if (signver.options[opt_InputDataFile].activated && - signver.options[opt_InputSigFile].activated && - !signver.options[opt_InputDataFile].arg && - !signver.options[opt_InputSigFile].arg) - PR_fprintf(PR_STDERR, - "%s: Only data or signature file can use stdin (not both).\n", - progName); - - /* Open the input data file (no arg == use stdin). */ - if (signver.options[opt_InputDataFile].activated) { - if (signver.options[opt_InputDataFile].arg) - dataFile = PR_Open(signver.options[opt_InputDataFile].arg, - PR_RDONLY, 0); - else - dataFile = PR_STDIN; - if (!dataFile) { - PR_fprintf(PR_STDERR, "%s: unable to open \"%s\" for reading.\n", - progName, signver.options[opt_InputDataFile].arg); - return -1; - } - } - - /* Open the input signature file (no arg == use stdin). */ - if (signver.options[opt_InputSigFile].activated) { - if (signver.options[opt_InputSigFile].arg) - signFile = PR_Open(signver.options[opt_InputSigFile].arg, - PR_RDONLY, 0); - else - signFile = PR_STDIN; - if (!signFile) { - PR_fprintf(PR_STDERR, "%s: unable to open \"%s\" for reading.\n", - progName, signver.options[opt_InputSigFile].arg); - return -1; - } - } - -#if 0 - if (!typeTag) ascii = 1; -#endif - - /* Open|Create the output file. */ - if (signver.options[opt_OutputFile].activated) { - outFile = fopen(signver.options[opt_OutputFile].arg, "w"); - /* - outFile = PR_Open(signver.options[opt_OutputFile].arg, - PR_WRONLY|PR_CREATE_FILE|PR_TRUNCATE, 00660); - */ - if (!outFile) { - PR_fprintf(PR_STDERR, "%s: unable to open \"%s\" for writing.\n", - progName, signver.options[opt_OutputFile].arg); - return -1; - } - } - - if (signver.commands[cmd_DisplayCertInfo].activated && - !signver.options[opt_ItemNumber].arg) - displayAllCerts = PR_TRUE; - - if (signver.commands[cmd_DisplaySignerInfo].activated && - !signver.options[opt_ItemNumber].arg) - displayAllSigners = PR_TRUE; - -#if 0 - case 'W': - debugInfo = 1; - break; -#endif - - if (!signFile && !dataFile && !typeTag) - Usage(progName, outFile); - - if (!signFile && !dataFile && - signver.commands[cmd_VerifySignedObj].activated) { - PR_fprintf(PR_STDERR, - "%s: unable to read all data from standard input\n", - progName); - return -1; - } - - PR_SetError(0, 0); /* PR_Init("pp", 1, 1, 0);*/ - secstatus = NSS_Init(SECU_ConfigDirectory(NULL)); - if (secstatus != SECSuccess) { - SECU_PrintPRandOSError(progName); - return -1; - } - - rv = SECU_ReadDERFromFile(&der, signFile, - signver.options[opt_ASCII].activated); - - /* Data is untyped, using the specified type */ - data.data = der.data; - data.len = der.len; - - - /* Signature Verification */ - if (!signver.options[opt_TypeTag].activated) { - if (signver.commands[cmd_VerifySignedObj].activated) { - SEC_PKCS7ContentInfo *cinfo; - - cinfo = SEC_PKCS7DecodeItem(&data, NULL, NULL, NULL, NULL, - NULL, NULL, NULL); - if (cinfo != NULL) { -#if 0 - if (debugInfo) { - PR_fprintf(PR_STDERR, "Content %s encrypted.\n", - SEC_PKCS7ContentIsEncrypted(cinfo) ? "was" : "was not"); - - PR_fprintf(PR_STDERR, "Content %s signed.\n", - SEC_PKCS7ContentIsSigned(cinfo) ? "was" : "was not"); - } -#endif - - if (SEC_PKCS7ContentIsSigned(cinfo)) { - SEC_PKCS7SignedData *signedData; - HASH_HashType digestType; - SECItem digest, data; - unsigned char *dataToVerify, digestBuffer[32]; - - signedData = cinfo->content.signedData; - - /* assume that there is only one digest algorithm for now */ - digestType = - AlgorithmToHashType(signedData->digestAlgorithms[0]); - if (digestType == HASH_AlgNULL) { - PR_fprintf(PR_STDERR, "Invalid hash algorithmID\n"); - return (-1); - } - rv = SECU_FileToItem(&data, dataFile); - dataToVerify = data.data; - if (dataToVerify) { - /*certUsageObjectSigner;*/ - SECCertUsage usage = certUsageEmailSigner; - - -#if 0 - if (debugInfo) - PR_fprintf(PR_STDERR, "dataToVerify=%s\n", - dataToVerify); -#endif - digest.data = digestBuffer; - if (DigestData (digest.data, dataToVerify, - &digest.len, 32, digestType)) { - PR_fprintf(PR_STDERR, "Fail to compute message digest for verification. Reason: %s\n", - SECU_ErrorString((int16)PORT_GetError())); - return (-1); - } -#if 0 - if (debugInfo) { - PR_fprintf(PR_STDERR, "Data Digest=:"); - for (i = 0; i < digest.len; i++) - PR_fprintf(PR_STDERR, "%02x:", digest.data[i]); - PR_fprintf(PR_STDERR, "\n"); - } -#endif - - - if (signver.commands[cmd_VerifySignedObj].activated) - fprintf(outFile, "signatureValid="); - PORT_SetError(0); - if (SEC_PKCS7VerifyDetachedSignature (cinfo, usage, - &digest, digestType, PR_FALSE)) { - if (signver.commands[cmd_VerifySignedObj].activated) - fprintf(outFile, "yes"); - } else { - if (signver.commands[cmd_VerifySignedObj].activated){ - fprintf(outFile, "no"); - if (signver.options[opt_PrintWhyFailure].activated) - fprintf(outFile, ":%s", SECU_ErrorString((int16)PORT_GetError())); - } - } - if (signver.commands[cmd_VerifySignedObj].activated) - fprintf(outFile, "\n"); - - SECITEM_FreeItem(&data, PR_FALSE); - } else { - PR_fprintf(PR_STDERR, "Cannot read data\n"); - return (-1); - } - } - - SEC_PKCS7DestroyContentInfo(cinfo); - } else - PR_fprintf(PR_STDERR, "Unable to decode PKCS7 data\n"); - } - - if (signver.commands[cmd_DisplayAllPCKS7Info].activated) - SV_PrintPKCS7ContentInfo(outFile, &data); - - if (displayAllCerts) - PR_fprintf(PR_STDERR, "-C option is not implemented in this version\n"); - - if (displayAllSigners) - PR_fprintf(PR_STDERR, "-S option is not implemented in this version\n"); - - /* Pretty print it */ - } else if (PL_strcmp(typeTag, SEC_CT_CERTIFICATE) == 0) { - rv = SECU_PrintSignedData(outFile, &data, "Certificate", 0, - SECU_PrintCertificate); - } else if (PL_strcmp(typeTag, SEC_CT_CERTIFICATE_REQUEST) == 0) { - rv = SECU_PrintSignedData(outFile, &data, "Certificate Request", 0, - SECU_PrintCertificateRequest); - } else if (PL_strcmp (typeTag, SEC_CT_CRL) == 0) { - rv = SECU_PrintSignedData (outFile, &data, "CRL", 0, SECU_PrintCrl); -#ifdef HAVE_EPK_TEMPLATE - } else if (PL_strcmp(typeTag, SEC_CT_PRIVATE_KEY) == 0) { - rv = SECU_PrintPrivateKey(outFile, &data, "Private Key", 0); -#endif - } else if (PL_strcmp(typeTag, SEC_CT_PUBLIC_KEY) == 0) { - rv = SECU_PrintPublicKey(outFile, &data, "Public Key", 0); - } else if (PL_strcmp(typeTag, SEC_CT_PKCS7) == 0) { - rv = SECU_PrintPKCS7ContentInfo(outFile, &data, - "PKCS #7 Content Info", 0); - } else { - PR_fprintf(PR_STDERR, "%s: don't know how to print out '%s' files\n", - progName, typeTag); - return -1; - } - - if (rv) { - PR_fprintf(PR_STDERR, "%s: problem converting data (%s)\n", - progName, SECU_ErrorString((int16)PORT_GetError())); - return -1; - } - - if (NSS_Shutdown() != SECSuccess) { - exit(1); - } - - return 0; -} diff --git a/security/nss/cmd/smimetools/Makefile b/security/nss/cmd/smimetools/Makefile deleted file mode 100644 index 9e3263d43..000000000 --- a/security/nss/cmd/smimetools/Makefile +++ /dev/null @@ -1,73 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - -include ../platlibs.mk - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - -include rules.mk - -include ../platrules.mk diff --git a/security/nss/cmd/smimetools/cmsutil.c b/security/nss/cmd/smimetools/cmsutil.c deleted file mode 100644 index ddaef6c83..000000000 --- a/security/nss/cmd/smimetools/cmsutil.c +++ /dev/null @@ -1,1614 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -/* - * cmsutil -- A command to work with CMS data - * - * $Id$ - */ - -#include "nspr.h" -#include "secutil.h" -#include "plgetopt.h" -#include "secpkcs7.h" -#include "cert.h" -#include "certdb.h" -#include "secoid.h" -#include "cms.h" -#include "nss.h" -#include "smime.h" -#include "pk11func.h" - -#if defined(XP_UNIX) -#include <unistd.h> -#endif - -#if defined(_WIN32) -#include "fcntl.h" -#include "io.h" -#endif - -#include <stdio.h> -#include <string.h> - -char *progName = NULL; -static int cms_verbose = 0; -static secuPWData pwdata = { PW_NONE, 0 }; -static PK11PasswordFunc pwcb = NULL; -static void *pwcb_arg = NULL; - - -/* XXX stolen from cmsarray.c - * nss_CMSArray_Count - count number of elements in array - */ -int -nss_CMSArray_Count(void **array) -{ - int n = 0; - if (array == NULL) - return 0; - while (*array++ != NULL) - n++; - return n; -} - -static SECStatus -DigestFile(PLArenaPool *poolp, SECItem ***digests, SECItem *input, - SECAlgorithmID **algids) -{ - NSSCMSDigestContext *digcx; - SECStatus rv; - - digcx = NSS_CMSDigestContext_StartMultiple(algids); - if (digcx == NULL) - return SECFailure; - - NSS_CMSDigestContext_Update(digcx, input->data, input->len); - - rv = NSS_CMSDigestContext_FinishMultiple(digcx, poolp, digests); - return rv; -} - - -static void -Usage(char *progName) -{ - fprintf(stderr, -"Usage: %s [-C|-D|-E|-O|-S] [<options>] [-d dbdir] [-u certusage]\n" -" -C create a CMS encrypted data message\n" -" -D decode a CMS message\n" -" -b decode a batch of files named in infile\n" -" -c content use this detached content\n" -" -n suppress output of content\n" -" -h num display num levels of CMS message info as email headers\n" -" -k keep decoded encryption certs in perm cert db\n" -" -E create a CMS enveloped data message\n" -" -r id,... create envelope for these recipients,\n" -" where id can be a certificate nickname or email address\n" -" -S create a CMS signed data message\n" -" -G include a signing time attribute\n" -" -H hash use hash (default:SHA1)\n" -" -N nick use certificate named \"nick\" for signing\n" -" -P include a SMIMECapabilities attribute\n" -" -T do not include content in CMS message\n" -" -Y nick include a EncryptionKeyPreference attribute with cert\n" -" (use \"NONE\" to omit)\n" -" -O create a CMS signed message containing only certificates\n" -" General Options:\n" -" -d dbdir key/cert database directory (default: ~/.netscape)\n" -" -e envelope enveloped data message in this file is used for bulk key\n" -" -i infile use infile as source of data (default: stdin)\n" -" -o outfile use outfile as destination of data (default: stdout)\n" -" -p password use password as key db password (default: prompt)\n" -" -u certusage set type of certificate usage (default: certUsageEmailSigner)\n" -" -v print debugging information\n" -"\n" -"Cert usage codes:\n", - progName); - fprintf(stderr, "%-25s 0 - certUsageSSLClient\n", " "); - fprintf(stderr, "%-25s 1 - certUsageSSLServer\n", " "); - fprintf(stderr, "%-25s 2 - certUsageSSLServerWithStepUp\n", " "); - fprintf(stderr, "%-25s 3 - certUsageSSLCA\n", " "); - fprintf(stderr, "%-25s 4 - certUsageEmailSigner\n", " "); - fprintf(stderr, "%-25s 5 - certUsageEmailRecipient\n", " "); - fprintf(stderr, "%-25s 6 - certUsageObjectSigner\n", " "); - fprintf(stderr, "%-25s 7 - certUsageUserCertImport\n", " "); - fprintf(stderr, "%-25s 8 - certUsageVerifyCA\n", " "); - fprintf(stderr, "%-25s 9 - certUsageProtectedObjectSigner\n", " "); - fprintf(stderr, "%-25s 10 - certUsageStatusResponder\n", " "); - fprintf(stderr, "%-25s 11 - certUsageAnyCA\n", " "); - - exit(-1); -} - -struct optionsStr { - char *password; - SECCertUsage certUsage; - CERTCertDBHandle *certHandle; -}; - -struct decodeOptionsStr { - struct optionsStr *options; - SECItem content; - int headerLevel; - PRBool suppressContent; - NSSCMSGetDecryptKeyCallback dkcb; - PK11SymKey *bulkkey; - PRBool keepCerts; -}; - -struct signOptionsStr { - struct optionsStr *options; - char *nickname; - char *encryptionKeyPreferenceNick; - PRBool signingTime; - PRBool smimeProfile; - PRBool detached; - SECOidTag hashAlgTag; -}; - -struct envelopeOptionsStr { - struct optionsStr *options; - char **recipients; -}; - -struct certsonlyOptionsStr { - struct optionsStr *options; - char **recipients; -}; - -struct encryptOptionsStr { - struct optionsStr *options; - char **recipients; - NSSCMSMessage *envmsg; - SECItem *input; - FILE *outfile; - PRFileDesc *envFile; - PK11SymKey *bulkkey; - SECOidTag bulkalgtag; - int keysize; -}; - -static NSSCMSMessage * -decode(FILE *out, SECItem *input, const struct decodeOptionsStr *decodeOptions) -{ - NSSCMSDecoderContext *dcx; - NSSCMSMessage *cmsg; - int nlevels, i; - SECItem sitem = { 0, 0, 0 }; - - PORT_SetError(0); - dcx = NSS_CMSDecoder_Start(NULL, - NULL, NULL, /* content callback */ - pwcb, pwcb_arg, /* password callback */ - decodeOptions->dkcb, /* decrypt key callback */ - decodeOptions->bulkkey); - (void)NSS_CMSDecoder_Update(dcx, (char *)input->data, input->len); - cmsg = NSS_CMSDecoder_Finish(dcx); - if (cmsg == NULL) { - fprintf(stderr, "%s: failed to decode message.\n", progName); - return NULL; - } - - if (decodeOptions->headerLevel >= 0) { - /*fprintf(out, "SMIME: ", decodeOptions->headerLevel, i);*/ - fprintf(out, "SMIME: "); - } - - nlevels = NSS_CMSMessage_ContentLevelCount(cmsg); - for (i = 0; i < nlevels; i++) { - NSSCMSContentInfo *cinfo; - SECOidTag typetag; - - cinfo = NSS_CMSMessage_ContentLevel(cmsg, i); - typetag = NSS_CMSContentInfo_GetContentTypeTag(cinfo); - - if (decodeOptions->headerLevel >= 0) - fprintf(out, "\tlevel=%d.%d; ", decodeOptions->headerLevel, nlevels - i); - - switch (typetag) { - case SEC_OID_PKCS7_SIGNED_DATA: - { - NSSCMSSignedData *sigd = NULL; - SECItem **digests; - int nsigners; - int j; - - if (decodeOptions->headerLevel >= 0) - fprintf(out, "type=signedData; "); - sigd = (NSSCMSSignedData *)NSS_CMSContentInfo_GetContent(cinfo); - if (sigd == NULL) { - SECU_PrintError(progName, "signedData component missing"); - goto loser; - } - - /* if we have a content file, but no digests for this signedData */ - if (decodeOptions->content.data != NULL && - !NSS_CMSSignedData_HasDigests(sigd)) { - PLArenaPool *poolp; - SECAlgorithmID **digestalgs; - - /* detached content: grab content file */ - sitem = decodeOptions->content; - - if ((poolp = PORT_NewArena(1024)) == NULL) { - fprintf(stderr, "cmsutil: Out of memory.\n"); - goto loser; - } - digestalgs = NSS_CMSSignedData_GetDigestAlgs(sigd); - if (DigestFile (poolp, &digests, &sitem, digestalgs) - != SECSuccess) { - SECU_PrintError(progName, - "problem computing message digest"); - PORT_FreeArena(poolp, PR_FALSE); - goto loser; - } - if (NSS_CMSSignedData_SetDigests(sigd, digestalgs, digests) - != SECSuccess) { - SECU_PrintError(progName, - "problem setting message digests"); - PORT_FreeArena(poolp, PR_FALSE); - goto loser; - } - PORT_FreeArena(poolp, PR_FALSE); - } - - /* import the certificates */ - if (NSS_CMSSignedData_ImportCerts(sigd, - decodeOptions->options->certHandle, - decodeOptions->options->certUsage, - decodeOptions->keepCerts) - != SECSuccess) { - SECU_PrintError(progName, "cert import failed"); - goto loser; - } - - /* find out about signers */ - nsigners = NSS_CMSSignedData_SignerInfoCount(sigd); - if (decodeOptions->headerLevel >= 0) - fprintf(out, "nsigners=%d; ", nsigners); - if (nsigners == 0) { - /* Might be a cert transport message - ** or might be an invalid message, such as a QA test message - ** or a message from an attacker. - */ - SECStatus rv; - rv = NSS_CMSSignedData_VerifyCertsOnly(sigd, - decodeOptions->options->certHandle, - decodeOptions->options->certUsage); - if (rv != SECSuccess) { - fprintf(stderr, "cmsutil: Verify certs-only failed!\n"); - goto loser; - } - return cmsg; - } - - /* still no digests? */ - if (!NSS_CMSSignedData_HasDigests(sigd)) { - SECU_PrintError(progName, "no message digests"); - goto loser; - } - - for (j = 0; j < nsigners; j++) { - const char * svs; - NSSCMSSignerInfo *si; - NSSCMSVerificationStatus vs; - SECStatus bad; - - si = NSS_CMSSignedData_GetSignerInfo(sigd, j); - if (decodeOptions->headerLevel >= 0) { - char *signercn; - static char empty[] = { "" }; - - signercn = NSS_CMSSignerInfo_GetSignerCommonName(si); - if (signercn == NULL) - signercn = empty; - fprintf(out, "\n\t\tsigner%d.id=\"%s\"; ", j, signercn); - if (signercn != empty) - PORT_Free(signercn); - } - bad = NSS_CMSSignedData_VerifySignerInfo(sigd, j, - decodeOptions->options->certHandle, - decodeOptions->options->certUsage); - vs = NSS_CMSSignerInfo_GetVerificationStatus(si); - svs = NSS_CMSUtil_VerificationStatusToString(vs); - if (decodeOptions->headerLevel >= 0) { - fprintf(out, "signer%d.status=%s; ", j, svs); - /* goto loser ? */ - } else if (bad && out) { - fprintf(stderr, "signer %d status = %s\n", j, svs); - goto loser; - } - } - } - break; - case SEC_OID_PKCS7_ENVELOPED_DATA: - { - NSSCMSEnvelopedData *envd; - if (decodeOptions->headerLevel >= 0) - fprintf(out, "type=envelopedData; "); - envd = (NSSCMSEnvelopedData *)NSS_CMSContentInfo_GetContent(cinfo); - if (envd == NULL) { - SECU_PrintError(progName, "envelopedData component missing"); - goto loser; - } - } - break; - case SEC_OID_PKCS7_ENCRYPTED_DATA: - { - NSSCMSEncryptedData *encd; - if (decodeOptions->headerLevel >= 0) - fprintf(out, "type=encryptedData; "); - encd = (NSSCMSEncryptedData *)NSS_CMSContentInfo_GetContent(cinfo); - if (encd == NULL) { - SECU_PrintError(progName, "encryptedData component missing"); - goto loser; - } - } - break; - case SEC_OID_PKCS7_DATA: - if (decodeOptions->headerLevel >= 0) - fprintf(out, "type=data; "); - break; - default: - break; - } - if (decodeOptions->headerLevel >= 0) - fprintf(out, "\n"); - } - - if (!decodeOptions->suppressContent && out) { - SECItem *item = (sitem.data ? &sitem - : NSS_CMSMessage_GetContent(cmsg)); - if (item && item->data && item->len) { - fwrite(item->data, item->len, 1, out); - } - } - return cmsg; - -loser: - if (cmsg) - NSS_CMSMessage_Destroy(cmsg); - return NULL; -} - -/* example of a callback function to use with encoder */ -/* -static void -writeout(void *arg, const char *buf, unsigned long len) -{ - FILE *f = (FILE *)arg; - - if (f != NULL && buf != NULL) - (void)fwrite(buf, len, 1, f); -} -*/ - -static NSSCMSMessage * -signed_data(struct signOptionsStr *signOptions) -{ - NSSCMSMessage *cmsg = NULL; - NSSCMSContentInfo *cinfo; - NSSCMSSignedData *sigd; - NSSCMSSignerInfo *signerinfo; - CERTCertificate *cert= NULL, *ekpcert = NULL; - - if (cms_verbose) { - fprintf(stderr, "Input to signed_data:\n"); - if (signOptions->options->password) - fprintf(stderr, "password [%s]\n", signOptions->options->password); - else - fprintf(stderr, "password [NULL]\n"); - fprintf(stderr, "certUsage [%d]\n", signOptions->options->certUsage); - if (signOptions->options->certHandle) - fprintf(stderr, "certdb [%p]\n", signOptions->options->certHandle); - else - fprintf(stderr, "certdb [NULL]\n"); - if (signOptions->nickname) - fprintf(stderr, "nickname [%s]\n", signOptions->nickname); - else - fprintf(stderr, "nickname [NULL]\n"); - } - if (signOptions->nickname == NULL) { - fprintf(stderr, - "ERROR: please indicate the nickname of a certificate to sign with.\n"); - return NULL; - } - if ((cert = CERT_FindUserCertByUsage(signOptions->options->certHandle, - signOptions->nickname, - signOptions->options->certUsage, - PR_FALSE, - &pwdata)) == NULL) { - SECU_PrintError(progName, - "the corresponding cert for key \"%s\" does not exist", - signOptions->nickname); - return NULL; - } - if (cms_verbose) { - fprintf(stderr, "Found certificate for %s\n", signOptions->nickname); - } - /* - * create the message object - */ - cmsg = NSS_CMSMessage_Create(NULL); /* create a message on its own pool */ - if (cmsg == NULL) { - fprintf(stderr, "ERROR: cannot create CMS message.\n"); - return NULL; - } - /* - * build chain of objects: message->signedData->data - */ - if ((sigd = NSS_CMSSignedData_Create(cmsg)) == NULL) { - fprintf(stderr, "ERROR: cannot create CMS signedData object.\n"); - goto loser; - } - cinfo = NSS_CMSMessage_GetContentInfo(cmsg); - if (NSS_CMSContentInfo_SetContent_SignedData(cmsg, cinfo, sigd) - != SECSuccess) { - fprintf(stderr, "ERROR: cannot attach CMS signedData object.\n"); - goto loser; - } - cinfo = NSS_CMSSignedData_GetContentInfo(sigd); - /* we're always passing data in and detaching optionally */ - if (NSS_CMSContentInfo_SetContent_Data(cmsg, cinfo, NULL, - signOptions->detached) - != SECSuccess) { - fprintf(stderr, "ERROR: cannot attach CMS data object.\n"); - goto loser; - } - /* - * create & attach signer information - */ - signerinfo = NSS_CMSSignerInfo_Create(cmsg, cert, signOptions->hashAlgTag); - if (signerinfo == NULL) { - fprintf(stderr, "ERROR: cannot create CMS signerInfo object.\n"); - goto loser; - } - if (cms_verbose) { - fprintf(stderr, - "Created CMS message, added signed data w/ signerinfo\n"); - } - /* we want the cert chain included for this one */ - if (NSS_CMSSignerInfo_IncludeCerts(signerinfo, NSSCMSCM_CertChain, - signOptions->options->certUsage) - != SECSuccess) { - fprintf(stderr, "ERROR: cannot find cert chain.\n"); - goto loser; - } - if (cms_verbose) { - fprintf(stderr, "imported certificate\n"); - } - if (signOptions->signingTime) { - if (NSS_CMSSignerInfo_AddSigningTime(signerinfo, PR_Now()) - != SECSuccess) { - fprintf(stderr, "ERROR: cannot add signingTime attribute.\n"); - goto loser; - } - } - if (signOptions->smimeProfile) { - if (NSS_CMSSignerInfo_AddSMIMECaps(signerinfo) != SECSuccess) { - fprintf(stderr, "ERROR: cannot add SMIMECaps attribute.\n"); - goto loser; - } - } - - if (!signOptions->encryptionKeyPreferenceNick) { - /* check signing cert for fitness as encryption cert */ - SECStatus FitForEncrypt = CERT_CheckCertUsage(cert, - certUsageEmailRecipient); - - if (SECSuccess == FitForEncrypt) { - /* if yes, add signing cert as EncryptionKeyPreference */ - if (NSS_CMSSignerInfo_AddSMIMEEncKeyPrefs(signerinfo, cert, - signOptions->options->certHandle) - != SECSuccess) { - fprintf(stderr, - "ERROR: cannot add default SMIMEEncKeyPrefs attribute.\n"); - goto loser; - } - if (NSS_CMSSignerInfo_AddMSSMIMEEncKeyPrefs(signerinfo, cert, - signOptions->options->certHandle) - != SECSuccess) { - fprintf(stderr, - "ERROR: cannot add default MS SMIMEEncKeyPrefs attribute.\n"); - goto loser; - } - } else { - /* this is a dual-key cert case, we need to look for the encryption - certificate under the same nickname as the signing cert */ - /* get the cert, add it to the message */ - if ((ekpcert = CERT_FindUserCertByUsage( - signOptions->options->certHandle, - signOptions->nickname, - certUsageEmailRecipient, - PR_FALSE, - &pwdata)) == NULL) { - SECU_PrintError(progName, - "the corresponding cert for key \"%s\" does not exist", - signOptions->encryptionKeyPreferenceNick); - goto loser; - } - if (NSS_CMSSignerInfo_AddSMIMEEncKeyPrefs(signerinfo, ekpcert, - signOptions->options->certHandle) - != SECSuccess) { - fprintf(stderr, - "ERROR: cannot add SMIMEEncKeyPrefs attribute.\n"); - goto loser; - } - if (NSS_CMSSignerInfo_AddMSSMIMEEncKeyPrefs(signerinfo, ekpcert, - signOptions->options->certHandle) - != SECSuccess) { - fprintf(stderr, - "ERROR: cannot add MS SMIMEEncKeyPrefs attribute.\n"); - goto loser; - } - if (NSS_CMSSignedData_AddCertificate(sigd, ekpcert) != SECSuccess) { - fprintf(stderr, "ERROR: cannot add encryption certificate.\n"); - goto loser; - } - } - } else if (PL_strcmp(signOptions->encryptionKeyPreferenceNick, "NONE") == 0) { - /* No action */ - } else { - /* get the cert, add it to the message */ - if ((ekpcert = CERT_FindUserCertByUsage( - signOptions->options->certHandle, - signOptions->encryptionKeyPreferenceNick, - certUsageEmailRecipient, PR_FALSE, &pwdata)) - == NULL) { - SECU_PrintError(progName, - "the corresponding cert for key \"%s\" does not exist", - signOptions->encryptionKeyPreferenceNick); - goto loser; - } - if (NSS_CMSSignerInfo_AddSMIMEEncKeyPrefs(signerinfo, ekpcert, - signOptions->options->certHandle) - != SECSuccess) { - fprintf(stderr, "ERROR: cannot add SMIMEEncKeyPrefs attribute.\n"); - goto loser; - } - if (NSS_CMSSignerInfo_AddMSSMIMEEncKeyPrefs(signerinfo, ekpcert, - signOptions->options->certHandle) - != SECSuccess) { - fprintf(stderr, "ERROR: cannot add MS SMIMEEncKeyPrefs attribute.\n"); - goto loser; - } - if (NSS_CMSSignedData_AddCertificate(sigd, ekpcert) != SECSuccess) { - fprintf(stderr, "ERROR: cannot add encryption certificate.\n"); - goto loser; - } - } - - if (NSS_CMSSignedData_AddSignerInfo(sigd, signerinfo) != SECSuccess) { - fprintf(stderr, "ERROR: cannot add CMS signerInfo object.\n"); - goto loser; - } - if (cms_verbose) { - fprintf(stderr, "created signed-data message\n"); - } - if (ekpcert) { - CERT_DestroyCertificate(ekpcert); - } - if (cert) { - CERT_DestroyCertificate(cert); - } - return cmsg; -loser: - if (ekpcert) { - CERT_DestroyCertificate(ekpcert); - } - if (cert) { - CERT_DestroyCertificate(cert); - } - NSS_CMSMessage_Destroy(cmsg); - return NULL; -} - -static NSSCMSMessage * -enveloped_data(struct envelopeOptionsStr *envelopeOptions) -{ - NSSCMSMessage *cmsg = NULL; - NSSCMSContentInfo *cinfo; - NSSCMSEnvelopedData *envd; - NSSCMSRecipientInfo *recipientinfo; - CERTCertificate **recipientcerts = NULL; - CERTCertDBHandle *dbhandle; - PLArenaPool *tmppoolp = NULL; - SECOidTag bulkalgtag; - int keysize, i = 0; - int cnt; - dbhandle = envelopeOptions->options->certHandle; - /* count the recipients */ - if ((cnt = nss_CMSArray_Count((void **)envelopeOptions->recipients)) == 0) { - fprintf(stderr, "ERROR: please name at least one recipient.\n"); - goto loser; - } - if ((tmppoolp = PORT_NewArena (1024)) == NULL) { - fprintf(stderr, "ERROR: out of memory.\n"); - goto loser; - } - /* XXX find the recipient's certs by email address or nickname */ - if ((recipientcerts = - (CERTCertificate **)PORT_ArenaZAlloc(tmppoolp, - (cnt+1)*sizeof(CERTCertificate*))) - == NULL) { - fprintf(stderr, "ERROR: out of memory.\n"); - goto loser; - } - for (i=0; envelopeOptions->recipients[i] != NULL; i++) { - if ((recipientcerts[i] = - CERT_FindCertByNicknameOrEmailAddr(dbhandle, - envelopeOptions->recipients[i])) - == NULL) { - SECU_PrintError(progName, "cannot find certificate for \"%s\"", - envelopeOptions->recipients[i]); - i=0; - goto loser; - } - } - recipientcerts[i] = NULL; - i=0; - /* find a nice bulk algorithm */ - if (NSS_SMIMEUtil_FindBulkAlgForRecipients(recipientcerts, &bulkalgtag, - &keysize) != SECSuccess) { - fprintf(stderr, "ERROR: cannot find common bulk algorithm.\n"); - goto loser; - } - /* - * create the message object - */ - cmsg = NSS_CMSMessage_Create(NULL); /* create a message on its own pool */ - if (cmsg == NULL) { - fprintf(stderr, "ERROR: cannot create CMS message.\n"); - goto loser; - } - /* - * build chain of objects: message->envelopedData->data - */ - if ((envd = NSS_CMSEnvelopedData_Create(cmsg, bulkalgtag, keysize)) - == NULL) { - fprintf(stderr, "ERROR: cannot create CMS envelopedData object.\n"); - goto loser; - } - cinfo = NSS_CMSMessage_GetContentInfo(cmsg); - if (NSS_CMSContentInfo_SetContent_EnvelopedData(cmsg, cinfo, envd) - != SECSuccess) { - fprintf(stderr, "ERROR: cannot attach CMS envelopedData object.\n"); - goto loser; - } - cinfo = NSS_CMSEnvelopedData_GetContentInfo(envd); - /* we're always passing data in, so the content is NULL */ - if (NSS_CMSContentInfo_SetContent_Data(cmsg, cinfo, NULL, PR_FALSE) - != SECSuccess) { - fprintf(stderr, "ERROR: cannot attach CMS data object.\n"); - goto loser; - } - /* - * create & attach recipient information - */ - for (i = 0; recipientcerts[i] != NULL; i++) { - if ((recipientinfo = NSS_CMSRecipientInfo_Create(cmsg, - recipientcerts[i])) - == NULL) { - fprintf(stderr, "ERROR: cannot create CMS recipientInfo object.\n"); - goto loser; - } - if (NSS_CMSEnvelopedData_AddRecipient(envd, recipientinfo) - != SECSuccess) { - fprintf(stderr, "ERROR: cannot add CMS recipientInfo object.\n"); - goto loser; - } - CERT_DestroyCertificate(recipientcerts[i]); - } - if (tmppoolp) - PORT_FreeArena(tmppoolp, PR_FALSE); - return cmsg; -loser: - if (recipientcerts) { - for (; recipientcerts[i] != NULL; i++) { - CERT_DestroyCertificate(recipientcerts[i]); - } - } - if (cmsg) - NSS_CMSMessage_Destroy(cmsg); - if (tmppoolp) - PORT_FreeArena(tmppoolp, PR_FALSE); - return NULL; -} - -PK11SymKey *dkcb(void *arg, SECAlgorithmID *algid) -{ - return (PK11SymKey*)arg; -} - -static SECStatus -get_enc_params(struct encryptOptionsStr *encryptOptions) -{ - struct envelopeOptionsStr envelopeOptions; - SECStatus rv = SECFailure; - NSSCMSMessage *env_cmsg; - NSSCMSContentInfo *cinfo; - int i, nlevels; - /* - * construct an enveloped data message to obtain bulk keys - */ - if (encryptOptions->envmsg) { - env_cmsg = encryptOptions->envmsg; /* get it from an old message */ - } else { - SECItem dummyOut = { 0, 0, 0 }; - SECItem dummyIn = { 0, 0, 0 }; - char str[] = "Hello!"; - PLArenaPool *tmparena = PORT_NewArena(1024); - dummyIn.data = (unsigned char *)str; - dummyIn.len = strlen(str); - envelopeOptions.options = encryptOptions->options; - envelopeOptions.recipients = encryptOptions->recipients; - env_cmsg = enveloped_data(&envelopeOptions); - NSS_CMSDEREncode(env_cmsg, &dummyIn, &dummyOut, tmparena); - PR_Write(encryptOptions->envFile, dummyOut.data, dummyOut.len); - PORT_FreeArena(tmparena, PR_FALSE); - } - /* - * get the content info for the enveloped data - */ - nlevels = NSS_CMSMessage_ContentLevelCount(env_cmsg); - for (i = 0; i < nlevels; i++) { - SECOidTag typetag; - cinfo = NSS_CMSMessage_ContentLevel(env_cmsg, i); - typetag = NSS_CMSContentInfo_GetContentTypeTag(cinfo); - if (typetag == SEC_OID_PKCS7_DATA) { - /* - * get the symmetric key - */ - encryptOptions->bulkalgtag = NSS_CMSContentInfo_GetContentEncAlgTag(cinfo); - encryptOptions->keysize = NSS_CMSContentInfo_GetBulkKeySize(cinfo); - encryptOptions->bulkkey = NSS_CMSContentInfo_GetBulkKey(cinfo); - rv = SECSuccess; - break; - } - } - if (i == nlevels) { - fprintf(stderr, "%s: could not retrieve enveloped data.", progName); - } - if (env_cmsg) - NSS_CMSMessage_Destroy(env_cmsg); - return rv; -} - -static NSSCMSMessage * -encrypted_data(struct encryptOptionsStr *encryptOptions) -{ - SECStatus rv = SECFailure; - NSSCMSMessage *cmsg = NULL; - NSSCMSContentInfo *cinfo; - NSSCMSEncryptedData *encd; - NSSCMSEncoderContext *ecx = NULL; - PLArenaPool *tmppoolp = NULL; - SECItem derOut = { 0, 0, 0 }; - /* arena for output */ - tmppoolp = PORT_NewArena(1024); - if (!tmppoolp) { - fprintf(stderr, "%s: out of memory.\n", progName); - return NULL; - } - /* - * create the message object - */ - cmsg = NSS_CMSMessage_Create(NULL); - if (cmsg == NULL) { - fprintf(stderr, "ERROR: cannot create CMS message.\n"); - goto loser; - } - /* - * build chain of objects: message->encryptedData->data - */ - if ((encd = NSS_CMSEncryptedData_Create(cmsg, encryptOptions->bulkalgtag, - encryptOptions->keysize)) - == NULL) { - fprintf(stderr, "ERROR: cannot create CMS encryptedData object.\n"); - goto loser; - } - cinfo = NSS_CMSMessage_GetContentInfo(cmsg); - if (NSS_CMSContentInfo_SetContent_EncryptedData(cmsg, cinfo, encd) - != SECSuccess) { - fprintf(stderr, "ERROR: cannot attach CMS encryptedData object.\n"); - goto loser; - } - cinfo = NSS_CMSEncryptedData_GetContentInfo(encd); - /* we're always passing data in, so the content is NULL */ - if (NSS_CMSContentInfo_SetContent_Data(cmsg, cinfo, NULL, PR_FALSE) - != SECSuccess) { - fprintf(stderr, "ERROR: cannot attach CMS data object.\n"); - goto loser; - } - ecx = NSS_CMSEncoder_Start(cmsg, NULL, NULL, &derOut, tmppoolp, NULL, NULL, - dkcb, encryptOptions->bulkkey, NULL, NULL); - if (!ecx) { - fprintf(stderr, "%s: cannot create encoder context.\n", progName); - goto loser; - } - rv = NSS_CMSEncoder_Update(ecx, (char *)encryptOptions->input->data, - encryptOptions->input->len); - if (rv) { - fprintf(stderr, "%s: failed to add data to encoder.\n", progName); - goto loser; - } - rv = NSS_CMSEncoder_Finish(ecx); - if (rv) { - fprintf(stderr, "%s: failed to encrypt data.\n", progName); - goto loser; - } - fwrite(derOut.data, derOut.len, 1, encryptOptions->outfile); - /* - if (bulkkey) - PK11_FreeSymKey(bulkkey); - */ - if (tmppoolp) - PORT_FreeArena(tmppoolp, PR_FALSE); - return cmsg; -loser: - /* - if (bulkkey) - PK11_FreeSymKey(bulkkey); - */ - if (tmppoolp) - PORT_FreeArena(tmppoolp, PR_FALSE); - if (cmsg) - NSS_CMSMessage_Destroy(cmsg); - return NULL; -} - -static NSSCMSMessage * -signed_data_certsonly(struct certsonlyOptionsStr *certsonlyOptions) -{ - NSSCMSMessage *cmsg = NULL; - NSSCMSContentInfo *cinfo; - NSSCMSSignedData *sigd; - CERTCertificate **certs = NULL; - CERTCertDBHandle *dbhandle; - PLArenaPool *tmppoolp = NULL; - int i = 0, cnt; - dbhandle = certsonlyOptions->options->certHandle; - if ((cnt = nss_CMSArray_Count((void**)certsonlyOptions->recipients)) == 0) { - fprintf(stderr, - "ERROR: please indicate the nickname of a certificate to sign with.\n"); - goto loser; - } - if (!(tmppoolp = PORT_NewArena(1024))) { - fprintf(stderr, "ERROR: out of memory.\n"); - goto loser; - } - if (!(certs = PORT_ArenaZNewArray(tmppoolp, CERTCertificate *, cnt + 1))) { - fprintf(stderr, "ERROR: out of memory.\n"); - goto loser; - } - for (i=0; certsonlyOptions->recipients[i] != NULL; i++) { - if ((certs[i] = - CERT_FindCertByNicknameOrEmailAddr(dbhandle, - certsonlyOptions->recipients[i])) - == NULL) { - SECU_PrintError(progName, "cannot find certificate for \"%s\"", - certsonlyOptions->recipients[i]); - i=0; - goto loser; - } - } - certs[i] = NULL; - i=0; - /* - * create the message object - */ - cmsg = NSS_CMSMessage_Create(NULL); - if (cmsg == NULL) { - fprintf(stderr, "ERROR: cannot create CMS message.\n"); - goto loser; - } - /* - * build chain of objects: message->signedData->data - */ - if ((sigd = NSS_CMSSignedData_CreateCertsOnly(cmsg, certs[0], PR_TRUE)) - == NULL) { - fprintf(stderr, "ERROR: cannot create CMS signedData object.\n"); - goto loser; - } - CERT_DestroyCertificate(certs[0]); - for (i=1; i<cnt; i++) { - if (NSS_CMSSignedData_AddCertChain(sigd, certs[i])) { - fprintf(stderr, "ERROR: cannot add cert chain for \"%s\".\n", - certsonlyOptions->recipients[i]); - goto loser; - } - CERT_DestroyCertificate(certs[i]); - } - cinfo = NSS_CMSMessage_GetContentInfo(cmsg); - if (NSS_CMSContentInfo_SetContent_SignedData(cmsg, cinfo, sigd) - != SECSuccess) { - fprintf(stderr, "ERROR: cannot attach CMS signedData object.\n"); - goto loser; - } - cinfo = NSS_CMSSignedData_GetContentInfo(sigd); - if (NSS_CMSContentInfo_SetContent_Data(cmsg, cinfo, NULL, PR_FALSE) - != SECSuccess) { - fprintf(stderr, "ERROR: cannot attach CMS data object.\n"); - goto loser; - } - if (tmppoolp) - PORT_FreeArena(tmppoolp, PR_FALSE); - return cmsg; -loser: - if (certs) { - for (; i<cnt; i++) { - CERT_DestroyCertificate(certs[i]); - } - } - if (cmsg) - NSS_CMSMessage_Destroy(cmsg); - if (tmppoolp) - PORT_FreeArena(tmppoolp, PR_FALSE); - return NULL; -} - -static char * -pl_fgets(char * buf, int size, PRFileDesc * fd) -{ - char * bp = buf; - int nb = 0;; - - while (size > 1) { - nb = PR_Read(fd, bp, 1); - if (nb < 0) { - /* deal with error */ - return NULL; - } else if (nb == 0) { - /* deal with EOF */ - return NULL; - } else if (*bp == '\n') { - /* deal with EOL */ - ++bp; /* keep EOL character */ - break; - } else { - /* ordinary character */ - ++bp; - --size; - } - } - *bp = '\0'; - return buf; -} - -typedef enum { UNKNOWN, DECODE, SIGN, ENCRYPT, ENVELOPE, CERTSONLY } Mode; - -static int -doBatchDecode(FILE *outFile, PRFileDesc *batchFile, - const struct decodeOptionsStr *decodeOptions) -{ - char * str; - int exitStatus = 0; - char batchLine[512]; - - while (NULL != (str = pl_fgets(batchLine, sizeof batchLine, batchFile))) { - NSSCMSMessage *cmsg = NULL; - PRFileDesc * inFile; - int len = strlen(str); - SECStatus rv; - SECItem input = {0, 0, 0}; - char cc; - - while (len > 0 && - ((cc = str[len - 1]) == '\n' || cc == '\r')) { - str[--len] = '\0'; - } - if (!len) /* skip empty line */ - continue; - if (str[0] == '#') - continue; /* skip comment line */ - fprintf(outFile, "========== %s ==========\n", str); - inFile = PR_Open(str, PR_RDONLY, 00660); - if (inFile == NULL) { - fprintf(outFile, "%s: unable to open \"%s\" for reading\n", - progName, str); - exitStatus = 1; - continue; - } - rv = SECU_FileToItem(&input, inFile); - PR_Close(inFile); - if (rv != SECSuccess) { - SECU_PrintError(progName, "unable to read infile"); - exitStatus = 1; - continue; - } - cmsg = decode(outFile, &input, decodeOptions); - SECITEM_FreeItem(&input, PR_FALSE); - if (cmsg) - NSS_CMSMessage_Destroy(cmsg); - else { - SECU_PrintError(progName, "problem decoding"); - exitStatus = 1; - } - } - return exitStatus; -} - -int -main(int argc, char **argv) -{ - FILE *outFile; - NSSCMSMessage *cmsg = NULL; - PRFileDesc *inFile; - PLOptState *optstate; - PLOptStatus status; - Mode mode = UNKNOWN; - struct decodeOptionsStr decodeOptions = { 0 }; - struct signOptionsStr signOptions = { 0 }; - struct envelopeOptionsStr envelopeOptions = { 0 }; - struct certsonlyOptionsStr certsonlyOptions = { 0 }; - struct encryptOptionsStr encryptOptions = { 0 }; - struct optionsStr options = { 0 }; - int exitstatus; - static char *ptrarray[128] = { 0 }; - int nrecipients = 0; - char *str, *tok; - char *envFileName; - SECItem input = { 0, 0, 0}; - SECItem envmsg = { 0, 0, 0 }; - SECStatus rv; - PRFileDesc *contentFile = NULL; - PRBool batch = PR_FALSE; - -#ifdef NISCC_TESTING - const char *ev = PR_GetEnv("NSS_DISABLE_ARENA_FREE_LIST"); - PORT_Assert(ev); - ev = PR_GetEnv("NSS_STRICT_SHUTDOWN"); - PORT_Assert(ev); -#endif - - progName = strrchr(argv[0], '/'); - if (!progName) - progName = strrchr(argv[0], '\\'); - progName = progName ? progName+1 : argv[0]; - - inFile = PR_STDIN; - outFile = stdout; - envFileName = NULL; - mode = UNKNOWN; - decodeOptions.content.data = NULL; - decodeOptions.content.len = 0; - decodeOptions.suppressContent = PR_FALSE; - decodeOptions.headerLevel = -1; - decodeOptions.keepCerts = PR_FALSE; - options.certUsage = certUsageEmailSigner; - options.password = NULL; - signOptions.nickname = NULL; - signOptions.detached = PR_FALSE; - signOptions.signingTime = PR_FALSE; - signOptions.smimeProfile = PR_FALSE; - signOptions.encryptionKeyPreferenceNick = NULL; - signOptions.hashAlgTag = SEC_OID_SHA1; - envelopeOptions.recipients = NULL; - encryptOptions.recipients = NULL; - encryptOptions.envmsg = NULL; - encryptOptions.envFile = NULL; - encryptOptions.bulkalgtag = SEC_OID_UNKNOWN; - encryptOptions.bulkkey = NULL; - encryptOptions.keysize = -1; - - /* - * Parse command line arguments - */ - optstate = PL_CreateOptState(argc, argv, - "CDEGH:N:OPSTY:bc:d:e:h:i:kno:p:r:s:u:v"); - while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) { - switch (optstate->option) { - case 'C': - mode = ENCRYPT; - break; - case 'D': - mode = DECODE; - break; - case 'E': - mode = ENVELOPE; - break; - case 'G': - if (mode != SIGN) { - fprintf(stderr, - "%s: option -G only supported with option -S.\n", - progName); - Usage(progName); - exit(1); - } - signOptions.signingTime = PR_TRUE; - break; - case 'H': - if (mode != SIGN) { - fprintf(stderr, - "%s: option -H only supported with option -S.\n", - progName); - Usage(progName); - exit(1); - } - decodeOptions.suppressContent = PR_TRUE; - if (!strcmp(optstate->value, "MD2")) - signOptions.hashAlgTag = SEC_OID_MD2; - else if (!strcmp(optstate->value, "MD4")) - signOptions.hashAlgTag = SEC_OID_MD4; - else if (!strcmp(optstate->value, "MD5")) - signOptions.hashAlgTag = SEC_OID_MD5; - else if (!strcmp(optstate->value, "SHA1")) - signOptions.hashAlgTag = SEC_OID_SHA1; - else if (!strcmp(optstate->value, "SHA256")) - signOptions.hashAlgTag = SEC_OID_SHA256; - else if (!strcmp(optstate->value, "SHA384")) - signOptions.hashAlgTag = SEC_OID_SHA384; - else if (!strcmp(optstate->value, "SHA512")) - signOptions.hashAlgTag = SEC_OID_SHA512; - else { - fprintf(stderr, - "%s: -H requires one of MD2,MD4,MD5,SHA1,SHA256,SHA384,SHA512\n", - progName); - exit(1); - } - break; - case 'N': - if (mode != SIGN) { - fprintf(stderr, - "%s: option -N only supported with option -S.\n", - progName); - Usage(progName); - exit(1); - } - signOptions.nickname = strdup(optstate->value); - break; - case 'O': - mode = CERTSONLY; - break; - case 'P': - if (mode != SIGN) { - fprintf(stderr, - "%s: option -P only supported with option -S.\n", - progName); - Usage(progName); - exit(1); - } - signOptions.smimeProfile = PR_TRUE; - break; - case 'S': - mode = SIGN; - break; - case 'T': - if (mode != SIGN) { - fprintf(stderr, - "%s: option -T only supported with option -S.\n", - progName); - Usage(progName); - exit(1); - } - signOptions.detached = PR_TRUE; - break; - case 'Y': - if (mode != SIGN) { - fprintf(stderr, - "%s: option -Y only supported with option -S.\n", - progName); - Usage(progName); - exit(1); - } - signOptions.encryptionKeyPreferenceNick = strdup(optstate->value); - break; - - case 'b': - if (mode != DECODE) { - fprintf(stderr, - "%s: option -b only supported with option -D.\n", - progName); - Usage(progName); - exit(1); - } - batch = PR_TRUE; - break; - - case 'c': - if (mode != DECODE) { - fprintf(stderr, - "%s: option -c only supported with option -D.\n", - progName); - Usage(progName); - exit(1); - } - contentFile = PR_Open(optstate->value, PR_RDONLY, 006600); - if (contentFile == NULL) { - fprintf(stderr, "%s: unable to open \"%s\" for reading.\n", - progName, optstate->value); - exit(1); - } - - rv = SECU_FileToItem(&decodeOptions.content, contentFile); - PR_Close(contentFile); - if (rv != SECSuccess) { - SECU_PrintError(progName, "problem reading content file"); - exit(1); - } - if (!decodeOptions.content.data) { - /* file was zero length */ - decodeOptions.content.data = (unsigned char *)PORT_Strdup(""); - decodeOptions.content.len = 0; - } - - break; - case 'd': - SECU_ConfigDirectory(optstate->value); - break; - case 'e': - envFileName = strdup(optstate->value); - encryptOptions.envFile = PR_Open(envFileName, PR_RDONLY, 00660); - break; - - case 'h': - if (mode != DECODE) { - fprintf(stderr, - "%s: option -h only supported with option -D.\n", - progName); - Usage(progName); - exit(1); - } - decodeOptions.headerLevel = atoi(optstate->value); - if (decodeOptions.headerLevel < 0) { - fprintf(stderr, "option -h cannot have a negative value.\n"); - exit(1); - } - break; - case 'i': - inFile = PR_Open(optstate->value, PR_RDONLY, 00660); - if (inFile == NULL) { - fprintf(stderr, "%s: unable to open \"%s\" for reading\n", - progName, optstate->value); - exit(1); - } - break; - - case 'k': - if (mode != DECODE) { - fprintf(stderr, - "%s: option -k only supported with option -D.\n", - progName); - Usage(progName); - exit(1); - } - decodeOptions.keepCerts = PR_TRUE; - break; - - case 'n': - if (mode != DECODE) { - fprintf(stderr, - "%s: option -n only supported with option -D.\n", - progName); - Usage(progName); - exit(1); - } - decodeOptions.suppressContent = PR_TRUE; - break; - case 'o': - outFile = fopen(optstate->value, "wb"); - if (outFile == NULL) { - fprintf(stderr, "%s: unable to open \"%s\" for writing\n", - progName, optstate->value); - exit(1); - } - break; - case 'p': - if (!optstate->value) { - fprintf(stderr, "%s: option -p must have a value.\n", progName); - Usage(progName); - exit(1); - } - - options.password = strdup(optstate->value); - break; - - case 'r': - if (!optstate->value) { - fprintf(stderr, "%s: option -r must have a value.\n", progName); - Usage(progName); - exit(1); - } - envelopeOptions.recipients = ptrarray; - str = (char *)optstate->value; - do { - tok = strchr(str, ','); - if (tok) *tok = '\0'; - envelopeOptions.recipients[nrecipients++] = strdup(str); - if (tok) str = tok + 1; - } while (tok); - envelopeOptions.recipients[nrecipients] = NULL; - encryptOptions.recipients = envelopeOptions.recipients; - certsonlyOptions.recipients = envelopeOptions.recipients; - break; - - case 'u': { - int usageType; - - usageType = atoi (strdup(optstate->value)); - if (usageType < certUsageSSLClient || usageType > certUsageAnyCA) - return -1; - options.certUsage = (SECCertUsage)usageType; - break; - } - case 'v': - cms_verbose = 1; - break; - - } - } - if (status == PL_OPT_BAD) - Usage(progName); - PL_DestroyOptState(optstate); - - if (mode == UNKNOWN) - Usage(progName); - - if (mode != CERTSONLY && !batch) { - rv = SECU_FileToItem(&input, inFile); - if (rv != SECSuccess) { - SECU_PrintError(progName, "unable to read infile"); - exit(1); - } - if (inFile != PR_STDIN) { - PR_Close(inFile); - } - } - if (cms_verbose) { - fprintf(stderr, "received commands\n"); - } - - /* Call the libsec initialization routines */ - PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1); - rv = NSS_InitReadWrite(SECU_ConfigDirectory(NULL)); - if (SECSuccess != rv) { - SECU_PrintError(progName, "NSS_Init failed"); - exit(1); - } - if (cms_verbose) { - fprintf(stderr, "NSS has been initialized.\n"); - } - options.certHandle = CERT_GetDefaultCertDB(); - if (!options.certHandle) { - SECU_PrintError(progName, "No default cert DB"); - exit(1); - } - if (cms_verbose) { - fprintf(stderr, "Got default certdb\n"); - } - if (options.password) - { - pwdata.source = PW_PLAINTEXT; - pwdata.data = options.password; - } - pwcb = SECU_GetModulePassword; - pwcb_arg = (void *)&pwdata; - - PK11_SetPasswordFunc(&SECU_GetModulePassword); - - -#if defined(_WIN32) - if (outFile == stdout) { - /* If we're going to write binary data to stdout, we must put stdout - ** into O_BINARY mode or else outgoing \n's will become \r\n's. - */ - int smrv = _setmode(_fileno(stdout), _O_BINARY); - if (smrv == -1) { - fprintf(stderr, - "%s: Cannot change stdout to binary mode. Use -o option instead.\n", - progName); - return smrv; - } - } -#endif - - exitstatus = 0; - switch (mode) { - case DECODE: /* -D */ - decodeOptions.options = &options; - if (encryptOptions.envFile) { - /* Decoding encrypted-data, so get the bulkkey from an - * enveloped-data message. - */ - SECU_FileToItem(&envmsg, encryptOptions.envFile); - decodeOptions.options = &options; - encryptOptions.envmsg = decode(NULL, &envmsg, &decodeOptions); - if (!encryptOptions.envmsg) { - SECU_PrintError(progName, "problem decoding env msg"); - exitstatus = 1; - break; - } - rv = get_enc_params(&encryptOptions); - decodeOptions.dkcb = dkcb; - decodeOptions.bulkkey = encryptOptions.bulkkey; - } - if (!batch) { - cmsg = decode(outFile, &input, &decodeOptions); - if (!cmsg) { - SECU_PrintError(progName, "problem decoding"); - exitstatus = 1; - } - } else { - exitstatus = doBatchDecode(outFile, inFile, &decodeOptions); - if (inFile != PR_STDIN) { - PR_Close(inFile); - } - } - break; - case SIGN: /* -S */ - signOptions.options = &options; - cmsg = signed_data(&signOptions); - if (!cmsg) { - SECU_PrintError(progName, "problem signing"); - exitstatus = 1; - } - break; - case ENCRYPT: /* -C */ - if (!envFileName) { - fprintf(stderr, "%s: you must specify an envelope file with -e.\n", - progName); - exit(1); - } - encryptOptions.options = &options; - encryptOptions.input = &input; - encryptOptions.outfile = outFile; - /* decode an enveloped-data message to get the bulkkey (create - * a new one if neccessary) - */ - if (!encryptOptions.envFile) { - encryptOptions.envFile = PR_Open(envFileName, - PR_WRONLY|PR_CREATE_FILE, 00660); - if (!encryptOptions.envFile) { - fprintf(stderr, "%s: failed to create file %s.\n", progName, - envFileName); - exit(1); - } - } else { - SECU_FileToItem(&envmsg, encryptOptions.envFile); - decodeOptions.options = &options; - encryptOptions.envmsg = decode(NULL, &envmsg, &decodeOptions); - if (encryptOptions.envmsg == NULL) { - SECU_PrintError(progName, "problem decrypting env msg"); - exitstatus = 1; - break; - } - } - rv = get_enc_params(&encryptOptions); - /* create the encrypted-data message */ - cmsg = encrypted_data(&encryptOptions); - if (!cmsg) { - SECU_PrintError(progName, "problem encrypting"); - exitstatus = 1; - } - if (encryptOptions.bulkkey) { - PK11_FreeSymKey(encryptOptions.bulkkey); - encryptOptions.bulkkey = NULL; - } - break; - case ENVELOPE: /* -E */ - envelopeOptions.options = &options; - cmsg = enveloped_data(&envelopeOptions); - if (!cmsg) { - SECU_PrintError(progName, "problem enveloping"); - exitstatus = 1; - } - break; - case CERTSONLY: /* -O */ - certsonlyOptions.options = &options; - cmsg = signed_data_certsonly(&certsonlyOptions); - if (!cmsg) { - SECU_PrintError(progName, "problem with certs-only"); - exitstatus = 1; - } - break; - default: - fprintf(stderr, "One of options -D, -S or -E must be set.\n"); - Usage(progName); - exitstatus = 1; - } - if ( (mode == SIGN || mode == ENVELOPE || mode == CERTSONLY) - && (!exitstatus) ) { - PLArenaPool *arena = PORT_NewArena(1024); - NSSCMSEncoderContext *ecx; - SECItem output = { 0, 0, 0 }; - secuPWData pwdata = { PW_NONE, 0 }; - - if (!arena) { - fprintf(stderr, "%s: out of memory.\n", progName); - exit(1); - } - - if (cms_verbose) { - fprintf(stderr, "cmsg [%p]\n", cmsg); - fprintf(stderr, "arena [%p]\n", arena); - if (pwcb_arg) - fprintf(stderr, "password [%s]\n", (char *)pwcb_arg); - else - fprintf(stderr, "password [NULL]\n"); - } - ecx = NSS_CMSEncoder_Start(cmsg, - NULL, NULL, /* DER output callback */ - &output, arena, /* destination storage */ - pwcb, pwcb_arg, /* password callback */ - NULL, NULL, /* decrypt key callback */ - NULL, NULL ); /* detached digests */ - if (!ecx) { - fprintf(stderr, "%s: cannot create encoder context.\n", progName); - exit(1); - } - if (cms_verbose) { - fprintf(stderr, "input len [%d]\n", input.len); - { unsigned int j; - for(j=0;j<input.len;j++) - fprintf(stderr, "%2x%c", input.data[j], (j>0&&j%35==0)?'\n':' '); - } - } - if (input.len > 0) { /* skip if certs-only (or other zero content) */ - rv = NSS_CMSEncoder_Update(ecx, (char *)input.data, input.len); - if (rv) { - fprintf(stderr, - "%s: failed to add data to encoder.\n", progName); - exit(1); - } - } - rv = NSS_CMSEncoder_Finish(ecx); - if (rv) { - SECU_PrintError(progName, "failed to encode data"); - exit(1); - } - - if (cms_verbose) { - fprintf(stderr, "encoding passed\n"); - } - fwrite(output.data, output.len, 1, outFile); - if (cms_verbose) { - fprintf(stderr, "wrote to file\n"); - } - PORT_FreeArena(arena, PR_FALSE); - } - if (cmsg) - NSS_CMSMessage_Destroy(cmsg); - if (outFile != stdout) - fclose(outFile); - - SECITEM_FreeItem(&decodeOptions.content, PR_FALSE); - SECITEM_FreeItem(&envmsg, PR_FALSE); - SECITEM_FreeItem(&input, PR_FALSE); - if (NSS_Shutdown() != SECSuccess) { - SECU_PrintError(progName, "NSS_Shutdown failed"); - exitstatus = 1; - } - PR_Cleanup(); - return exitstatus; -} diff --git a/security/nss/cmd/smimetools/manifest.mn b/security/nss/cmd/smimetools/manifest.mn deleted file mode 100644 index 552cfec7d..000000000 --- a/security/nss/cmd/smimetools/manifest.mn +++ /dev/null @@ -1,45 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -CORE_DEPTH = ../../.. - -MODULE = nss - -CSRCS = cmsutil.c - -MYLIB = $(DIST)/lib/libsmime.a - -REQUIRES = seccmd dbm - -PROGRAM = cmsutil -SCRIPTS = smime diff --git a/security/nss/cmd/smimetools/rules.mk b/security/nss/cmd/smimetools/rules.mk deleted file mode 100644 index 51e0baaed..000000000 --- a/security/nss/cmd/smimetools/rules.mk +++ /dev/null @@ -1,37 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# -# $Id$ -# - -install:: - $(INSTALL) -m 755 $(SCRIPTS) $(SOURCE_BIN_DIR) diff --git a/security/nss/cmd/smimetools/smime b/security/nss/cmd/smimetools/smime deleted file mode 100755 index d23a912ed..000000000 --- a/security/nss/cmd/smimetools/smime +++ /dev/null @@ -1,576 +0,0 @@ -#!/usr/local/bin/perl - -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. - -# -# smime.pl - frontend for S/MIME message generation and parsing -# -# $Id$ -# - -use Getopt::Std; - -@boundarychars = ( "0" .. "9", "A" .. "F" ); - -# path to cmsutil -$cmsutilpath = "cmsutil"; - -# -# Thanks to Gisle Aas <gisle@aas.no> for the base64 functions -# originally taken from MIME-Base64-2.11 at www.cpan.org -# -sub encode_base64($) -{ - my $res = ""; - pos($_[0]) = 0; # ensure start at the beginning - while ($_[0] =~ /(.{1,45})/gs) { - $res .= substr(pack('u', $1), 1); # get rid of length byte after packing - chop($res); - } - $res =~ tr|` -_|AA-Za-z0-9+/|; - # fix padding at the end - my $padding = (3 - length($_[0]) % 3) % 3; - $res =~ s/.{$padding}$/'=' x $padding/e if $padding; - # break encoded string into lines of no more than 76 characters each - $res =~ s/(.{1,76})/$1\n/g; - $res; -} - -sub decode_base64($) -{ - local($^W) = 0; # unpack("u",...) gives bogus warning in 5.00[123] - - my $str = shift; - my $res = ""; - - $str =~ tr|A-Za-z0-9+=/||cd; # remove non-base64 chars - if (length($str) % 4) { - require Carp; - Carp::carp("Length of base64 data not a multiple of 4") - } - $str =~ s/=+$//; # remove padding - $str =~ tr|A-Za-z0-9+/| -_|; # convert to uuencoded format - while ($str =~ /(.{1,60})/gs) { - my $len = chr(32 + length($1)*3/4); # compute length byte - $res .= unpack("u", $len . $1 ); # uudecode - } - $res; -} - -# -# parse headers into a hash -# -# %headers = parseheaders($headertext); -# -sub parseheaders($) -{ - my ($headerdata) = @_; - my $hdr; - my %hdrhash; - my $hdrname; - my $hdrvalue; - my @hdrvalues; - my $subhdrname; - my $subhdrvalue; - - # the expression in split() correctly handles continuation lines - foreach $hdr (split(/\n(?=\S)/, $headerdata)) { - $hdr =~ s/\r*\n\s+/ /g; # collapse continuation lines - ($hdrname, $hdrvalue) = $hdr =~ m/^(\S+):\s+(.*)$/; - - # ignore non-headers (or should we die horribly?) - next unless (defined($hdrname)); - $hdrname =~ tr/A-Z/a-z/; # lowercase the header name - @hdrvalues = split(/\s*;\s*/, $hdrvalue); # split header values (XXXX quoting) - - # there is guaranteed to be at least one value - $hdrvalue = shift @hdrvalues; - if ($hdrvalue =~ /^\s*\"(.*)\"\s*$/) { # strip quotes if there - $hdrvalue = $1; - } - - $hdrhash{$hdrname}{MAIN} = $hdrvalue; - # print "XXX $hdrname = $hdrvalue\n"; - - # deal with additional name-value pairs - foreach $hdrvalue (@hdrvalues) { - ($subhdrname, $subhdrvalue) = $hdrvalue =~ m/^(\S+)\s*=\s*(.*)$/; - # ignore non-name-value pairs (or should we die?) - next unless (defined($subhdrname)); - $subhdrname =~ tr/A-Z/a-z/; - if ($subhdrvalue =~ /^\s*\"(.*)\"\s*$/) { # strip quotes if there - $subhdrvalue = $1; - } - $hdrhash{$hdrname}{$subhdrname} = $subhdrvalue; - } - - } - return %hdrhash; -} - -# -# encryptentity($entity, $options) - encrypt an S/MIME entity, -# creating a new application/pkcs7-smime entity -# -# entity - string containing entire S/MIME entity to encrypt -# options - options for cmsutil -# -# this will generate and return a new application/pkcs7-smime entity containing -# the enveloped input entity. -# -sub encryptentity($$) -{ - my ($entity, $cmsutiloptions) = @_; - my $out = ""; - my $boundary; - - $tmpencfile = "/tmp/encryptentity.$$"; - - # - # generate a random boundary string - # - $boundary = "------------ms" . join("", @boundarychars[map{rand @boundarychars }( 1 .. 24 )]); - - # - # tell cmsutil to generate a enveloped CMS message using our data - # - open(CMS, "|$cmsutilpath -E $cmsutiloptions -o $tmpencfile") or die "ERROR: cannot pipe to cmsutil"; - print CMS $entity; - unless (close(CMS)) { - print STDERR "ERROR: encryption failed.\n"; - unlink($tmpsigfile); - exit 1; - } - - $out = "Content-Type: application/pkcs7-mime; smime-type=enveloped-data; name=smime.p7m\n"; - $out .= "Content-Transfer-Encoding: base64\n"; - $out .= "Content-Disposition: attachment; filename=smime.p7m\n"; - $out .= "\n"; # end of entity header - - open (ENC, $tmpencfile) or die "ERROR: cannot find newly generated encrypted content"; - local($/) = undef; # slurp whole file - $out .= encode_base64(<ENC>), "\n"; # entity body is base64-encoded CMS message - close(ENC); - - unlink($tmpencfile); - - $out; -} - -# -# signentity($entity, $options) - sign an S/MIME entity -# -# entity - string containing entire S/MIME entity to sign -# options - options for cmsutil -# -# this will generate and return a new multipart/signed entity consisting -# of the canonicalized original content, plus a signature block. -# -sub signentity($$) -{ - my ($entity, $cmsutiloptions) = @_; - my $out = ""; - my $boundary; - - $tmpsigfile = "/tmp/signentity.$$"; - - # - # generate a random boundary string - # - $boundary = "------------ms" . join("", @boundarychars[map{rand @boundarychars }( 1 .. 24 )]); - - # - # tell cmsutil to generate a signed CMS message using the canonicalized data - # The signedData has detached content (-T) and includes a signing time attribute (-G) - # - # if we do not provide a password on the command line, here's where we would be asked for it - # - open(CMS, "|$cmsutilpath -S -T -G $cmsutiloptions -o $tmpsigfile") or die "ERROR: cannot pipe to cmsutil"; - print CMS $entity; - unless (close(CMS)) { - print STDERR "ERROR: signature generation failed.\n"; - unlink($tmpsigfile); - exit 1; - } - - open (SIG, $tmpsigfile) or die "ERROR: cannot find newly generated signature"; - - # - # construct a new multipart/signed MIME entity consisting of the original content and - # the signature - # - # (we assume that cmsutil generates a SHA1 digest) - $out .= "Content-Type: multipart/signed; protocol=\"application/pkcs7-signature\"; micalg=sha1; boundary=\"${boundary}\"\n"; - $out .= "\n"; # end of entity header - $out .= "This is a cryptographically signed message in MIME format.\n"; # explanatory comment - $out .= "\n--${boundary}\n"; - $out .= $entity; - $out .= "\n--${boundary}\n"; - $out .= "Content-Type: application/pkcs7-signature; name=smime.p7s\n"; - $out .= "Content-Transfer-Encoding: base64\n"; - $out .= "Content-Disposition: attachment; filename=smime.p7s\n"; - $out .= "Content-Description: S/MIME Cryptographic Signature\n"; - $out .= "\n"; # end of signature subentity header - - local($/) = undef; # slurp whole file - $out .= encode_base64(<SIG>); # append base64-encoded signature - $out .= "\n--${boundary}--\n"; - - close(SIG); - unlink($tmpsigfile); - - $out; -} - -sub usage { - print STDERR "usage: smime [options]\n"; - print STDERR " options:\n"; - print STDERR " -S nick generate signed message, use certificate named \"nick\"\n"; - print STDERR " -p passwd use \"passwd\" as security module password\n"; - print STDERR " -E rec1[,rec2...] generate encrypted message for recipients\n"; - print STDERR " -D decode a S/MIME message\n"; - print STDERR " -p passwd use \"passwd\" as security module password\n"; - print STDERR " (required for decrypting only)\n"; - print STDERR " -C pathname set pathname of \"cmsutil\"\n"; - print STDERR " -d directory set directory containing certificate db\n"; - print STDERR " (default: ~/.netscape)\n"; - print STDERR "\nWith -S or -E, smime will take a regular RFC822 message or MIME entity\n"; - print STDERR "on stdin and generate a signed or encrypted S/MIME message with the same\n"; - print STDERR "headers and content from it. The output can be used as input to a MTA.\n"; - print STDERR "-D causes smime to strip off all S/MIME layers if possible and output\n"; - print STDERR "the \"inner\" message.\n"; -} - -# -# start of main procedures -# - -# -# process command line options -# -unless (getopts('S:E:p:d:C:D')) { - usage(); - exit 1; -} - -unless (defined($opt_S) or defined($opt_E) or defined($opt_D)) { - print STDERR "ERROR: -S and/or -E, or -D must be specified.\n"; - usage(); - exit 1; -} - -$signopts = ""; -$encryptopts = ""; -$decodeopts = ""; - -# pass -d option along -if (defined($opt_d)) { - $signopts .= "-d \"$opt_d\" "; - $encryptopts .= "-d \"$opt_d\" "; - $decodeopts .= "-d \"$opt_d\" "; -} - -if (defined($opt_S)) { - $signopts .= "-N \"$opt_S\" "; -} - -if (defined($opt_p)) { - $signopts .= "-p \"$opt_p\" "; - $decodeopts .= "-p \"$opt_p\" "; -} - -if (defined($opt_E)) { - @recipients = split(",", $opt_E); - $encryptopts .= "-r "; - $encryptopts .= join (" -r ", @recipients); -} - -if (defined($opt_C)) { - $cmsutilpath = $opt_C; -} - -# -# split headers into mime entity headers and RFC822 headers -# The RFC822 headers are preserved and stay on the outer layer of the message -# -$rfc822headers = ""; -$mimeheaders = ""; -$mimebody = ""; -$skippedheaders = ""; -while (<STDIN>) { - last if (/^$/); - if (/^content-\S+: /i) { - $lastref = \$mimeheaders; - } elsif (/^mime-version: /i) { - $lastref = \$skippedheaders; # skip it - } elsif (/^\s/) { - ; - } else { - $lastref = \$rfc822headers; - } - $$lastref .= $_; -} - -# -# if there are no MIME entity headers, generate some default ones -# -if ($mimeheaders eq "") { - $mimeheaders .= "Content-Type: text/plain; charset=us-ascii\n"; - $mimeheaders .= "Content-Transfer-Encoding: 7bit\n"; -} - -# -# slurp in the entity body -# -$saveRS = $/; -$/ = undef; -$mimebody = <STDIN>; -$/ = $saveRS; -chomp($mimebody); - -if (defined $opt_D) { - # - # decode - # - # possible options would be: - # - strip off only one layer - # - strip off outer signature (if present) - # - just print information about the structure of the message - # - strip n layers, then dump DER of CMS message - - $layercounter = 1; - - while (1) { - %hdrhash = parseheaders($mimeheaders); - unless (exists($hdrhash{"content-type"}{MAIN})) { - print STDERR "ERROR: no content type header found in MIME entity\n"; - last; # no content-type - we're done - } - - $contenttype = $hdrhash{"content-type"}{MAIN}; - if ($contenttype eq "application/pkcs7-mime") { - # - # opaque-signed or enveloped message - # - unless (exists($hdrhash{"content-type"}{"smime-type"})) { - print STDERR "ERROR: no smime-type attribute in application/pkcs7-smime entity.\n"; - last; - } - $smimetype = $hdrhash{"content-type"}{"smime-type"}; - if ($smimetype eq "signed-data" or $smimetype eq "enveloped-data") { - # it's verification or decryption time! - - # can handle only base64 encoding for now - # all other encodings are treated as binary (8bit) - if ($hdrhash{"content-transfer-encoding"}{MAIN} eq "base64") { - $mimebody = decode_base64($mimebody); - } - - # if we need to dump the DER, we would do it right here - - # now write the DER - $tmpderfile = "/tmp/der.$$"; - open(TMP, ">$tmpderfile") or die "ERROR: cannot write signature data to temporary file"; - print TMP $mimebody; - unless (close(TMP)) { - print STDERR "ERROR: writing signature data to temporary file.\n"; - unlink($tmpderfile); - exit 1; - } - - $mimeheaders = ""; - open(TMP, "$cmsutilpath -D $decodeopts -h $layercounter -i $tmpderfile |") or die "ERROR: cannot open pipe to cmsutil"; - $layercounter++; - while (<TMP>) { - last if (/^\r?$/); # empty lines mark end of header - if (/^SMIME: /) { # add all SMIME info to the rfc822 hdrs - $lastref = \$rfc822headers; - } elsif (/^\s/) { - ; # continuation lines go to the last dest - } else { - $lastref = \$mimeheaders; # all other headers are mime headers - } - $$lastref .= $_; - } - # slurp in rest of the data to $mimebody - $saveRS = $/; $/ = undef; $mimebody = <TMP>; $/ = $saveRS; - close(TMP); - - unlink($tmpderfile); - - } else { - print STDERR "ERROR: unknown smime-type \"$smimetype\" in application/pkcs7-smime entity.\n"; - last; - } - } elsif ($contenttype eq "multipart/signed") { - # - # clear signed message - # - unless (exists($hdrhash{"content-type"}{"protocol"})) { - print STDERR "ERROR: content type has no protocol attribute in multipart/signed entity.\n"; - last; - } - if ($hdrhash{"content-type"}{"protocol"} ne "application/pkcs7-signature") { - # we cannot handle this guy - print STDERR "ERROR: unknown protocol \"", $hdrhash{"content-type"}{"protocol"}, - "\" in multipart/signed entity.\n"; - last; - } - unless (exists($hdrhash{"content-type"}{"boundary"})) { - print STDERR "ERROR: no boundary attribute in multipart/signed entity.\n"; - last; - } - $boundary = $hdrhash{"content-type"}{"boundary"}; - - # split $mimebody along \n--$boundary\n - gets you four parts - # first (0), any comments the sending agent might have put in - # second (1), the message itself - # third (2), the signature as a mime entity - # fourth (3), trailing data (there shouldn't be any) - - @multiparts = split(/\r?\n--$boundary(?:--)?\r?\n/, $mimebody); - - # - # parse the signature headers - ($submimeheaders, $submimebody) = split(/^$/m, $multiparts[2]); - %sighdrhash = parseheaders($submimeheaders); - unless (exists($sighdrhash{"content-type"}{MAIN})) { - print STDERR "ERROR: signature entity has no content type.\n"; - last; - } - if ($sighdrhash{"content-type"}{MAIN} ne "application/pkcs7-signature") { - # we cannot handle this guy - print STDERR "ERROR: unknown content type \"", $sighdrhash{"content-type"}{MAIN}, - "\" in signature entity.\n"; - last; - } - if ($sighdrhash{"content-transfer-encoding"}{MAIN} eq "base64") { - $submimebody = decode_base64($submimebody); - } - - # we would dump the DER at this point - - $tmpsigfile = "/tmp/sig.$$"; - open(TMP, ">$tmpsigfile") or die "ERROR: cannot write signature data to temporary file"; - print TMP $submimebody; - unless (close(TMP)) { - print STDERR "ERROR: writing signature data to temporary file.\n"; - unlink($tmpsigfile); - exit 1; - } - - $tmpmsgfile = "/tmp/msg.$$"; - open(TMP, ">$tmpmsgfile") or die "ERROR: cannot write message data to temporary file"; - print TMP $multiparts[1]; - unless (close(TMP)) { - print STDERR "ERROR: writing message data to temporary file.\n"; - unlink($tmpsigfile); - unlink($tmpmsgfile); - exit 1; - } - - $mimeheaders = ""; - open(TMP, "$cmsutilpath -D $decodeopts -h $layercounter -c $tmpmsgfile -i $tmpsigfile |") or die "ERROR: cannot open pipe to cmsutil"; - $layercounter++; - while (<TMP>) { - last if (/^\r?$/); - if (/^SMIME: /) { - $lastref = \$rfc822headers; - } elsif (/^\s/) { - ; - } else { - $lastref = \$mimeheaders; - } - $$lastref .= $_; - } - $saveRS = $/; $/ = undef; $mimebody = <TMP>; $/ = $saveRS; - close(TMP); - unlink($tmpsigfile); - unlink($tmpmsgfile); - - } else { - - # not a content type we know - we're done - last; - - } - } - - # so now we have the S/MIME parsing information in rfc822headers - # and the first mime entity we could not handle in mimeheaders and mimebody. - # dump 'em out and we're done. - print $rfc822headers; - print $mimeheaders . "\n" . $mimebody; - -} else { - - # - # encode (which is much easier than decode) - # - - $mimeentity = $mimeheaders . "\n" . $mimebody; - - # - # canonicalize inner entity (rudimentary yet) - # convert single LFs to CRLF - # if no Content-Transfer-Encoding header present: - # if 8 bit chars present, use Content-Transfer-Encoding: quoted-printable - # otherwise, use Content-Transfer-Encoding: 7bit - # - $mimeentity =~ s/\r*\n/\r\n/mg; - - # - # now do the wrapping - # we sign first, then encrypt because that's what Communicator needs - # - if (defined($opt_S)) { - $mimeentity = signentity($mimeentity, $signopts); - } - - if (defined($opt_E)) { - $mimeentity = encryptentity($mimeentity, $encryptopts); - } - - # - # XXX sign again to do triple wrapping (RFC2634) - # - - # - # now write out the RFC822 headers - # followed by the final $mimeentity - # - print $rfc822headers; - print "MIME-Version: 1.0 (NSS SMIME - http://www.mozilla.org/projects/security)\n"; # set up the flag - print $mimeentity; -} - -exit 0; diff --git a/security/nss/cmd/sslstrength/Makefile b/security/nss/cmd/sslstrength/Makefile deleted file mode 100644 index 8a0332d89..000000000 --- a/security/nss/cmd/sslstrength/Makefile +++ /dev/null @@ -1,82 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - -include ../platlibs.mk - -ifeq (,$(filter-out WINNT WIN95 WIN16,$(OS_TARGET))) # omits WINCE -ifndef BUILD_OPT -LDFLAGS += /subsystem:console /profile /debug /machine:I386 /incremental:no -OS_CFLAGS += -D_CONSOLE -endif -endif - - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - -#include ../platlibs.mk - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - -include ../platrules.mk - diff --git a/security/nss/cmd/sslstrength/manifest.mn b/security/nss/cmd/sslstrength/manifest.mn deleted file mode 100644 index 8b7cb7b0d..000000000 --- a/security/nss/cmd/sslstrength/manifest.mn +++ /dev/null @@ -1,50 +0,0 @@ -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -CORE_DEPTH = ../../.. - -MODULE = nss - -EXPORTS = - -CSRCS = sslstrength.c \ - $(NULL) - -PROGRAM = sslstrength - -REQUIRES = dbm seccmd - -DEFINES += -DDLL_PREFIX=\"$(DLL_PREFIX)\" -DDLL_SUFFIX=\"$(DLL_SUFFIX)\" - -PACKAGE_FILES = sslstrength - -ARCHIVE_NAME = sslstrength diff --git a/security/nss/cmd/sslstrength/sslstr.cgi b/security/nss/cmd/sslstrength/sslstr.cgi deleted file mode 100644 index ab6a1bff9..000000000 --- a/security/nss/cmd/sslstrength/sslstr.cgi +++ /dev/null @@ -1,296 +0,0 @@ -#!/usr/bin/perl -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - - -use CGI qw(:standard); - - - -# Replace this will the full path to the sslstrength executable. -$sslstrength = "./sslstrength"; - - -# Replace this with the name of this CGI. - -$sslcgi = "sslstr.cgi"; - - -$query = new CGI; - -print header; - -print "<HTML><HEAD> -<SCRIPT language='javascript'> - -function doexport(form) { - form.ssl2ciphers.options[0].selected=0; - form.ssl2ciphers.options[1].selected=0; - form.ssl2ciphers.options[2].selected=0; - form.ssl2ciphers.options[3].selected=0; - form.ssl2ciphers.options[4].selected=1; - form.ssl2ciphers.options[5].selected=1; - - form.ssl3ciphers.options[0].selected=1; - form.ssl3ciphers.options[1].selected=1; - form.ssl3ciphers.options[2].selected=0; - form.ssl3ciphers.options[3].selected=1; - form.ssl3ciphers.options[4].selected=1; - form.ssl3ciphers.options[5].selected=1; - form.ssl3ciphers.options[6].selected=0; - form.ssl3ciphers.options[7].selected=0; - - -} - -function dodomestic(form) { - form.ssl2ciphers.options[0].selected=1; - form.ssl2ciphers.options[1].selected=1; - form.ssl2ciphers.options[2].selected=1; - form.ssl2ciphers.options[3].selected=1; - form.ssl2ciphers.options[4].selected=1; - form.ssl2ciphers.options[5].selected=1; - - form.ssl3ciphers.options[0].selected=1; - form.ssl3ciphers.options[1].selected=1; - form.ssl3ciphers.options[2].selected=1; - form.ssl3ciphers.options[3].selected=1; - form.ssl3ciphers.options[4].selected=1; - form.ssl3ciphers.options[5].selected=1; - form.ssl3ciphers.options[6].selected=1; - form.ssl3ciphers.options[7].selected=1; - -} - -function doclearssl2(form) { - form.ssl2ciphers.options[0].selected=0; - form.ssl2ciphers.options[1].selected=0; - form.ssl2ciphers.options[2].selected=0; - form.ssl2ciphers.options[3].selected=0; - form.ssl2ciphers.options[4].selected=0; - form.ssl2ciphers.options[5].selected=0; -} - - -function doclearssl3(form) { - form.ssl3ciphers.options[0].selected=0; - form.ssl3ciphers.options[1].selected=0; - form.ssl3ciphers.options[2].selected=0; - form.ssl3ciphers.options[3].selected=0; - form.ssl3ciphers.options[4].selected=0; - form.ssl3ciphers.options[5].selected=0; - form.ssl3ciphers.options[6].selected=0; - form.ssl3ciphers.options[7].selected=0; - -} - -function dohost(form,hostname) { - form.host.value=hostname; - } - - - -</SCRIPT> -<TITLE>\n"; -print "SSLStrength\n"; -print "</TITLE></HEAD>\n"; - -print "<h1>SSLStrength</h1>\n"; - -if ($query->param('dotest')) { - print "Output from sslstrength: \n"; - print "<pre>\n"; - - $cs = ""; - - @ssl2ciphers = $query->param('ssl2ciphers'); - for $cipher (@ssl2ciphers) { - if ($cipher eq "SSL_EN_RC2_128_WITH_MD5") { $cs .= "a"; } - if ($cipher eq "SSL_EN_RC2_128_CBC_WITH_MD5") { $cs .= "b"; } - if ($cipher eq "SSL_EN_DES_192_EDE3_CBC_WITH_MD5") { $cs .= "c"; } - if ($cipher eq "SSL_EN_DES_64_CBC_WITH_MD5") { $cs .= "d"; } - if ($cipher eq "SSL_EN_RC4_128_EXPORT40_WITH_MD5") { $cs .= "e"; } - if ($cipher eq "SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5") { $cs .= "f"; } - } - - @ssl3ciphers = $query->param('ssl3ciphers'); - for $cipher (@ssl3ciphers) { - if ($cipher eq "SSL_RSA_WITH_RC4_128_MD5") { $cs .= "i"; } - if ($cipher eq "SSL_RSA_WITH_3DES_EDE_CBC_SHA") { $cs .= "j"; } - if ($cipher eq "SSL_RSA_WITH_DES_CBC_SHA") { $cs .= "k"; } - if ($cipher eq "SSL_RSA_EXPORT_WITH_RC4_40_MD5") { $cs .= "l"; } - if ($cipher eq "SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5") { $cs .= "m"; } - if ($cipher eq "SSL_RSA_WITH_NULL_MD5") { $cs .= "o"; } - if ($cipher eq "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA") { $cs .= "p"; } - if ($cipher eq "SSL_RSA_FIPS_WITH_DES_CBC_SHA") { $cs .= "q"; } - } - - $hs = $query->param('host'); - if ($hs eq "") { - print "</pre>You must specify a host to connect to.<br><br>\n"; - exit(0); - } - - $ps = $query->param('policy'); - - $cmdstring = "$sslstrength $hs policy=$ps ciphers=$cs"; - - print "running sslstrength:\n"; - print "$cmdstring\n"; - - $r = open(SSLS, "$cmdstring |"); - if ($r == 0) { - print "<pre>There was a problem starting $cmdstring<br><br>\n"; - exit(0); - } - while (<SSLS>) { - print "$_"; - } - close(SSLS); - - - print "</pre>\n"; - -} - -else { -print "<FORM method=post action=$sslcgi>\n"; -print "<hr> -<h2>Host Name</h2> -<TABLE BORDER=0 CELLPADDING=20> -<TR> -<TD> -Type hostname here:<br> -<input type=text name=host size=30> <br><br> -<TD> - <b>Or click these buttons to test some well-known servers</b><br> - <TABLE BORDER=0> - <TR> - <TD> - Export servers: - <TD> - <input type=button value='F-Tech' onclick=dohost(this.form,'strongbox.ftech.net')> - </TR> - <TR> - <TD> - Domestic servers: - <TD> - <input type=button value='Wells Fargo' onclick=dohost(this.form,'banking.wellsfargo.com')> - </TR> - <TR> - <TD> - Step-Up Servers - <TD> - <input type=button value='Barclaycard' onclick=dohost(this.form,'enigma.barclaycard.co.uk')> - <input type=button value='BBVnet' onclick=dohost(this.form,'www.bbvnet.com')> - <input type=button value='BHIF' onclick=dohost(this.form,'empresas.bhif.cl')> - </TR> - </TABLE> -</TR> -</TABLE> -<br> -<hr> -<br> -<h2>Encryption policy</h2> -<input type=radio name=policy VALUE=export onclick=doexport(this.form)> -Export<br> -<input type=radio name=policy VALUE=domestic CHECKED onclick=dodomestic(this.form)> -Domestic<br> -<br> -<hr> -<br> -<h2>Cipher Selection</h2> -(use ctrl to multi-select)<br> -<table> -<tr> -<td>SSL 2 Ciphers -<td> -<SELECT NAME=ssl2ciphers SIZE=6 MULTIPLE align=bottom> -<OPTION SELECTED>SSL_EN_RC4_128_WITH_MD5 -<OPTION SELECTED>SSL_EN_RC2_128_CBC_WITH_MD5 -<OPTION SELECTED>SSL_EN_DES_192_EDE3_CBC_WITH_MD5 -<OPTION SELECTED>SSL_EN_DES_64_CBC_WITH_MD5 -<OPTION SELECTED>SSL_EN_RC4_128_EXPORT40_WITH_MD5 -<OPTION SELECTED>SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5 -</SELECT> -<input type=button Value='Clear all' onclick = 'doclearssl2(this.form)'> -</tr> -<tr> -<td>SSL3 Ciphers -<td> -<SELECT NAME=ssl3ciphers SIZE=8 MULTIPLE> -<OPTION SELECTED>SSL_RSA_WITH_RC4_128_MD5 -<OPTION SELECTED>SSL_RSA_WITH_3DES_EDE_CBC_SHA -<OPTION SELECTED>SSL_RSA_WITH_DES_CBC_SHA -<OPTION SELECTED>SSL_RSA_EXPORT_WITH_RC4_40_MD5 -<OPTION SELECTED>SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 -<OPTION SELECTED>SSL_RSA_WITH_NULL_MD5 -<OPTION SELECTED>SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA -<OPTION SELECTED>SSL_RSA_FIPS_WITH_DES_CBC_SHA -</SELECT> -<input type=button value='Clear all' onclick = 'doclearssl3(this.form)'> - -<TD> -<input type=submit name=dotest value='Run SSLStrength'> -</tr> -</table> -<input type=hidden name=dotest> -<br> -<br> -</form> -\n"; - -} - - -exit(0); - - -__END__ - - id CipherName Domestic Export - a SSL_EN_RC4_128_WITH_MD5 (ssl2) Yes No - b SSL_EN_RC2_128_CBC_WITH_MD5 (ssl2) Yes No - c SSL_EN_DES_192_EDE3_CBC_WITH_MD5 (ssl2) Yes No - d SSL_EN_DES_64_CBC_WITH_MD5 (ssl2) Yes No - e SSL_EN_RC4_128_EXPORT40_WITH_MD5 (ssl2) Yes Yes - f SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5 (ssl2) Yes Yes - i SSL_RSA_WITH_RC4_128_MD5 (ssl3) Yes Step-up only - j SSL_RSA_WITH_3DES_EDE_CBC_SHA (ssl3) Yes Step-up only - k SSL_RSA_WITH_DES_CBC_SHA (ssl3) Yes No - l SSL_RSA_EXPORT_WITH_RC4_40_MD5 (ssl3) Yes Yes - m SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 (ssl3) Yes Yes - o SSL_RSA_WITH_NULL_MD5 (ssl3) Yes Yes - - - diff --git a/security/nss/cmd/sslstrength/sslstrength.c b/security/nss/cmd/sslstrength/sslstrength.c deleted file mode 100644 index 7e8604ed0..000000000 --- a/security/nss/cmd/sslstrength/sslstrength.c +++ /dev/null @@ -1,622 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -#ifdef SSLTELNET -#include <termios.h> -#endif - -/* Portable layer header files */ -#include "prinit.h" -#include "prprf.h" -#include "prsystem.h" -#include "prmem.h" -#include "plstr.h" -#include "prnetdb.h" -#include "prinrval.h" - -#include "secutil.h" - -/* Security library files */ -#include "cert.h" -#include "ssl.h" -#include "sslproto.h" -#include "secmod.h" -#include "nss.h" - -/* define this if you want telnet capability! */ - -/* #define SSLTELNET 1 */ - -PRInt32 debug; - -#ifdef DEBUG_stevep -#define dbmsg(x) if (verbose) PR_fprintf(PR_STDOUT,x); -#else -#define dbmsg(x) ; -#endif - - -/* Set SSL Policy to Domestic (strong=1) or Export (strong=0) */ - -#define ALLOW(x) SSL_CipherPolicySet(x,SSL_ALLOWED); SSL_CipherPrefSetDefault(x,1); -#define DISALLOW(x) SSL_CipherPolicySet(x,SSL_NOT_ALLOWED); SSL_CipherPrefSetDefault(x,0); -#define MAYBEALLOW(x) SSL_CipherPolicySet(x,SSL_RESTRICTED); SSL_CipherPrefSetDefault(x,1); - -struct CipherPolicy { - char number; - long id; - char *name; - PRInt32 pref; - PRInt32 domestic; - PRInt32 export; -}; - -struct CipherPolicy ciphers[] = { - { 'a',SSL_EN_RC4_128_WITH_MD5, "SSL_EN_RC4_128_WITH_MD5 (ssl2)",1, SSL_ALLOWED,SSL_NOT_ALLOWED }, - { 'b',SSL_EN_RC2_128_CBC_WITH_MD5, "SSL_EN_RC2_128_CBC_WITH_MD5 (ssl2)",1, SSL_ALLOWED,SSL_NOT_ALLOWED }, - { 'c',SSL_EN_DES_192_EDE3_CBC_WITH_MD5, "SSL_EN_DES_192_EDE3_CBC_WITH_MD5 (ssl2)",1, SSL_ALLOWED,SSL_NOT_ALLOWED }, - { 'd',SSL_EN_DES_64_CBC_WITH_MD5, "SSL_EN_DES_64_CBC_WITH_MD5 (ssl2)",1, SSL_ALLOWED,SSL_NOT_ALLOWED }, - { 'e',SSL_EN_RC4_128_EXPORT40_WITH_MD5, "SSL_EN_RC4_128_EXPORT40_WITH_MD5 (ssl2)",1, SSL_ALLOWED,SSL_ALLOWED }, - { 'f',SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5, "SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5 (ssl2)",1, SSL_ALLOWED,SSL_ALLOWED }, -#ifdef FORTEZZA - { 'g',SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA, "SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA",1,SSL_ALLOWED,SSL_NOT_ALLOWED }, - { 'h',SSL_FORTEZZA_DMS_WITH_RC4_128_SHA, "SSL_FORTEZZA_DMS_WITH_RC4_128_SHA",1, SSL_ALLOWED,SSL_NOT_ALLOWED }, -#endif - { 'i',SSL_RSA_WITH_RC4_128_MD5, "SSL_RSA_WITH_RC4_128_MD5 (ssl3)",1, SSL_ALLOWED,SSL_RESTRICTED }, - { 'j',SSL_RSA_WITH_3DES_EDE_CBC_SHA, "SSL_RSA_WITH_3DES_EDE_CBC_SHA (ssl3)",1, SSL_ALLOWED,SSL_RESTRICTED }, - { 'k',SSL_RSA_WITH_DES_CBC_SHA, "SSL_RSA_WITH_DES_CBC_SHA (ssl3)",1, SSL_ALLOWED,SSL_NOT_ALLOWED }, - { 'l',SSL_RSA_EXPORT_WITH_RC4_40_MD5, "SSL_RSA_EXPORT_WITH_RC4_40_MD5 (ssl3)",1, SSL_ALLOWED,SSL_ALLOWED }, - { 'm',SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, "SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 (ssl3)",1, SSL_ALLOWED,SSL_ALLOWED }, -#ifdef FORTEZZA - { 'n',SSL_FORTEZZA_DMS_WITH_NULL_SHA, "SSL_FORTEZZA_DMS_WITH_NULL_SHA",1, SSL_ALLOWED,SSL_NOT_ALLOWED }, -#endif - { 'o',SSL_RSA_WITH_NULL_MD5, "SSL_RSA_WITH_NULL_MD5 (ssl3)",1, SSL_ALLOWED,SSL_ALLOWED }, - { 'p',SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA (ssl3)",1, SSL_ALLOWED,SSL_NOT_ALLOWED }, - { 'q',SSL_RSA_FIPS_WITH_DES_CBC_SHA, "SSL_RSA_FIPS_WITH_DES_CBC_SHA (ssl3)",1, SSL_ALLOWED,SSL_NOT_ALLOWED } - -}; - -void PrintErrString(char *progName,char *msg) { - - PRErrorCode e = PORT_GetError(); - char *s=NULL; - - - if ((e >= PR_NSPR_ERROR_BASE) && (e < PR_MAX_ERROR)) { - - if (e == PR_DIRECTORY_LOOKUP_ERROR) - s = PL_strdup("Hostname Lookup Failed"); - else if (e == PR_NETWORK_UNREACHABLE_ERROR) - s = PL_strdup("Network Unreachable"); - else if (e == PR_CONNECT_TIMEOUT_ERROR) - s = PL_strdup("Connection Timed Out"); - else s = PR_smprintf("%d",e); - - if (!s) return; - } - else { - s = PL_strdup(SECU_ErrorString(e)); - } - - PR_fprintf(PR_STDOUT,"%s: ",progName); - if (s) { - if (*s) - PR_fprintf(PR_STDOUT, "%s\n", s); - else - PR_fprintf(PR_STDOUT, "\n"); - - PR_Free(s); - } - -} - -void PrintCiphers(int onlyenabled) { - int ciphercount,i; - - if (onlyenabled) { - PR_fprintf(PR_STDOUT,"Your Cipher preference:\n"); - } - - ciphercount = sizeof(ciphers)/sizeof(struct CipherPolicy); - PR_fprintf(PR_STDOUT, - " %s %-45s %-12s %-12s\n","id","CipherName","Domestic","Export"); - - for (i=0;i<ciphercount;i++) { - if ( (onlyenabled ==0) || ((onlyenabled==1)&&(ciphers[i].pref))) { - PR_fprintf(PR_STDOUT, - " %c %-45s %-12s %-12s\n",ciphers[i].number,ciphers[i].name, - (ciphers[i].domestic==SSL_ALLOWED)?"Yes": - ( (ciphers[i].domestic==SSL_NOT_ALLOWED)?"No":"Step-up only"), - (ciphers[i].export==SSL_ALLOWED)?"Yes": - ( (ciphers[i].export==SSL_NOT_ALLOWED)?"No":"Step-up only")); - } - } -} - - -void SetPolicy(char *c,int policy) { /* policy==1 : domestic, policy==0, export */ - int i,j,cpolicy; - /* first, enable all relevant ciphers according to policy */ - for (j=0;j<(sizeof(ciphers)/sizeof(struct CipherPolicy));j++) { - SSL_CipherPolicySet(ciphers[j].id,policy?ciphers[j].domestic:ciphers[j].export); - SSL_CipherPrefSetDefault(ciphers[j].id, PR_FALSE); - ciphers[j].pref =0; - } - - - for (i=0;i<(int)PL_strlen(c);i++) { - for (j=0;j<(sizeof(ciphers)/sizeof(struct CipherPolicy));j++) { - if (ciphers[j].number == c[i]) { - cpolicy = policy?ciphers[j].domestic:ciphers[j].export; - if (cpolicy == SSL_NOT_ALLOWED) { - PR_fprintf(PR_STDOUT, "You're trying to enable a cipher (%c:%s) outside of your policy. ignored\n", - c[i],ciphers[j].name); - } - else { - ciphers[j].pref=1; - SSL_CipherPrefSetDefault(ciphers[j].id, PR_TRUE); - } - } - } - } -} - - -int MyAuthCertificateHook(void *arg, PRFileDesc *fd, PRBool checksig, PRBool isserver) { - return SECSuccess; -} - - -void Usage() { -#ifdef SSLTELNET - PR_fprintf(PR_STDOUT,"SSLTelnet "); -#else - PR_fprintf(PR_STDOUT,"SSLStrength (No telnet functionality) "); -#endif - PR_fprintf(PR_STDOUT,"Version 1.5\n"); - - PR_fprintf(PR_STDOUT,"Usage:\n sslstrength hostname[:port] [ciphers=xyz] [certdir=x] [debug] [verbose] " -#ifdef SSLTELNET -"[telnet]|[servertype]|[querystring=<string>] " -#endif -"[policy=export|domestic]\n sslstrength ciphers\n"); -} - - -PRInt32 debug = 0; -PRInt32 verbose = 0; - -PRInt32 main(PRInt32 argc,char **argv, char **envp) -{ - - - /* defaults for command line arguments */ - char *hostnamearg=NULL; - char *portnumarg=NULL; - char *sslversionarg=NULL; - char *keylenarg=NULL; - char *certdir=NULL; - char *hostname; - char *nickname=NULL; - char *progname=NULL; - /* struct sockaddr_in addr; */ - PRNetAddr addr; - - int ss_on; - char *ss_cipher; - int ss_keysize; - int ss_secretsize; - char *ss_issuer; - char *ss_subject; - int policy=1; - char *set_ssl_policy=NULL; - int print_ciphers=0; - - char buf[10]; - char netdbbuf[PR_NETDB_BUF_SIZE]; - PRHostEnt hp; - PRStatus r; - PRNetAddr na; - SECStatus rv; - int portnum=443; /* default https: port */ - PRFileDesc *s,*fd; - - CERTCertDBHandle *handle; - CERTCertificate *c; - PRInt32 i; -#ifdef SSLTELNET - struct termios tmp_tc; - char cb; - int prev_lflag,prev_oflag,prev_iflag; - int t_fin,t_fout; - int servertype=0, telnet=0; - char *querystring=NULL; -#endif - - debug = 0; - - progname = (char *)PL_strrchr(argv[0], '/'); - progname = progname ? progname+1 : argv[0]; - - /* Read in command line args */ - if (argc == 1) { - Usage(); - return(0); - } - - if (! PL_strcmp("ciphers",argv[1])) { - PrintCiphers(0); - exit(0); - } - - hostname = argv[1]; - - if (!PL_strcmp(hostname , "usage") || !PL_strcmp(hostname, "-help") ) { - Usage(); - exit(0); - } - - if ((portnumarg = PL_strchr(hostname,':'))) { - *portnumarg = 0; - portnumarg = &portnumarg[1]; - } - - if (portnumarg) { - if (*portnumarg == 0) { - PR_fprintf(PR_STDOUT,"malformed port number supplied\n"); - return(1); - } - portnum = atoi(portnumarg); - } - - for (i = 2 ; i < argc; i++) - { - if (!PL_strncmp(argv[i] , "sslversion=",11) ) - sslversionarg=&(argv[i][11]); - else if (!PL_strncmp(argv[i], "certdir=",8) ) - certdir = &(argv[i][8]); - else if (!PL_strncmp(argv[i], "ciphers=",8) ) - { - set_ssl_policy=&(argv[i][8]); - } - else if (!PL_strncmp(argv[i], "policy=",7) ) { - if (!PL_strcmp(&(argv[i][7]),"domestic")) policy=1; - else if (!PL_strcmp(&(argv[i][7]),"export")) policy=0; - else { - PR_fprintf(PR_STDOUT,"sslstrength: invalid argument. policy must be one of (domestic,export)\n"); - } - } - else if (!PL_strcmp(argv[i] , "debug") ) - debug = 1; -#ifdef SSLTELNET - else if (!PL_strcmp(argv[i] , "telnet") ) - telnet = 1; - else if (!PL_strcmp(argv[i] , "servertype") ) - servertype = 1; - else if (!PL_strncmp(argv[i] , "querystring=",11) ) - querystring = &argv[i][12]; -#endif - else if (!PL_strcmp(argv[i] , "verbose") ) - verbose = 1; - } - -#ifdef SSLTELNET - if (telnet && (servertype || querystring)) { - PR_fprintf(PR_STDOUT,"You can't use telnet and (server or querystring) options at the same time\n"); - exit(1); - } -#endif - - PR_fprintf(PR_STDOUT,"Using %s policy\n",policy?"domestic":"export"); - - /* allow you to set env var SSLDIR to set the cert directory */ - if (! certdir) certdir = SECU_DefaultSSLDir(); - - /* if we don't have one still, initialize with no databases */ - if (!certdir) { - rv = NSS_NoDB_Init(NULL); - - (void) SECMOD_AddNewModule("Builtins", DLL_PREFIX"nssckbi."DLL_SUFFIX,0,0); - } else { - rv = NSS_Init(certdir); - SECU_ConfigDirectory(certdir); - } - - /* Lookup host */ - r = PR_GetHostByName(hostname,netdbbuf,PR_NETDB_BUF_SIZE,&hp); - - if (r) { - PrintErrString(progname,"Host Name lookup failed"); - return(1); - } - - /* should the third field really be 0? */ - - PR_EnumerateHostEnt(0,&hp,0,&na); - PR_InitializeNetAddr(PR_IpAddrNull,portnum,&na); - - PR_fprintf(PR_STDOUT,"Connecting to %s:%d\n",hostname, portnum); - - /* Create socket */ - - fd = PR_NewTCPSocket(); - if (fd == NULL) { - PrintErrString(progname, "error creating socket"); - return -1; - } - - s = SSL_ImportFD(NULL,fd); - if (s == NULL) { - PrintErrString(progname, "error creating socket"); - return -1; - } - - dbmsg("10: About to enable security\n"); - - rv = SSL_OptionSet(s, SSL_SECURITY, PR_TRUE); - if (rv < 0) { - PrintErrString(progname, "error enabling socket"); - return -1; - } - - if (set_ssl_policy) { - SetPolicy(set_ssl_policy,policy); - } - else { - PR_fprintf(PR_STDOUT,"Using all ciphersuites usually found in client\n"); - if (policy) { - SetPolicy("abcdefghijklmnopqrst",policy); - } - else { - SetPolicy("efghijlmo",policy); - } - } - - PrintCiphers(1); - - rv = SSL_OptionSet(s, SSL_HANDSHAKE_AS_CLIENT, PR_TRUE); - if (rv < 0) { - PrintErrString(progname, "error enabling client handshake"); - return -1; - } - - dbmsg("30: About to set AuthCertificateHook\n"); - - - SSL_AuthCertificateHook(s, MyAuthCertificateHook, (void *)handle); - /* SSL_AuthCertificateHook(s, SSL_AuthCertificate, (void *)handle); */ - /* SSL_GetClientAuthDataHook(s, GetClientAuthDataHook, (void *)nickname);*/ - - - dbmsg("40: About to SSLConnect\n"); - - /* Try to connect to the server */ - /* now SSL_Connect takes new arguments. */ - - - r = PR_Connect(s, &na, PR_TicksPerSecond()*5); - if (r < 0) { - PrintErrString(progname, "unable to connect"); - return -1; - } - - rv = SSL_ForceHandshake(s); - - if (rv) { - PrintErrString(progname,"SSL Handshake failed. "); - exit(1); - } - - rv = SSL_SecurityStatus(s, &ss_on, &ss_cipher, - &ss_keysize, &ss_secretsize, - &ss_issuer, &ss_subject); - - - dbmsg("60: done with security status, about to print\n"); - - c = SSL_PeerCertificate(s); - if (!c) PR_fprintf(PR_STDOUT,"Couldn't retrieve peers Certificate\n"); - PR_fprintf(PR_STDOUT,"SSL Connection Status\n",rv); - - PR_fprintf(PR_STDOUT," Cipher: %s\n",ss_cipher); - PR_fprintf(PR_STDOUT," Key Size: %d\n",ss_keysize); - PR_fprintf(PR_STDOUT," Secret Key Size: %d\n",ss_secretsize); - PR_fprintf(PR_STDOUT," Issuer: %s\n",ss_issuer); - PR_fprintf(PR_STDOUT," Subject: %s\n",ss_subject); - - PR_fprintf(PR_STDOUT," Valid: from %s to %s\n", - c==NULL?"???":DER_UTCDayToAscii(&c->validity.notBefore), - c==NULL?"???":DER_UTCDayToAscii(&c->validity.notAfter)); - -#ifdef SSLTELNET - - - - - if (servertype || querystring) { - char buffer[1024]; - char ch; - char qs[] = "HEAD / HTTP/1.0"; - - - - - if (!querystring) querystring = qs; - PR_fprintf(PR_STDOUT,"\nServer query mode\n>>Sending:\n%s\n",querystring); - - PR_fprintf(PR_STDOUT,"\n*** Server said:\n"); - ch = querystring[PL_strlen(querystring)-1]; - if (ch == '"' || ch == '\'') { - PR_fprintf(PR_STDOUT,"Warning: I'm not smart enough to cope with quotes mid-string like that\n"); - } - - rv = PR_Write(s,querystring,PL_strlen(querystring)); - if ((rv < 1) ) { - PR_fprintf(PR_STDOUT,"Oh dear - couldn't send servertype query\n"); - goto closedown; - } - - rv = PR_Write(s,"\r\n\r\n",4); - rv = PR_Read(s,buffer,1024); - if ((rv < 1) ) { - PR_fprintf(PR_STDOUT,"Oh dear - couldn't read server repsonse\n"); - goto closedown; - } - PR_Write(PR_STDOUT,buffer,rv); - } - - - if (telnet) { - - PR_fprintf(PR_STDOUT,"---------------------------\n" - "telnet mode. CTRL-C to exit\n" - "---------------------------\n"); - - - - /* fudge terminal attributes */ - t_fin = PR_FileDesc2NativeHandle(PR_STDIN); - t_fout = PR_FileDesc2NativeHandle(PR_STDOUT); - - tcgetattr(t_fin,&tmp_tc); - prev_lflag = tmp_tc.c_lflag; - prev_oflag = tmp_tc.c_oflag; - prev_iflag = tmp_tc.c_iflag; - tmp_tc.c_lflag &= ~ECHO; - /* tmp_tc.c_oflag &= ~ONLCR; */ - tmp_tc.c_lflag &= ~ICANON; - tmp_tc.c_iflag &= ~ICRNL; - tmp_tc.c_cflag |= CS8; - tmp_tc.c_cc[VMIN] = 1; - tmp_tc.c_cc[VTIME] = 0; - - tcsetattr(t_fin, TCSANOW, &tmp_tc); - /* ioctl(tin, FIONBIO, (char *)&onoff); - ioctl(tout, FIONBIO, (char *)&onoff);*/ - - - { - PRPollDesc pds[2]; - char buffer[1024]; - int amt,amtwritten; - char *x; - - /* STDIN */ - pds[0].fd = PR_STDIN; - pds[0].in_flags = PR_POLL_READ; - pds[1].fd = s; - pds[1].in_flags = PR_POLL_READ | PR_POLL_EXCEPT; - - while (1) { - int nfds; - - nfds = PR_Poll(pds,2,PR_SecondsToInterval(2)); - if (nfds == 0) continue; - - /** read input from keyboard*/ - /* note: this is very inefficient if reading from a file */ - - if (pds[0].out_flags & PR_POLL_READ) { - amt = PR_Read(PR_STDIN,&buffer,1); - /* PR_fprintf(PR_STDOUT,"fd[0]:%d=%d\r\n",amt,buffer[0]); */ - if (amt == 0) { - PR_fprintf(PR_STDOUT,"\n"); - goto loser; - } - - if (buffer[0] == '\r') { - buffer[0] = '\r'; - buffer[1] = '\n'; - amt = 2; - } - rv = PR_Write(PR_STDOUT,buffer,amt); - - - rv = PR_Write(s,buffer,amt); - if (rv == -1) { - PR_fprintf(PR_STDOUT,"Error writing to socket: %d\n",PR_GetError()); - } - } - - /***/ - - - /***/ - if (pds[1].out_flags & PR_POLL_EXCEPT) { - PR_fprintf(PR_STDOUT,"\r\nServer closed connection\r\n"); - goto loser; - } - if (pds[1].out_flags & PR_POLL_READ) { - amt = PR_Read(s,&buffer,1024); - - if (amt == 0) { - PR_fprintf(PR_STDOUT,"\r\nServer closed connection\r\n"); - goto loser; - } - rv = PR_Write(PR_STDOUT,buffer,amt); - } - /***/ - - } - } - loser: - - /* set terminal back to normal */ - tcgetattr(t_fin,&tmp_tc); - - tmp_tc.c_lflag = prev_lflag; - tmp_tc.c_oflag = prev_oflag; - tmp_tc.c_iflag = prev_iflag; - tcsetattr(t_fin, TCSANOW, &tmp_tc); - - /* ioctl(tin, FIONBIO, (char *)&onoff); - ioctl(tout, FIONBIO, (char *)&onoff); */ - } - -#endif - /* SSLTELNET */ - - closedown: - - PR_Close(s); - - if (NSS_Shutdown() != SECSuccess) { - exit(1); - } - - return(0); - -} /* main */ - -/*EOF*/ - diff --git a/security/nss/cmd/sslstrength/sslwrap b/security/nss/cmd/sslstrength/sslwrap deleted file mode 100755 index e6955dc92..000000000 --- a/security/nss/cmd/sslstrength/sslwrap +++ /dev/null @@ -1,181 +0,0 @@ -#!/usr/bin/perl -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - - -@profiles = ( -# "host:port" "policy" "ciphers" "exp-cipher" "expkeysize" - - [ "cfu:443", "export", "efijlmo", "RC4-40", "40" ], - [ "hbombsgi:448", "export", "efijlmo", "RC4-40", "40" ], - [ "hbombsgi:448", "domestic", "abcdefijklmo", "RC4", "128" ], - [ "gandalf:5666", "domestic", "abcdefijklmo", "RC4", "128" ], - [ "gandalf:5666", "export", "efijlmo", "RC4", "128" ], - [ "gandalf:5666", "domestic", "j", "3DES-EDE-CBC", "168" ], - [ "gandalf:5666", "domestic", "k", "DES-CBC", "56" ], - [ "gandalf:5666", "export", "l", "RC4-40", "40" ], - [ "gandalf:5666", "export", "efijlmo", "RC4", "128" ], - [ "hbombcfu:443", "export", "efijlmo", "RC4", "128" ], - - ); - -$file = &filename; - -open(HTML, ">$file.htm") || die"Cannot open html output file\n"; - -$mutversion = ""; -$platform = $ARGV[0]; - - -print HTML -"<HTML><HEAD> -<TITLE>ssl/sslstrength: Version: $mutversion Platform: $platform Run date mm/dd/yy</TITLE></HEAD><BODY>\n"; - -print HTML -"<TABLE BORDER=1><TR> -<TD><B>Test Case Number</B></TD> -<TD><B>Program</B></TD> -<TD><B>Description of Test Case</B></TD> -<TD><B>Start date/time<B></TD> -<TD><B>End date/time<B></TD> -<TD><B>PASS/FAIL</B></TD> -</TR>\n"; - -$countpass =0; -$countfail =0; - - -$testnum =0; -for $profile (@profiles) { - $testnum ++; - ($host, $policy, $ciphers, $expcipher, $expkeysize) = @$profile; - - $cmd = "./sslstrength $host policy=$policy ciphers=$ciphers"; - - $starttime = &datestring." ".×tring; - print STDERR "$cmd\n"; - open(PIPE, "$cmd|") || die "Cannot start sslstrength\n"; - - $cipher = ""; - $keysize = ""; - while (<PIPE>) { - chop; - if (/^ Cipher: *(.*)/) { - $cipher = $1; - } - if (/^ Secret Key Size: (.*)/) { - $keysize = $1; - } - } - close(PIPE); - $endtime = &datestring." ".×tring; - - if (( $? != 0) || ($cipher ne $expcipher) || ($keysize ne $expkeysize)) { - $countfail ++; - $passed =0; - } - else { - $countpass ++; - $passed =1; - } - -print HTML -"<TR> -<TD><B>$testnum</B></TD> -<TD></TD> -<TD>$cmd</TD> -<TD>$starttime</TD> -<TD>$endtime</TD> -<TD><B>".($passed ? "PASS" : "<FONT COLOR=red>FAIL: return code = -c=$cipher, ec=$expcipher, s=$keysize, es=$expkeysize.</FONT>")." -</B></TD> -</TR>\n"; - -} - -print HTML "</table>\n"; - -close(HTML); - -open (SUM, ">$file.sum") ||die "couldn't open summary file for writing\n"; - -print SUM <<EOM; -[Status] -mut=SSL -mutversion=1.0 -platform=$platform -pass=$countpass -fail=$countfail -knownFail=0 -malformed=0 -EOM - - close(SUM); - - - -sub timestring -{ - - my ($sec, $min, $hour, $mday, $mon, $year, $wday, $yday, $isdst) = localtime(time); - my $string; - - $string = sprintf "%2d:%02d:%02d",$hour, $min, $sec; - return $string; -} - -sub datestring -{ - - my ($sec, $min, $hour, $mday, $mon, $year, $wday, $yday, $isdst) = localtime(time); - my $string; - - $string = sprintf "%d/%d/%2d",$mon+1, $mday+1, $year; - return $string; -} - -sub filename -{ - - my ($sec, $min, $hour, $mday, $mon, $year, $wday, $yday, $isdst) = localtime(time); - my $string; - - $string = sprintf "%04d%02d%02d",$year+1900, $mon+1, $mday; - return $string; -} - - - - - - diff --git a/security/nss/cmd/ssltap/Makefile b/security/nss/cmd/ssltap/Makefile deleted file mode 100644 index f6d8cc93e..000000000 --- a/security/nss/cmd/ssltap/Makefile +++ /dev/null @@ -1,79 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - -# Since ssltap doesn't use any of NSS, we'll skip NSS's link libs, -# and just link with NSPR. -# -include ../platlibs.mk - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - - - --include ../platrules.mk - diff --git a/security/nss/cmd/ssltap/config.mk b/security/nss/cmd/ssltap/config.mk deleted file mode 100644 index 23b15fbd5..000000000 --- a/security/nss/cmd/ssltap/config.mk +++ /dev/null @@ -1,52 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -####################################################################### -# Set the LDFLAGS value to encompass all normal link options, all # -# library names, and all special system linking options # -####################################################################### - -LDFLAGS = \ - $(DYNAMIC_LIB_PATH) \ - $(LDOPTS) \ - $(LIBPLC) \ - $(LIBPR) \ - $(DLLSYSTEM) - -####################################################################### -# Adjust specific variables for all platforms # -####################################################################### - -OS_CFLAGS += -DNSPR20=1 - - diff --git a/security/nss/cmd/ssltap/manifest.mn b/security/nss/cmd/ssltap/manifest.mn deleted file mode 100644 index adfd2bd03..000000000 --- a/security/nss/cmd/ssltap/manifest.mn +++ /dev/null @@ -1,51 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -CORE_DEPTH = ../../.. - -# MODULE public and private header directories are implicitly REQUIRED. -MODULE = nss - -EXPORTS = - -CSRCS = ssltap.c \ - $(NULL) - -PROGRAM = ssltap - -REQUIRES = seccmd dbm - -PACKAGE_FILES = ssltap-manual.html licence.doc ssltap.exe - -ARCHIVE_NAME = ssltap - diff --git a/security/nss/cmd/ssltap/ssltap-manual.html b/security/nss/cmd/ssltap/ssltap-manual.html deleted file mode 100644 index 28c9e17ee..000000000 --- a/security/nss/cmd/ssltap/ssltap-manual.html +++ /dev/null @@ -1,199 +0,0 @@ -<HTML>
-<!-- - - The contents of this file are subject to the Mozilla Public - - License Version 1.1 (the "License"); you may not use this file - - except in compliance with the License. You may obtain a copy of - - the License at http://www.mozilla.org/MPL/ - - - - Software distributed under the License is distributed on an "AS - - IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - - implied. See the License for the specific language governing - - rights and limitations under the License. - - - - The Original Code is the Netscape security libraries. - - - - The Initial Developer of the Original Code is Netscape - - Communications Corporation. Portions created by Netscape are - - Copyright (C) 1994-2000 Netscape Communications Corporation. All - - Rights Reserved. - - - - Contributor(s): - - - - Alternatively, the contents of this file may be used under the - - terms of the GNU General Public License Version 2 or later (the - - "GPL"), in which case the provisions of the GPL are applicable - - instead of those above. If you wish to allow use of your - - version of this file only under the terms of the GPL and not to - - allow others to use your version of this file under the MPL, - - indicate your decision by deleting the provisions above and - - replace them with the notice and other provisions required by - - the GPL. If you do not delete the provisions above, a recipient - - may use your version of this file under either the MPL or the - - GPL. - --> -<HEAD>
- <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
- <META NAME="GENERATOR" CONTENT="Mozilla/4.05 [en] (WinNT; U) [Netscape]">
- <META NAME="Author" CONTENT="Steve Parkinson">
- <TITLE>SSLTap - manual</TITLE>
-</HEAD>
-<BODY>
-
-<H1>
-SSLTap Manual page</H1>
-
-<H3>
-Summary</H3>
-A command-line proxy which is SSL-aware. It snoops on TCP connections,
-and displays the data going by, including SSL records and handshaking
-if the connection is SSL.
-<H3>
-Synopsis</H3>
-<TT>ssltap [-vhfsxl] [-p port] hostname:port</TT>
-
-<P><TT> -v [prints version string]</TT>
-<BR><TT> -h [outputs hex instead
-of ASCII]</TT>
-<BR><TT> -f [turn on Fancy HTML
-coloring]</TT>
-<BR><TT> -s [turn on SSL decoding]</TT>
-<BR><TT> -x [turn on extra SSL
-hex dumps]</TT>
-<BR><TT> -p port [specify rendezvous port (default 1924)]</TT>
-<BR><TT> -l [loop - continue
-to wait for more connections]</TT>
-<H3>
-Description</H3>
-SSLTap opens a socket on a rendezvous port, and waits for an incoming connection
-(client side). Once this connection arrives, SSLTap makes another connection
-to hostname:port (server side). It passes any data sent by the client to
-the server, and vice versa. However, SSLTap will also display the data
-to the console. It can do this for plain HTTP connections, or any TCP protocol.
-However, SSLTap can also work with SSL streams, as detailed below.
-
-<P>Let's assume your development machine is called 'intercept'. The simplest
-usage of SSLTap is to run the command <TT>'ssltap www.netscape.com:80'</TT>
-on intercept. The program will wait for an incoming connection on port
-1924. Next you would want to go to your browser, and enter the URL http://intercept:1924.
-The page retrieved by the browser will actually be gotten from the server
-at www.netscape.com, but will go via SSLTap.
-
-<P>Data sent from the client to the server is surrounded by a '--> [ ]'
-symbol, and data sent from the server to the client, a '<---[
-]' symbol.
-
-<P>You'll notice that the page retrieved with this example looks incomplete.
-This is because SSLTap by default closes down after the first connection
-is complete, so the browser is not able to load images. To make the SSLTap
-continue to accept connections, switch on looping mode with the -l option.
-
-<P>You can change the default rendezvous port to something else with the
--p option.
-
-<P>The remaining options change the way the output is produced.
-
-<P>The -f option prints 'fancy' output - in colored HTML. Data sent from
-the client to the server is in blue. The server's reply is in red. This
-is designed so you can load the output up into a browser. When used with
-looping mode, the different connections are separated with horizontal lines.
-
-<P>-x will turn on HEX printing. Instead of being output as ascii, the
-data is shown as Hex, like this:
-<UL><TT><-- [</TT>
-<BR><TT> 0: 56 d5 16 3e a1 6b b1 4a 8f 67 c4 d7
-21 2f 6f dd | V..>.k.J.g..!/o.</TT>
-<BR><TT> 10: bb 22 c4 75 8c f4 ce 28 16 a6 20 aa
-fb 9a 59 a1 | .".u...(.. ...Y.</TT>
-<BR><TT> 20: 51 91 14 d2 fc 9f a7 ea 4d 9c f7 3a
-9d 83 62 4a | Q.......M..:..bJ</TT>
-<BR><TT>]</TT>
-<BR> </UL>
-
-<H4>
-SSL Parse mode</H4>
-The following options deal with SSL connections.
-<UL>-s will turn on SSL parsing. (SSLTap doesn't automatically detect SSL
-sessions.)
-<BR>-x will turn on extra SSL hexdumps. Mostly, if SSL can decode the data,
-it doesn't display the hex.</UL>
-The following SSL3 Data structures are parsed: Handshake, ClientHello,
-ServerHello, CertificateChain, Certificate. In addition, SSL2 ClientHello,
-ServerHello, ClientMasterKey are also partly parsed. NO DECRYPTION IS PERFORMED
-ON THE DATA. SSLTAP CANNOT DECRYPT the data.
-
-<P>If a certificate chain is detected, DER-encoded certificates will be
-saved into files in the current directory called 'cert.0x' where x is the
-sequence number of the certificate.
-<BR>
-<H3>
-Operation Hints</H3>
-Often, you'll find that the server certificate does not get transferred,
-or other parts of the handshake do not happen. This is because the browser
-is taking advantage of session-id-reuse (using the handshake results from
-a previous session). If you restart the browser, it'll clear the session
-id cache.
-
-<P>If you run the ssltap on a different machine that the ssl server you're
-trying to connect to, the browser will complain that the host name you're
-trying to connect to is different to the certificate, but it will still
-let you connect, after showing you a dialog.
-<H3>
-Bugs</H3>
-Please contact <A HREF="mailto:ssltap-support@netscape.com">ssltap-support@netscape.com</A>
-for bug reports.
-<H3>
-History</H3>
-2.1 - First public release (March 1998)
-<BR>
-<H3>
-Other</H3>
-For reference, here is a table of some well-known port numbers:
-<BR>
-<TABLE BORDER=2 >
-<TR>
-<TD>HTTP</TD>
-
-<TD>80</TD>
-</TR>
-
-<TR>
-<TD>SMTP</TD>
-
-<TD>25</TD>
-</TR>
-
-<TR>
-<TD>HTTPS</TD>
-
-<TD>443</TD>
-</TR>
-
-<TR>
-<TD>FTP</TD>
-
-<TD>21</TD>
-</TR>
-
-<TR>
-<TD>IMAPS</TD>
-
-<TD>993</TD>
-</TR>
-
-<TR>
-<TD>NNTP</TD>
-
-<TD>119</TD>
-</TR>
-
-<TR>
-<TD>NNTPS</TD>
-
-<TD>563</TD>
-</TR>
-</TABLE>
-
-
-<P>
-</BODY>
-</HTML>
diff --git a/security/nss/cmd/ssltap/ssltap.c b/security/nss/cmd/ssltap/ssltap.c deleted file mode 100644 index a951057ea..000000000 --- a/security/nss/cmd/ssltap/ssltap.c +++ /dev/null @@ -1,1367 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -/* - * ssltap.c - * - * Version 1.0 : Frederick Roeber : 11 June 1997 - * Version 2.0 : Steve Parkinson : 13 November 1997 - * Version 3.0 : Nelson Bolyard : 22 July 1998 - * Version 3.1 : Nelson Bolyard : 24 May 1999 - * - * changes in version 2.0: - * Uses NSPR20 - * Shows structure of SSL negotiation, if enabled. - * - * This "proxies" a socket connection (like a socks tunnel), but displays the - * data is it flies by. - * - * In the code, the 'client' socket is the one on the client side of the - * proxy, and the server socket is on the server side. - * - */ - -#include "nspr.h" -#include "plstr.h" -#include "secutil.h" -#include <memory.h> /* for memcpy, etc. */ -#include <string.h> -#include <time.h> - -#include "plgetopt.h" - -#define VERSIONSTRING "$Revision$ ($Date$) $Author$" - - -struct _DataBufferList; -struct _DataBuffer; - -typedef struct _DataBufferList { - struct _DataBuffer *first,*last; - int size; - int isEncrypted; -} DataBufferList; - -typedef struct _DataBuffer { - unsigned char *buffer; - int length; - int offset; /* offset of first good byte */ - struct _DataBuffer *next; -} DataBuffer; - - -DataBufferList - clientstream = {NULL, NULL, 0, 0}, - serverstream = {NULL, NULL, 0, 0}; - -struct sslhandshake { - PRUint8 type; - PRUint32 length; -}; - -typedef struct _SSLRecord { - PRUint8 type; - PRUint8 ver_maj,ver_min; - - PRUint8 length[2]; -} SSLRecord; - -typedef struct _ClientHelloV2 { - PRUint8 length[2]; - PRUint8 type; - PRUint8 version[2]; - PRUint8 cslength[2]; - PRUint8 sidlength[2]; - PRUint8 rndlength[2]; - PRUint8 csuites[1]; -} ClientHelloV2; - -typedef struct _ServerHelloV2 { - PRUint8 length[2]; - PRUint8 type; - PRUint8 sidhit; - PRUint8 certtype; - PRUint8 version[2]; - PRUint8 certlength[2]; - PRUint8 cslength[2]; - PRUint8 cidlength[2]; -} ServerHelloV2; - -typedef struct _ClientMasterKeyV2 { - PRUint8 length[2]; - PRUint8 type; - - PRUint8 cipherkind[3]; - PRUint8 clearkey[2]; - PRUint8 secretkey[2]; - -} ClientMasterKeyV2; - - - -#define TAPBUFSIZ 16384 - -#define DEFPORT 1924 -#include <ctype.h> - -int hexparse=0; -int sslparse=0; -int sslhexparse=0; -int looparound=0; -int fancy=0; -int isV2Session=0; - -#define GET_SHORT(x) ((PRUint16)(((PRUint16)((PRUint8*)x)[0]) << 8) + ((PRUint16)((PRUint8*)x)[1])) -#define GET_24(x) ((PRUint32) ( \ - (((PRUint32)((PRUint8*)x)[0]) << 16) \ - + \ - (((PRUint32)((PRUint8*)x)[1]) << 8) \ - + \ - (((PRUint32)((PRUint8*)x)[2]) << 0) \ - ) ) - -void print_hex(int amt, unsigned char *buf); -void read_stream_bytes(unsigned char *d, DataBufferList *db, int length); - -void myhalt(int dblsize,int collectedsize) { - - while(1) ; - -} - -const char *get_error_text(int error) { - switch (error) { - case PR_IO_TIMEOUT_ERROR: - return "Timeout"; - break; - case PR_CONNECT_REFUSED_ERROR: - return "Connection refused"; - break; - case PR_NETWORK_UNREACHABLE_ERROR: - return "Network unreachable"; - break; - case PR_BAD_ADDRESS_ERROR: - return "Bad address"; - break; - case PR_CONNECT_RESET_ERROR: - return "Connection reset"; - break; - case PR_PIPE_ERROR: - return "Pipe error"; - break; - } - - return ""; -} - - - - - -void check_integrity(DataBufferList *dbl) { - DataBuffer *db; - int i; - - db = dbl->first; - i =0; - while (db) { - i+= db->length - db->offset; - db = db->next; - } - if (i != dbl->size) { - myhalt(dbl->size,i); - } -} - -/* Free's the DataBuffer at the head of the list and returns the pointer - * to the new head of the list. - */ -DataBuffer * -free_head(DataBufferList *dbl) -{ - DataBuffer *db = dbl->first; - PR_ASSERT(db->offset >= db->length); - if (db->offset >= db->length) { - dbl->first = db->next; - if (dbl->first == NULL) { - dbl->last = NULL; - } - PR_Free(db->buffer); - PR_Free(db); - db = dbl->first; - } - return db; -} - -void -read_stream_bytes(unsigned char *d, DataBufferList *dbl, int length) { - int copied = 0; - DataBuffer *db = dbl->first; - - if (!db) { - PR_fprintf(PR_STDERR,"assert failed - dbl->first is null\n"); - exit(8); - } - while (length) { - int toCopy; - /* find the number of bytes to copy from the head buffer */ - /* if there's too many in this buffer, then only copy 'length' */ - toCopy = PR_MIN(db->length - db->offset, length); - - memcpy(d + copied, db->buffer + db->offset, toCopy); - copied += toCopy; - db->offset += toCopy; - length -= toCopy; - dbl->size -= toCopy; - - /* if we emptied the head buffer */ - if (db->offset >= db->length) { - db = free_head(dbl); - } - } - - check_integrity(dbl); - -} - -void -flush_stream(DataBufferList *dbl) -{ - DataBuffer *db = dbl->first; - check_integrity(dbl); - while (db) { - db->offset = db->length; - db = free_head(dbl); - } - dbl->size = 0; - check_integrity(dbl); -} - - -const char * V2CipherString(int cs_int) { - char *cs_str; - cs_str = NULL; - switch (cs_int) { - - case 0x010080: cs_str = "SSL2/RSA/RC4-128/MD5"; break; - case 0x020080: cs_str = "SSL2/RSA/RC4-40/MD5"; break; - case 0x030080: cs_str = "SSL2/RSA/RC2CBC128/MD5"; break; - case 0x040080: cs_str = "SSL2/RSA/RC2CBC40/MD5"; break; - case 0x050080: cs_str = "SSL2/RSA/IDEA128CBC/MD5"; break; - case 0x060040: cs_str = "SSL2/RSA/DES56-CBC/MD5"; break; - case 0x0700C0: cs_str = "SSL2/RSA/3DES192EDE-CBC/MD5"; break; - - case 0x000001: cs_str = "SSL3/RSA/NULL/MD5"; break; - case 0x000002: cs_str = "SSL3/RSA/NULL/SHA"; break; - case 0x000003: cs_str = "SSL3/RSA/RC4-40/MD5"; break; - case 0x000004: cs_str = "SSL3/RSA/RC4-128/MD5"; break; - case 0x000005: cs_str = "SSL3/RSA/RC4-128/SHA"; break; - case 0x000006: cs_str = "SSL3/RSA/RC2CBC40/MD5"; break; - case 0x000007: cs_str = "SSL3/RSA/IDEA128CBC/SHA"; break; - case 0x000008: cs_str = "SSL3/RSA/DES40-CBC/SHA"; break; - case 0x000009: cs_str = "SSL3/RSA/DES56-CBC/SHA"; break; - case 0x00000A: cs_str = "SSL3/RSA/3DES192EDE-CBC/SHA"; break; - - case 0x00000B: cs_str = "SSL3/DH-DSS/DES40-CBC/SHA"; break; - case 0x00000C: cs_str = "SSL3/DH-DSS/DES56-CBC/SHA"; break; - case 0x00000D: cs_str = "SSL3/DH-DSS/DES192EDE3CBC/SHA"; break; - case 0x00000E: cs_str = "SSL3/DH-RSA/DES40-CBC/SHA"; break; - case 0x00000F: cs_str = "SSL3/DH-RSA/DES56-CBC/SHA"; break; - case 0x000010: cs_str = "SSL3/DH-RSA/3DES192EDE-CBC/SHA"; break; - - case 0x000011: cs_str = "SSL3/DHE-DSS/DES40-CBC/SHA"; break; - case 0x000012: cs_str = "SSL3/DHE-DSS/DES56-CBC/SHA"; break; - case 0x000013: cs_str = "SSL3/DHE-DSS/DES192EDE3CBC/SHA"; break; - case 0x000014: cs_str = "SSL3/DHE-RSA/DES40-CBC/SHA"; break; - case 0x000015: cs_str = "SSL3/DHE-RSA/DES56-CBC/SHA"; break; - case 0x000016: cs_str = "SSL3/DHE-RSA/3DES192EDE-CBC/SHA"; break; - - case 0x000017: cs_str = "SSL3/DH-anon/RC4-40/MD5"; break; - case 0x000018: cs_str = "SSL3/DH-anon/RC4-128/MD5"; break; - case 0x000019: cs_str = "SSL3/DH-anon/DES40-CBC/SHA"; break; - case 0x00001A: cs_str = "SSL3/DH-anon/DES56-CBC/SHA"; break; - case 0x00001B: cs_str = "SSL3/DH-anon/3DES192EDE-CBC/SHA"; break; - - case 0x00001C: cs_str = "SSL3/FORTEZZA-DMS/NULL/SHA"; break; - case 0x00001D: cs_str = "SSL3/FORTEZZA-DMS/FORTEZZA-CBC/SHA"; break; - case 0x00001E: cs_str = "SSL3/FORTEZZA-DMS/RC4-128/SHA"; break; - - case 0x00002F: cs_str = "TLS/RSA/AES128-CBC/SHA"; break; - case 0x000030: cs_str = "TLS/DH-DSS/AES128-CBC/SHA"; break; - case 0x000031: cs_str = "TLS/DH-RSA/AES128-CBC/SHA"; break; - case 0x000032: cs_str = "TLS/DHE-DSS/AES128-CBC/SHA"; break; - case 0x000033: cs_str = "TLS/DHE-RSA/AES128-CBC/SHA"; break; - case 0x000034: cs_str = "TLS/DH-ANON/AES128-CBC/SHA"; break; - - case 0x000035: cs_str = "TLS/RSA/AES256-CBC/SHA"; break; - case 0x000036: cs_str = "TLS/DH-DSS/AES256-CBC/SHA"; break; - case 0x000037: cs_str = "TLS/DH-RSA/AES256-CBC/SHA"; break; - case 0x000038: cs_str = "TLS/DHE-DSS/AES256-CBC/SHA"; break; - case 0x000039: cs_str = "TLS/DHE-RSA/AES256-CBC/SHA"; break; - case 0x00003A: cs_str = "TLS/DH-ANON/AES256-CBC/SHA"; break; - - case 0x000047: cs_str = "TLS/ECDH-ECDSA/NULL/SHA"; break; - case 0x000048: cs_str = "TLS/ECDH-ECDSA/RC4-128/SHA"; break; - case 0x000049: cs_str = "TLS/ECDH-ECDSA/DES-CBC/SHA"; break; - case 0x00004A: cs_str = "TLS/ECDH-ECDSA/3DESEDE-CBC/SHA"; break; - case 0x00004B: cs_str = "TLS/ECDH-ECDSA/AES128-CBC/SHA"; break; - case 0x00004C: cs_str = "TLS/ECDH-ECDSA/AES256-CBC/SHA"; break; - - case 0x00004D: cs_str = "TLS/ECDH-RSA/NULL/SHA"; break; - case 0x00004E: cs_str = "TLS/ECDH-RSA/RC4-128/SHA"; break; - case 0x00004F: cs_str = "TLS/ECDH-RSA/DES-CBC/SHA"; break; - case 0x000050: cs_str = "TLS/ECDH-RSA/3DESEDE-CBC/SHA"; break; - case 0x000051: cs_str = "TLS/ECDH-RSA/AES128-CBC/SHA"; break; - case 0x000052: cs_str = "TLS/ECDH-RSA/AES256-CBC/SHA"; break; - - case 0x000062: cs_str = "TLS/RSA-EXPORT1024/DES56-CBC/SHA"; break; - case 0x000064: cs_str = "TLS/RSA-EXPORT1024/RC4-56/SHA"; break; - case 0x000063: cs_str = "TLS/DHE-DSS_EXPORT1024/DES56-CBC/SHA"; break; - case 0x000065: cs_str = "TLS/DHE-DSS_EXPORT1024/RC4-56/SHA"; break; - case 0x000066: cs_str = "TLS/DHE-DSS/RC4-128/SHA"; break; - - case 0x000077: cs_str = "TLS/ECDHE-ECDSA/AES128-CBC/SHA"; break; - case 0x000078: cs_str = "TLS/ECDHE-RSA/AES128-CBC/SHA"; break; - - case 0x00feff: cs_str = "SSL3/RSA-FIPS/3DESEDE-CBC/SHA"; break; - case 0x00fefe: cs_str = "SSL3/RSA-FIPS/DES-CBC/SHA"; break; - case 0x00ffe1: cs_str = "SSL3/RSA-FIPS/DES56-CBC/SHA"; break; - case 0x00ffe0: cs_str = "SSL3/RSA-FIPS/3DES192EDE-CBC/SHA"; break; - - /* the string literal is broken up to avoid trigraphs */ - default: cs_str = "????" "/????????" "/?????????" "/???"; break; - } - - return cs_str; -} - -void partial_packet(int thispacket, int size, int needed) -{ - PR_fprintf(PR_STDOUT,"(%u bytes", thispacket); - if (thispacket < needed) { - PR_fprintf(PR_STDOUT,", making %u", size); - } - PR_fprintf(PR_STDOUT," of %u", needed); - if (size > needed) { - PR_fprintf(PR_STDOUT,", with %u left over", size - needed); - } - PR_fprintf(PR_STDOUT,")\n"); -} - -char * get_time_string(void) -{ - char *cp; - char *eol; - time_t tt; - - time(&tt); - cp = ctime(&tt); - eol = strchr(cp, '\n'); - if (eol) - *eol = 0; - return cp; -} - -void print_sslv2(DataBufferList *s, unsigned char *tbuf, unsigned int alloclen) -{ - ClientHelloV2 *chv2; - ServerHelloV2 *shv2; - unsigned char *pos; - unsigned int p; - unsigned int q; - PRUint32 len; - - chv2 = (ClientHelloV2 *)tbuf; - shv2 = (ServerHelloV2 *)tbuf; - if (s->isEncrypted) { - PR_fprintf(PR_STDOUT," [ssl2] Encrypted {...}\n"); - return; - } - PR_fprintf(PR_STDOUT," [%s]", get_time_string() ); - switch(chv2->type) { - case 1: - PR_fprintf(PR_STDOUT," [ssl2] ClientHelloV2 {\n"); - PR_fprintf(PR_STDOUT," version = {0x%02x, 0x%02x}\n", - (PRUint32)chv2->version[0],(PRUint32)chv2->version[1]); - PR_fprintf(PR_STDOUT," cipher-specs-length = %d (0x%02x)\n", - (PRUint32)(GET_SHORT((chv2->cslength))), - (PRUint32)(GET_SHORT((chv2->cslength)))); - PR_fprintf(PR_STDOUT," sid-length = %d (0x%02x)\n", - (PRUint32)(GET_SHORT((chv2->sidlength))), - (PRUint32)(GET_SHORT((chv2->sidlength)))); - PR_fprintf(PR_STDOUT," challenge-length = %d (0x%02x)\n", - (PRUint32)(GET_SHORT((chv2->rndlength))), - (PRUint32)(GET_SHORT((chv2->rndlength)))); - PR_fprintf(PR_STDOUT," cipher-suites = { \n"); - for (p=0;p<GET_SHORT((chv2->cslength));p+=3) { - const char *cs_str=NULL; - PRUint32 cs_int=0; - cs_int = GET_24((&chv2->csuites[p])); - cs_str = V2CipherString(cs_int); - - PR_fprintf(PR_STDOUT," (0x%06x) %s\n", - cs_int, cs_str); - } - q = p; - PR_fprintf(PR_STDOUT," }\n"); - if (chv2->sidlength) { - PR_fprintf(PR_STDOUT," session-id = { "); - for (p=0;p<GET_SHORT((chv2->sidlength));p+=2) { - PR_fprintf(PR_STDOUT,"0x%04x ",(PRUint32)(GET_SHORT((&chv2->csuites[p+q])))); - } - } - q += p; - PR_fprintf(PR_STDOUT,"}\n"); - if (chv2->rndlength) { - PR_fprintf(PR_STDOUT," challenge = { "); - for (p=0;p<GET_SHORT((chv2->rndlength));p+=2) { - PR_fprintf(PR_STDOUT,"0x%04x ",(PRUint32)(GET_SHORT((&chv2->csuites[p+q])))); - } - PR_fprintf(PR_STDOUT,"}\n"); - } - PR_fprintf(PR_STDOUT,"}\n"); - break; - /* end of V2 CLientHello Parsing */ - - case 2: /* Client Master Key */ - { - const char *cs_str=NULL; - PRUint32 cs_int=0; - ClientMasterKeyV2 *cmkv2; - cmkv2 = (ClientMasterKeyV2 *)chv2; - isV2Session = 1; - - PR_fprintf(PR_STDOUT," [ssl2] ClientMasterKeyV2 { \n"); - - cs_int = GET_24(&cmkv2->cipherkind[0]); - cs_str = V2CipherString(cs_int); - PR_fprintf(PR_STDOUT," cipher-spec-chosen = (0x%06x) %s\n", - cs_int, cs_str); - - PR_fprintf(PR_STDOUT," clear-portion = %d bits\n", - 8*(PRUint32)(GET_SHORT((cmkv2->clearkey)))); - - PR_fprintf(PR_STDOUT," }\n"); - clientstream.isEncrypted = 1; - serverstream.isEncrypted = 1; - } - break; - - - case 3: - PR_fprintf(PR_STDOUT," [ssl2] Client Finished V2 {...}\n"); - isV2Session = 1; - break; - - - case 4: /* V2 Server Hello */ - isV2Session = 1; - - PR_fprintf(PR_STDOUT," [ssl2] ServerHelloV2 {\n"); - PR_fprintf(PR_STDOUT," sid hit = {0x%02x}\n", - (PRUintn)shv2->sidhit); - PR_fprintf(PR_STDOUT," version = {0x%02x, 0x%02x}\n", - (PRUint32)shv2->version[0],(PRUint32)shv2->version[1]); - PR_fprintf(PR_STDOUT," cipher-specs-length = %d (0x%02x)\n", - (PRUint32)(GET_SHORT((shv2->cslength))), - (PRUint32)(GET_SHORT((shv2->cslength)))); - PR_fprintf(PR_STDOUT," sid-length = %d (0x%02x)\n", - (PRUint32)(GET_SHORT((shv2->cidlength))), - (PRUint32)(GET_SHORT((shv2->cidlength)))); - - pos = (unsigned char *)shv2; - pos += 2; /* skip length header */ - pos += 11; /* position pointer to Certificate data area */ - q = GET_SHORT(&shv2->certlength); - if (q >alloclen) { - goto eosh; - } - pos += q; /* skip certificate */ - - PR_fprintf(PR_STDOUT," cipher-suites = { "); - len = GET_SHORT((shv2->cslength)); - for (p = 0; p < len; p += 3) { - const char *cs_str=NULL; - PRUint32 cs_int=0; - cs_int = GET_24((pos+p)); - cs_str = V2CipherString(cs_int); - PR_fprintf(PR_STDOUT,"\n "); - PR_fprintf(PR_STDOUT,"(0x%06x) %s", cs_int, cs_str); - } - pos += len; - PR_fprintf(PR_STDOUT," }\n"); /* End of cipher suites */ - len = (PRUint32)GET_SHORT((shv2->cidlength)); - if (len) { - PR_fprintf(PR_STDOUT," connection-id = { "); - for (p = 0; p < len; p += 2) { - PR_fprintf(PR_STDOUT,"0x%04x ", (PRUint32)(GET_SHORT((pos + p)))); - } - PR_fprintf(PR_STDOUT," }\n"); /* End of connection id */ - } -eosh: - PR_fprintf(PR_STDOUT,"\n }\n"); /* end of ServerHelloV2 */ - if (shv2->sidhit) { - clientstream.isEncrypted = 1; - serverstream.isEncrypted = 1; - } - break; - - case 5: - PR_fprintf(PR_STDOUT," [ssl2] Server Verify V2 {...}\n"); - isV2Session = 1; - break; - - case 6: - PR_fprintf(PR_STDOUT," [ssl2] Server Finished V2 {...}\n"); - isV2Session = 1; - break; - - case 7: - PR_fprintf(PR_STDOUT," [ssl2] Request Certificate V2 {...}\n"); - isV2Session = 1; - break; - - case 8: - PR_fprintf(PR_STDOUT," [ssl2] Client Certificate V2 {...}\n"); - isV2Session = 1; - break; - - default: - PR_fprintf(PR_STDOUT," [ssl2] UnknownType 0x%02x {...}\n", - (PRUint32)chv2->type); - break; - } -} - - - - - - -void print_ssl3_handshake(unsigned char *tbuf, - unsigned int alloclen, - SSLRecord * sr) -{ - struct sslhandshake sslh; - unsigned char * hsdata; - int offset=0; - - PR_fprintf(PR_STDOUT," handshake {\n"); - - while (offset < alloclen) { - sslh.type = tbuf[offset]; - sslh.length = GET_24(tbuf+offset+1); - hsdata= &tbuf[offset+4]; - - if (sslhexparse) print_hex(4,tbuf+offset); - - PR_fprintf(PR_STDOUT," type = %d (",sslh.type); - switch(sslh.type) { - case 0: PR_fprintf(PR_STDOUT,"hello_request)\n"); break; - case 1: PR_fprintf(PR_STDOUT,"client_hello)\n"); break; - case 2: PR_fprintf(PR_STDOUT,"server_hello)\n"); break; - case 11: PR_fprintf(PR_STDOUT,"certificate)\n"); break; - case 12: PR_fprintf(PR_STDOUT,"server_key_exchange)\n"); break; - case 13: PR_fprintf(PR_STDOUT,"certificate_request)\n"); break; - case 14: PR_fprintf(PR_STDOUT,"server_hello_done)\n"); break; - case 15: PR_fprintf(PR_STDOUT,"certificate_verify)\n"); break; - case 16: PR_fprintf(PR_STDOUT,"client_key_exchange)\n"); break; - case 20: PR_fprintf(PR_STDOUT,"finished)\n"); break; - default: PR_fprintf(PR_STDOUT,"unknown)\n"); - } - - PR_fprintf(PR_STDOUT," length = %d (0x%06x)\n",sslh.length,sslh.length); - switch (sslh.type) { - - case 1: /* client hello */ - switch (sr->ver_maj) { - case 2: /* ssl version 2 */ - PR_fprintf(PR_STDOUT," ClientHelloV2 {...}\n"); - break; - case 3: /* ssl version 3 */ - { - int sidlength,pos,csuitelength,w; - PR_fprintf(PR_STDOUT," ClientHelloV3 {\n"); - PR_fprintf(PR_STDOUT," client_version = {%d, %d}\n", - (PRUint8)hsdata[0],(PRUint8)hsdata[1]); - PR_fprintf(PR_STDOUT," random = {...}\n"); - if (sslhexparse) print_hex(32,&hsdata[2]); - PR_fprintf(PR_STDOUT," session ID = {\n"); - sidlength = (int)hsdata[2+32]; - PR_fprintf(PR_STDOUT," length = %d\n",sidlength); - PR_fprintf(PR_STDOUT," contents = {..}\n"); - if (sslhexparse) print_hex(sidlength,&hsdata[2+32+1]); - PR_fprintf(PR_STDOUT," }\n"); - pos = 2+32+1+sidlength; - csuitelength = GET_SHORT((hsdata+pos)); - PR_fprintf(PR_STDOUT," cipher_suites[%d] = { \n", - csuitelength/2); - if (csuitelength%1) { - PR_fprintf(PR_STDOUT, - "*error in protocol - csuitelength shouldn't be odd*\n"); - } - - for (w=0; w<csuitelength; w+=2) { - const char *cs_str=NULL; - PRUint32 cs_int=0; - cs_int = GET_SHORT((hsdata+pos+2+w)); - cs_str = V2CipherString(cs_int); - - PR_fprintf(PR_STDOUT, - " (0x%04x) %s\n", cs_int, cs_str); - } - - /* for (w=0;w<csuitelength;w+=2) { - PR_fprintf(PR_STDOUT,"0x%04x ",GET_SHORT((hsdata+pos+2+w))); - } */ - - PR_fprintf(PR_STDOUT,"\n }\n"); - PR_fprintf(PR_STDOUT," }\n"); - - - - } /* end of ssl version 3 */ - break; - default: - PR_fprintf(PR_STDOUT," ClientHelloUndefinedVersion{}\n"); - } /* end of switch sr->ver_maj */ - break; - - case 2: /* server hello */ - { - int sidlength, pos; - const char *cs_str=NULL; - PRUint32 cs_int=0; - PR_fprintf(PR_STDOUT," ServerHello {\n"); - PR_fprintf(PR_STDOUT," server_version = {%d, %d}\n", - (PRUint8)hsdata[0],(PRUint8)hsdata[1]); - PR_fprintf(PR_STDOUT," random = {...}\n"); - if (sslhexparse) print_hex(32,&hsdata[2]); - PR_fprintf(PR_STDOUT," session ID = {\n"); - sidlength = (int)hsdata[2+32]; - PR_fprintf(PR_STDOUT," length = %d\n",sidlength); - PR_fprintf(PR_STDOUT," contents = {..}\n"); - if (sslhexparse) print_hex(sidlength,&hsdata[2+32+1]); - PR_fprintf(PR_STDOUT," }\n"); - pos = 2+32+1+sidlength; - cs_int = GET_SHORT((hsdata+pos)); - cs_str = V2CipherString(cs_int); - PR_fprintf(PR_STDOUT," cipher_suite = (0x%04x) %s\n", - cs_int, cs_str); - PR_fprintf(PR_STDOUT," }\n"); - } - break; - - - - case 11: /* certificate */ - { - PRFileDesc *cfd; - int pos; - int certslength; - int certlength; - int certbytesread = 0; - static int certFileNumber; - char certFileName[20]; - - PR_fprintf(PR_STDOUT," CertificateChain {\n"); - certslength = GET_24(hsdata); - PR_fprintf(PR_STDOUT," chainlength = %d (0x%04x)\n", - certslength,certslength); - pos = 3; - while (certbytesread < certslength) { - certlength = GET_24((hsdata+pos)); - pos += 3; - PR_fprintf(PR_STDOUT," Certificate {\n"); - PR_fprintf(PR_STDOUT," size = %d (0x%04x)\n", - certlength,certlength); - - PR_snprintf(certFileName, sizeof certFileName, "cert.%03d", - ++certFileNumber); - cfd = PR_Open(certFileName, PR_WRONLY|PR_CREATE_FILE, 0664); - if (!cfd) { - PR_fprintf(PR_STDOUT, - " data = { couldn't save file '%s' }\n", - certFileName); - } else { - PR_Write(cfd, (hsdata+pos), certlength); - PR_fprintf(PR_STDOUT, - " data = { saved in file '%s' }\n", - certFileName); - PR_Close(cfd); - } - - PR_fprintf(PR_STDOUT," }\n"); - pos += certlength; - certbytesread += certlength+3; - } - PR_fprintf(PR_STDOUT," }\n"); - } - break; - - case 13: /* certificate request */ - if (sslhexparse) { - PR_fprintf(PR_STDOUT," CertificateRequest {\n"); - print_hex(sslh.length, hsdata); - PR_fprintf(PR_STDOUT," }\n"); - } - break; - - case 16: /* client key exchange */ - { - PR_fprintf(PR_STDOUT," ClientKeyExchange {\n"); - PR_fprintf(PR_STDOUT," message = {...}\n"); - PR_fprintf(PR_STDOUT," }\n"); - } - break; - - } /* end of switch sslh.type */ - offset += sslh.length + 4; /* +4 because of length (3 bytes) and type (1 byte) */ - } /* while */ - PR_fprintf(PR_STDOUT," }\n"); -} - - -void print_ssl(DataBufferList *s, int length, unsigned char *buffer) -{ - /* -------------------------------------------------------- */ - /* first, create a new buffer object for this piece of data. */ - - DataBuffer *db; - int i,l; - - if (s->size == 0 && length > 0 && buffer[0] >= 32 && buffer[0] < 128) { - /* Not an SSL record, treat entire buffer as plaintext */ - PR_Write(PR_STDOUT,buffer,length); - return; - } - - - check_integrity(s); - - i = 0; - l = length; - - db = PR_NEW(struct _DataBuffer); - - db->buffer = (unsigned char*)PR_Malloc(length); - db->length = length; - db->offset = 0; - memcpy(db->buffer, buffer, length); - db->next = NULL; - - /* now, add it to the stream */ - - if (s->last != NULL) s->last->next = db; - s->last = db; - s->size += length; - if (s->first == NULL) s->first = db; - - check_integrity(s); - - /*------------------------------------------------------- */ - /* now we look at the stream to see if we have enough data to - decode */ - - while (s->size > 0 ) { - unsigned char *tbuf = NULL; - - SSLRecord sr; - unsigned alloclen; - unsigned recordsize; - - check_integrity(s); - - if ( s->first == NULL) { - PR_fprintf(PR_STDOUT,"ERROR: s->first is null\n"); - exit(9); - } - - /* in the case of an SSL 2 client-hello (which is all ssltap supports) */ - /* will have the high-bit set, whereas an SSL 3 client-hello will not */ - /* SSL2 can also send records that begin with the high bit clear. - * This code will incorrectly handle them. XXX - */ - if (isV2Session || s->first->buffer[s->first->offset] & 0x80) { - /* it's an SSL 2 packet */ - unsigned char lenbuf[3]; - - /* first, we check if there's enough data for it to be an SSL2-type - * record. What a pain.*/ - if (s->size < sizeof lenbuf) { - partial_packet(length, s->size, sizeof lenbuf); - return; - } - - /* read the first two bytes off the stream. */ - read_stream_bytes(lenbuf, s, sizeof(lenbuf)); - alloclen = ((unsigned int)(lenbuf[0] & 0x7f) << 8) + lenbuf[1] + - ((lenbuf[0] & 0x80) ? 2 : 3); - PR_fprintf(PR_STDOUT, "alloclen = %u bytes\n", alloclen); - - /* put 'em back on the head of the stream. */ - db = PR_NEW(struct _DataBuffer); - - db->length = sizeof lenbuf; - db->buffer = (unsigned char*) PR_Malloc(db->length); - db->offset = 0; - memcpy(db->buffer, lenbuf, sizeof lenbuf); - - db->next = s->first; - s->first = db; - if (s->last == NULL) - s->last = db; - s->size += db->length; - - /* if there wasn't enough, go back for more. */ - if (s->size < alloclen) { - check_integrity(s); - partial_packet(length, s->size, alloclen); - return; - } - partial_packet(length, s->size, alloclen); - - /* read in the whole record. */ - tbuf = PR_Malloc(alloclen); - read_stream_bytes(tbuf, s, alloclen); - - print_sslv2(s, tbuf, alloclen); - PR_FREEIF(tbuf); - check_integrity(s); - - continue; - } - - /***********************************************************/ - /* It's SSL v3 */ - /***********************************************************/ - check_integrity(s); - - if (s->size < sizeof(SSLRecord)) { - partial_packet(length, s->size, sizeof(SSLRecord)); - return; - } - - read_stream_bytes((unsigned char *)&sr, s, sizeof sr); - - /* we have read the stream bytes. Look at the length of - the ssl record. If we don't have enough data to satisfy this - request, then put the bytes we just took back at the head - of the queue */ - recordsize = GET_SHORT(sr.length); - - if (recordsize > s->size) { - db = PR_NEW(struct _DataBuffer); - - db->length = sizeof sr; - db->buffer = (unsigned char*) PR_Malloc(db->length); - db->offset = 0; - memcpy(db->buffer, &sr, sizeof sr); - db->next = s->first; - - /* now, add it back on to the head of the stream */ - - s->first = db; - if (s->last == NULL) - s->last = db; - s->size += db->length; - - check_integrity(s); - partial_packet(length, s->size, recordsize); - return; - } - partial_packet(length, s->size, recordsize); - - - PR_fprintf(PR_STDOUT,"SSLRecord { [%s]\n", get_time_string() ); - if (sslhexparse) { - print_hex(5,(unsigned char*)&sr); - } - - check_integrity(s); - - PR_fprintf(PR_STDOUT," type = %d (",sr.type); - switch(sr.type) { - case 20 : - PR_fprintf(PR_STDOUT,"change_cipher_spec)\n"); - break; - case 21 : - PR_fprintf(PR_STDOUT,"alert)\n"); - break; - case 22 : - PR_fprintf(PR_STDOUT,"handshake)\n"); - break; - case 23 : - PR_fprintf(PR_STDOUT,"application_data)\n"); - break; - default: - PR_fprintf(PR_STDOUT,"unknown)\n"); - break; - } - PR_fprintf(PR_STDOUT," version = { %d,%d }\n", - (PRUint32)sr.ver_maj,(PRUint32)sr.ver_min); - PR_fprintf(PR_STDOUT," length = %d (0x%x)\n", - (PRUint32)GET_SHORT(sr.length), (PRUint32)GET_SHORT(sr.length)); - - - alloclen = recordsize; - PR_ASSERT(s->size >= alloclen); - if (s->size >= alloclen) { - tbuf = (unsigned char*) PR_Malloc(alloclen); - read_stream_bytes(tbuf, s, alloclen); - - if (s->isEncrypted) { - PR_fprintf(PR_STDOUT," < encrypted >\n"); - } else - - switch(sr.type) { - case 20 : /* change_cipher_spec */ - if (sslhexparse) print_hex(alloclen,tbuf); - s->isEncrypted = 1; /* mark to say we can only dump hex form now on */ - break; - - case 21 : /* alert */ - switch(tbuf[0]) { - case 1: PR_fprintf(PR_STDOUT, " warning: "); break; - case 2: PR_fprintf(PR_STDOUT, " fatal: "); break; - default: PR_fprintf(PR_STDOUT, " unknown level %d: ", tbuf[0]); break; - } - - switch(tbuf[1]) { - case 0: PR_fprintf(PR_STDOUT, "close notify\n"); break; - case 10: PR_fprintf(PR_STDOUT, "unexpected message\n"); break; - case 20: PR_fprintf(PR_STDOUT, "bad record mac\n"); break; - case 21: PR_fprintf(PR_STDOUT, "decryption failed\n"); break; - case 22: PR_fprintf(PR_STDOUT, "record overflow\n"); break; - case 30: PR_fprintf(PR_STDOUT, "decompression failure\n"); break; - case 40: PR_fprintf(PR_STDOUT, "handshake failure\n"); break; - case 41: PR_fprintf(PR_STDOUT, "no certificate\n"); break; - case 42: PR_fprintf(PR_STDOUT, "bad certificate\n"); break; - case 43: PR_fprintf(PR_STDOUT, "unsupported certificate\n"); break; - case 44: PR_fprintf(PR_STDOUT, "certificate revoked\n"); break; - case 45: PR_fprintf(PR_STDOUT, "certificate expired\n"); break; - case 46: PR_fprintf(PR_STDOUT, "certificate unknown\n"); break; - case 47: PR_fprintf(PR_STDOUT, "illegal parameter\n"); break; - case 48: PR_fprintf(PR_STDOUT, "unknown CA\n"); break; - case 49: PR_fprintf(PR_STDOUT, "access denied\n"); break; - case 50: PR_fprintf(PR_STDOUT, "decode error\n"); break; - case 51: PR_fprintf(PR_STDOUT, "decrypt error\n"); break; - case 60: PR_fprintf(PR_STDOUT, "export restriction\n"); break; - case 70: PR_fprintf(PR_STDOUT, "protocol version\n"); break; - case 71: PR_fprintf(PR_STDOUT, "insufficient security\n"); break; - case 80: PR_fprintf(PR_STDOUT, "internal error\n"); break; - case 90: PR_fprintf(PR_STDOUT, "user canceled\n"); break; - case 100: PR_fprintf(PR_STDOUT, "no renegotiation\n"); break; - default: PR_fprintf(PR_STDOUT, "unknown error %d\n", tbuf[1]); break; - } - - if (sslhexparse) print_hex(alloclen,tbuf); - break; - - case 22 : /* handshake */ - print_ssl3_handshake( tbuf, alloclen, &sr ); - break; - - case 23 : /* application data */ - default: - print_hex(alloclen,tbuf); - break; - } - } - PR_fprintf(PR_STDOUT,"}\n"); - PR_FREEIF(tbuf); - check_integrity(s); - } -} - -void print_hex(int amt, unsigned char *buf) { - int i,j,k; - char *string = (char*)PR_Malloc(5000); - char t[20]; - - - for(i=0;i<amt;i++) { - t[1] =0; - - if (i%16 ==0) { /* if we are at the beginning of a line */ - PR_fprintf(PR_STDOUT,"%4x:",i); /* print the line number */ - strcpy(string,""); - } - - if (i%4 == 0) { - PR_fprintf(PR_STDOUT," "); - } - - t[0] = buf[i]; - - if (!isprint(t[0])) { - t[0] = '.'; - } - if (fancy) { - switch (t[0]) { - case '<': - strcpy(t,"<"); - break; - case '>': - strcpy(t,">"); - break; - case '&': - strcpy(t,"&"); - break; - } - } - strcat(string,t); - - PR_fprintf(PR_STDOUT,"%02x ",(PRUint8) buf[i]); - - /* if we've reached the end of the line - add the string */ - if (i%16 == 15) PR_fprintf(PR_STDOUT," | %s\n",string); - } - /* we reached the end of the buffer,*/ - /* do we have buffer left over? */ - j = i%16; - if (j > 0) { - for (k=0;k<(16-j);k++) PR_fprintf(PR_STDOUT," "); - PR_fprintf(PR_STDOUT," |%s\n",string); - } - PR_Free(string); -} - -void Usage(void) { - PR_fprintf(PR_STDERR, "SSLTAP (C) 1997, 1998 Netscape Communications Corporation.\n"); - PR_fprintf(PR_STDERR, "Usage: ssltap [-vhfsxl] [-p port] hostname:port\n"); - PR_fprintf(PR_STDERR, " -v [prints version string]\n"); - PR_fprintf(PR_STDERR, " -h [outputs hex instead of ASCII]\n"); - PR_fprintf(PR_STDERR, " -f [turn on Fancy HTML coloring]\n"); - PR_fprintf(PR_STDERR, " -s [turn on SSL decoding]\n"); - PR_fprintf(PR_STDERR, " -x [turn on extra SSL hex dumps]\n"); - PR_fprintf(PR_STDERR, " -p port [specify rendezvous port (default 1924)]\n"); - PR_fprintf(PR_STDERR, " -l [loop - continue to wait for more connections]\n"); - - -} - -void -showErr(const char * msg) { - PRErrorCode err = PR_GetError(); - const char * errString; - - if (err == PR_UNKNOWN_ERROR) - err = PR_CONNECT_RESET_ERROR; /* bug in NSPR. */ - errString = SECU_Strerror(err); - - if (!errString) - errString = "(no text available)"; - PR_fprintf(PR_STDERR, "Error %d: %s: %s", err, errString, msg); -} - -int main(int argc, char *argv[]) -{ - char *hostname=NULL; - PRUint16 rendport=DEFPORT,port; - PRHostEnt hp; - PRStatus r; - PRNetAddr na_client,na_server,na_rend; - PRFileDesc *s_server,*s_client,*s_rend; /*rendezvous */ - char netdbbuf[PR_NETDB_BUF_SIZE]; - int c_count=0; - PLOptState *optstate; - PLOptStatus status; - - optstate = PL_CreateOptState(argc,argv,"fvxhslp:"); - while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) { - switch (optstate->option) { - case 'f': - fancy++; - break; - case 'h': - hexparse++; - break; - case 'v': - PR_fprintf(PR_STDOUT,"Version: %s\n",VERSIONSTRING); - break; - case 's': - sslparse++; - break; - case 'x': - sslhexparse++; - break; - case 'l': - looparound++; - break; - case 'p': - rendport = atoi(optstate->value); - break; - case '\0': - hostname = PL_strdup(optstate->value); - } - } - if (status == PL_OPT_BAD) - Usage(); - - if (fancy) { - if (!hexparse && !sslparse) { - PR_fprintf(PR_STDERR, -"Note: use of -f without -s or -h not recommended, \n" -"as the output looks a little strange. It may be useful, however\n"); - } - } - - if(! hostname ) Usage(), exit(2); - - { - char *colon = (char *)strchr(hostname, ':'); - if (!colon) { - PR_fprintf(PR_STDERR, - "You must specify the host AND port you wish to connect to\n"); - Usage(), exit(3); - } - port = atoi(&colon[1]); - *colon = '\0'; - - if (port == 0) { - PR_fprintf(PR_STDERR, "Port must be a nonzero number.\n"); - exit(4); - } - } - - /* find the 'server' IP address so we don't have to look it up later */ - - if (fancy) { - PR_fprintf(PR_STDOUT,"<HTML><HEAD><TITLE>SSLTAP output</TITLE></HEAD>\n"); - PR_fprintf(PR_STDOUT,"<BODY><PRE>\n"); - } - PR_fprintf(PR_STDERR,"Looking up \"%s\"...\n", hostname); - r = PR_GetHostByName(hostname,netdbbuf,PR_NETDB_BUF_SIZE,&hp); - if (r) { - showErr("Host Name lookup failed\n"); - exit(5); - } - - PR_EnumerateHostEnt(0,&hp,0,&na_server); - PR_InitializeNetAddr(PR_IpAddrNull,port,&na_server); - /* set up the port which the client will connect to */ - - r = PR_InitializeNetAddr(PR_IpAddrAny,rendport,&na_rend); - if (r == PR_FAILURE) { - PR_fprintf(PR_STDERR, - "PR_InitializeNetAddr(,%d,) failed with error %d\n",PR_GetError()); - exit(0); - } - - - s_rend = PR_NewTCPSocket(); - if (!s_rend) { - showErr("Couldn't create socket\n"); - exit(6); - } - - if (PR_Bind(s_rend, &na_rend )) { - PR_fprintf(PR_STDERR,"Couldn't bind to port %d (error %d)\n",rendport, PR_GetError()); - exit(-1); - } - - if ( PR_Listen(s_rend, 5)) { - showErr("Couldn't listen\n"); - exit(-1); - } - - PR_fprintf(PR_STDERR,"Proxy socket ready and listening\n"); - do { /* accept one connection and process it. */ - PRPollDesc pds[2]; - - s_client = PR_Accept(s_rend,&na_client,PR_SecondsToInterval(3600)); - if (s_client == NULL) { - showErr("accept timed out\n"); - exit(7); - } - - s_server = PR_NewTCPSocket(); - if (s_server == NULL) { - showErr("couldn't open new socket to connect to server \n"); - exit(8); - } - - r = PR_Connect(s_server,&na_server,PR_SecondsToInterval(5)); - - if ( r == PR_FAILURE ) - { - showErr("Couldn't connect\n"); - return -1; - } - - if (looparound) { - if (fancy) PR_fprintf(PR_STDOUT,"<p><HR><H2>"); - PR_fprintf(PR_STDOUT,"Connection #%d [%s]\n", c_count+1, - get_time_string()); - if (fancy) PR_fprintf(PR_STDOUT,"</H2>"); - } - - - PR_fprintf(PR_STDOUT,"Connected to %s:%d\n", hostname, port); - -#define PD_C 0 -#define PD_S 1 - - pds[PD_C].fd = s_client; - pds[PD_S].fd = s_server; - pds[PD_C].in_flags = PR_POLL_READ; - pds[PD_S].in_flags = PR_POLL_READ; - - /* make sure the new connections don't start out encrypted. */ - clientstream.isEncrypted = 0; - serverstream.isEncrypted = 0; - isV2Session = 0; - - while( (pds[PD_C].in_flags & PR_POLL_READ) != 0 || - (pds[PD_S].in_flags & PR_POLL_READ) != 0 ) - { /* Handle all messages on the connection */ - PRInt32 amt; - PRInt32 wrote; - unsigned char buffer[ TAPBUFSIZ ]; - - amt = PR_Poll(pds,2,PR_INTERVAL_NO_TIMEOUT); - if (amt <= 0) { - if (amt) - showErr( "PR_Poll failed.\n"); - else - showErr( "PR_Poll timed out.\n"); - break; - } - - if (pds[PD_C].out_flags & PR_POLL_EXCEPT) { - showErr( "Exception on client-side socket.\n"); - break; - } - - if (pds[PD_S].out_flags & PR_POLL_EXCEPT) { - showErr( "Exception on server-side socket.\n"); - break; - } - - -/* read data, copy it to stdout, and write to other socket */ - - if ((pds[PD_C].in_flags & PR_POLL_READ) != 0 && - (pds[PD_C].out_flags & PR_POLL_READ) != 0 ) { - - amt = PR_Read(s_client, buffer, sizeof(buffer)); - - if ( amt < 0) { - showErr( "Client socket read failed.\n"); - break; - } - - if( amt == 0 ) { - PR_fprintf(PR_STDOUT, "Read EOF on Client socket. [%s]\n", - get_time_string() ); - pds[PD_C].in_flags &= ~PR_POLL_READ; - PR_Shutdown(s_server, PR_SHUTDOWN_SEND); - continue; - } - - PR_fprintf(PR_STDOUT,"--> [\n"); - if (fancy) PR_fprintf(PR_STDOUT,"<font color=blue>"); - - if (hexparse) print_hex(amt, buffer); - if (sslparse) print_ssl(&clientstream,amt,buffer); - if (!hexparse && !sslparse) PR_Write(PR_STDOUT,buffer,amt); - if (fancy) PR_fprintf(PR_STDOUT,"</font>"); - PR_fprintf(PR_STDOUT,"]\n"); - - wrote = PR_Write(s_server, buffer, amt); - if (wrote != amt ) { - if (wrote < 0) { - showErr("Write to server socket failed.\n"); - break; - } else { - PR_fprintf(PR_STDERR, "Short write to server socket!\n"); - } - } - } /* end of read from client socket. */ - -/* read data, copy it to stdout, and write to other socket */ - if ((pds[PD_S].in_flags & PR_POLL_READ) != 0 && - (pds[PD_S].out_flags & PR_POLL_READ) != 0 ) { - - amt = PR_Read(s_server, buffer, sizeof(buffer)); - - if ( amt < 0) { - showErr( "error on server-side socket.\n"); - break; - } - - if( amt == 0 ) { - PR_fprintf(PR_STDOUT, "Read EOF on Server socket. [%s]\n", - get_time_string() ); - pds[PD_S].in_flags &= ~PR_POLL_READ; - PR_Shutdown(s_client, PR_SHUTDOWN_SEND); - continue; - } - - PR_fprintf(PR_STDOUT,"<-- [\n"); - if (fancy) PR_fprintf(PR_STDOUT,"<font color=red>"); - if (hexparse) print_hex(amt, (unsigned char *)buffer); - if (sslparse) print_ssl(&serverstream,amt,(unsigned char *)buffer); - if (!hexparse && !sslparse) PR_Write(PR_STDOUT,buffer,amt); - if (fancy) PR_fprintf(PR_STDOUT,"</font>"); - PR_fprintf(PR_STDOUT,"]\n"); - - - wrote = PR_Write(s_client, buffer, amt); - if (wrote != amt ) { - if (wrote < 0) { - showErr("Write to client socket failed.\n"); - break; - } else { - PR_fprintf(PR_STDERR, "Short write to client socket!\n"); - } - } - - } /* end of read from server socket. */ - -/* Loop, handle next message. */ - - } /* handle messages during a connection loop */ - PR_Close(s_client); - PR_Close(s_server); - flush_stream(&clientstream); - flush_stream(&serverstream); - - c_count++; - PR_fprintf(PR_STDERR,"Connection %d Complete [%s]\n", c_count, - get_time_string() ); - } while (looparound); /* accept connection and process it. */ - PR_Close(s_rend); - return 0; -} diff --git a/security/nss/cmd/strsclnt/Makefile b/security/nss/cmd/strsclnt/Makefile deleted file mode 100644 index 4e39ffc3f..000000000 --- a/security/nss/cmd/strsclnt/Makefile +++ /dev/null @@ -1,75 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - -include ../platlibs.mk - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - - -include ../platrules.mk - diff --git a/security/nss/cmd/strsclnt/manifest.mn b/security/nss/cmd/strsclnt/manifest.mn deleted file mode 100644 index e54345f6d..000000000 --- a/security/nss/cmd/strsclnt/manifest.mn +++ /dev/null @@ -1,47 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# -CORE_DEPTH = ../../.. - -DEFINES += -DNSPR20 - -# MODULE public and private header directories are implicitly REQUIRED. -MODULE = nss - -CSRCS = strsclnt.c - -# the MODULE above is always implicitly REQUIREd -REQUIRES = seccmd dbm - -PROGRAM = strsclnt -# PROGRAM = ./$(OBJDIR)/strsclnt.exe - diff --git a/security/nss/cmd/strsclnt/strsclnt.c b/security/nss/cmd/strsclnt/strsclnt.c deleted file mode 100644 index 81972d139..000000000 --- a/security/nss/cmd/strsclnt/strsclnt.c +++ /dev/null @@ -1,1350 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ -#include <stdio.h> -#include <string.h> - -#include "secutil.h" - -#if defined(XP_UNIX) -#include <unistd.h> -#endif -#include <stdlib.h> -#if !defined(_WIN32_WCE) -#include <errno.h> -#include <fcntl.h> -#endif -#include <stdarg.h> - -#include "plgetopt.h" - -#include "nspr.h" -#include "prio.h" -#include "prnetdb.h" -#include "prerror.h" - -#include "pk11func.h" -#include "secitem.h" -#include "sslproto.h" -#include "nss.h" -#include "ssl.h" - -#ifndef PORT_Sprintf -#define PORT_Sprintf sprintf -#endif - -#ifndef PORT_Strstr -#define PORT_Strstr strstr -#endif - -#ifndef PORT_Malloc -#define PORT_Malloc PR_Malloc -#endif - -#define RD_BUF_SIZE (60 * 1024) - -/* Include these cipher suite arrays to re-use tstclnt's - * cipher selection code. - */ - -int ssl2CipherSuites[] = { - SSL_EN_RC4_128_WITH_MD5, /* A */ - SSL_EN_RC4_128_EXPORT40_WITH_MD5, /* B */ - SSL_EN_RC2_128_CBC_WITH_MD5, /* C */ - SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5, /* D */ - SSL_EN_DES_64_CBC_WITH_MD5, /* E */ - SSL_EN_DES_192_EDE3_CBC_WITH_MD5, /* F */ -#ifdef NSS_ENABLE_ECC - /* NOTE: Since no new SSL2 ciphersuites are being - * invented, and we've run out of lowercase letters - * for SSL3 ciphers, we use letters G and beyond - * for new SSL3 ciphers. - */ - TLS_ECDH_ECDSA_WITH_NULL_SHA, /* G */ - TLS_ECDH_ECDSA_WITH_RC4_128_SHA, /* H */ - TLS_ECDH_ECDSA_WITH_DES_CBC_SHA, /* I */ - TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, /* J */ - TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, /* K */ - TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, /* L */ - TLS_ECDH_RSA_WITH_NULL_SHA, /* M */ - TLS_ECDH_RSA_WITH_RC4_128_SHA, /* N */ - TLS_ECDH_RSA_WITH_DES_CBC_SHA, /* O */ - TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, /* P */ - TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, /* Q */ - TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, /* R */ - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, /* S */ - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, /* T */ -#endif /* NSS_ENABLE_ECC */ - 0 -}; - -int ssl3CipherSuites[] = { - SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA, /* a */ - SSL_FORTEZZA_DMS_WITH_RC4_128_SHA, /* b */ - SSL_RSA_WITH_RC4_128_MD5, /* c */ - SSL_RSA_WITH_3DES_EDE_CBC_SHA, /* d */ - SSL_RSA_WITH_DES_CBC_SHA, /* e */ - SSL_RSA_EXPORT_WITH_RC4_40_MD5, /* f */ - SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, /* g */ - SSL_FORTEZZA_DMS_WITH_NULL_SHA, /* h */ - SSL_RSA_WITH_NULL_MD5, /* i */ - SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, /* j */ - SSL_RSA_FIPS_WITH_DES_CBC_SHA, /* k */ - TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, /* l */ - TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, /* m */ - SSL_RSA_WITH_RC4_128_SHA, /* n */ - TLS_DHE_DSS_WITH_RC4_128_SHA, /* o */ - SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, /* p */ - SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, /* q */ - SSL_DHE_RSA_WITH_DES_CBC_SHA, /* r */ - SSL_DHE_DSS_WITH_DES_CBC_SHA, /* s */ - TLS_DHE_DSS_WITH_AES_128_CBC_SHA, /* t */ - TLS_DHE_RSA_WITH_AES_128_CBC_SHA, /* u */ - TLS_RSA_WITH_AES_128_CBC_SHA, /* v */ - TLS_DHE_DSS_WITH_AES_256_CBC_SHA, /* w */ - TLS_DHE_RSA_WITH_AES_256_CBC_SHA, /* x */ - TLS_RSA_WITH_AES_256_CBC_SHA, /* y */ - 0 -}; - -/* This global string is so that client main can see - * which ciphers to use. - */ - -static const char *cipherString; - -static int certsTested; -static int MakeCertOK; -static int NoReuse; -static PRBool NoDelay; -static PRBool QuitOnTimeout = PR_FALSE; - -static SSL3Statistics * ssl3stats; - -static int failed_already = 0; -static PRBool disableSSL3 = PR_FALSE; -static PRBool disableTLS = PR_FALSE; - - -char * ownPasswd( PK11SlotInfo *slot, PRBool retry, void *arg) -{ - char *passwd = NULL; - - if ( (!retry) && arg ) { - passwd = PL_strdup((char *)arg); - } - - return passwd; -} - -int stopping; -int verbose; -SECItem bigBuf; - -#define PRINTF if (verbose) printf -#define FPRINTF if (verbose) fprintf - -static void -Usage(const char *progName) -{ - fprintf(stderr, - "Usage: %s [-n nickname] [-p port] [-d dbdir] [-c connections]\n" - " [-3DNTovq] [-2 filename]\n" - " [-w dbpasswd] [-C cipher(s)] [-t threads] hostname\n" - " where -v means verbose\n" - " -o means override server certificate validation\n" - " -D means no TCP delays\n" - " -q means quit when server gone (timeout rather than retry forever)\n" - " -N means no session reuse\n", - progName); - exit(1); -} - - -static void -errWarn(char * funcString) -{ - PRErrorCode perr = PR_GetError(); - const char * errString = SECU_Strerror(perr); - - fprintf(stderr, "strsclnt: %s returned error %d:\n%s\n", - funcString, perr, errString); -} - -static void -errExit(char * funcString) -{ - errWarn(funcString); - exit(1); -} - -/************************************************************************** -** -** Routines for disabling SSL ciphers. -** -**************************************************************************/ - -void -disableAllSSLCiphers(void) -{ - const PRUint16 *cipherSuites = SSL_ImplementedCiphers; - int i = SSL_NumImplementedCiphers; - SECStatus rv; - - /* disable all the SSL3 cipher suites */ - while (--i >= 0) { - PRUint16 suite = cipherSuites[i]; - rv = SSL_CipherPrefSetDefault(suite, PR_FALSE); - if (rv != SECSuccess) { - printf("SSL_CipherPrefSetDefault didn't like value 0x%04x (i = %d)\n", - suite, i); - errWarn("SSL_CipherPrefSetDefault"); - exit(2); - } - } -} - -static SECStatus -myGoodSSLAuthCertificate(void *arg, PRFileDesc *fd, PRBool checkSig, - PRBool isServer) -{ - return SECSuccess; -} - -/* This invokes the "default" AuthCert handler in libssl. -** The only reason to use this one is that it prints out info as it goes. -*/ -static SECStatus -mySSLAuthCertificate(void *arg, PRFileDesc *fd, PRBool checkSig, - PRBool isServer) -{ - SECStatus rv; - CERTCertificate * peerCert; - - peerCert = SSL_PeerCertificate(fd); - - PRINTF("strsclnt: Subject: %s\nstrsclnt: Issuer : %s\n", - peerCert->subjectName, peerCert->issuerName); - /* invoke the "default" AuthCert handler. */ - rv = SSL_AuthCertificate(arg, fd, checkSig, isServer); - - ++certsTested; - if (rv == SECSuccess) { - fputs("strsclnt: -- SSL: Server Certificate Validated.\n", stderr); - } - CERT_DestroyCertificate(peerCert); - /* error, if any, will be displayed by the Bad Cert Handler. */ - return rv; -} - -static SECStatus -myBadCertHandler( void *arg, PRFileDesc *fd) -{ - int err = PR_GetError(); - if (!MakeCertOK) - fprintf(stderr, - "strsclnt: -- SSL: Server Certificate Invalid, err %d.\n%s\n", - err, SECU_Strerror(err)); - return (MakeCertOK ? SECSuccess : SECFailure); -} - -void -printSecurityInfo(PRFileDesc *fd) -{ - CERTCertificate * cert = NULL; - SSL3Statistics * ssl3stats = SSL_GetStatistics(); - SECStatus result; - SSLChannelInfo channel; - SSLCipherSuiteInfo suite; - - static int only_once; - - if (only_once && verbose < 2) - return; - only_once = 1; - - result = SSL_GetChannelInfo(fd, &channel, sizeof channel); - if (result == SECSuccess && - channel.length == sizeof channel && - channel.cipherSuite) { - result = SSL_GetCipherSuiteInfo(channel.cipherSuite, - &suite, sizeof suite); - if (result == SECSuccess) { - FPRINTF(stderr, - "strsclnt: SSL version %d.%d using %d-bit %s with %d-bit %s MAC\n", - channel.protocolVersion >> 8, channel.protocolVersion & 0xff, - suite.effectiveKeyBits, suite.symCipherName, - suite.macBits, suite.macAlgorithmName); - FPRINTF(stderr, - "strsclnt: Server Auth: %d-bit %s, Key Exchange: %d-bit %s\n", - channel.authKeyBits, suite.authAlgorithmName, - channel.keaKeyBits, suite.keaTypeName); - } - } - - cert = SSL_LocalCertificate(fd); - if (!cert) - cert = SSL_PeerCertificate(fd); - - if (verbose && cert) { - char * ip = CERT_NameToAscii(&cert->issuer); - char * sp = CERT_NameToAscii(&cert->subject); - if (sp) { - fprintf(stderr, "strsclnt: subject DN: %s\n", sp); - PORT_Free(sp); - } - if (ip) { - fprintf(stderr, "strsclnt: issuer DN: %s\n", ip); - PORT_Free(ip); - } - } - if (cert) { - CERT_DestroyCertificate(cert); - cert = NULL; - } - fprintf(stderr, - "strsclnt: %ld cache hits; %ld cache misses, %ld cache not reusable\n", - ssl3stats->hsh_sid_cache_hits, - ssl3stats->hsh_sid_cache_misses, - ssl3stats->hsh_sid_cache_not_ok); - -} - -/************************************************************************** -** Begin thread management routines and data. -**************************************************************************/ - -#define MAX_THREADS 128 - -typedef int startFn(void *a, void *b, int c); - -PRLock * threadLock; -PRCondVar * threadStartQ; -PRCondVar * threadEndQ; - -int numUsed; -int numRunning; -PRInt32 numConnected; -int max_threads = 8; /* default much less than max. */ - -typedef enum { rs_idle = 0, rs_running = 1, rs_zombie = 2 } runState; - -typedef struct perThreadStr { - void * a; - void * b; - int c; - int rv; - startFn * startFunc; - PRThread * prThread; - PRBool inUse; - runState running; -} perThread; - -perThread threads[MAX_THREADS]; - -void -thread_wrapper(void * arg) -{ - perThread * slot = (perThread *)arg; - - /* wait for parent to finish launching us before proceeding. */ - PR_Lock(threadLock); - PR_Unlock(threadLock); - - slot->rv = (* slot->startFunc)(slot->a, slot->b, slot->c); - - /* Handle cleanup of thread here. */ - PRINTF("strsclnt: Thread in slot %d returned %d\n", - slot - threads, slot->rv); - - PR_Lock(threadLock); - slot->running = rs_idle; - --numRunning; - - /* notify the thread launcher. */ - PR_NotifyCondVar(threadStartQ); - - PR_Unlock(threadLock); -} - -SECStatus -launch_thread( - startFn * startFunc, - void * a, - void * b, - int c) -{ - perThread * slot; - int i; - - if (!threadStartQ) { - threadLock = PR_NewLock(); - threadStartQ = PR_NewCondVar(threadLock); - threadEndQ = PR_NewCondVar(threadLock); - } - PR_Lock(threadLock); - while (numRunning >= max_threads) { - PR_WaitCondVar(threadStartQ, PR_INTERVAL_NO_TIMEOUT); - } - for (i = 0; i < numUsed; ++i) { - if (threads[i].running == rs_idle) - break; - } - if (i >= numUsed) { - if (i >= MAX_THREADS) { - /* something's really wrong here. */ - PORT_Assert(i < MAX_THREADS); - PR_Unlock(threadLock); - return SECFailure; - } - ++numUsed; - PORT_Assert(numUsed == i + 1); - } - - slot = threads + i; - slot->a = a; - slot->b = b; - slot->c = c; - - slot->startFunc = startFunc; - - slot->prThread = PR_CreateThread(PR_USER_THREAD, - thread_wrapper, slot, - PR_PRIORITY_NORMAL, PR_GLOBAL_THREAD, - PR_UNJOINABLE_THREAD, 0); - if (slot->prThread == NULL) { - PR_Unlock(threadLock); - printf("strsclnt: Failed to launch thread!\n"); - return SECFailure; - } - - slot->inUse = 1; - slot->running = 1; - ++numRunning; - PR_Unlock(threadLock); - PRINTF("strsclnt: Launched thread in slot %d \n", i); - - return SECSuccess; -} - -/* Wait until numRunning == 0 */ -int -reap_threads(void) -{ - perThread * slot; - int i; - - if (!threadLock) - return 0; - PR_Lock(threadLock); - while (numRunning > 0) { - PR_WaitCondVar(threadStartQ, PR_INTERVAL_NO_TIMEOUT); - } - - /* Safety Sam sez: make sure count is right. */ - for (i = 0; i < numUsed; ++i) { - slot = threads + i; - if (slot->running != rs_idle) { - FPRINTF(stderr, "strsclnt: Thread in slot %d is in state %d!\n", - i, slot->running); - } - } - PR_Unlock(threadLock); - return 0; -} - -void -destroy_thread_data(void) -{ - PORT_Memset(threads, 0, sizeof threads); - - if (threadEndQ) { - PR_DestroyCondVar(threadEndQ); - threadEndQ = NULL; - } - if (threadStartQ) { - PR_DestroyCondVar(threadStartQ); - threadStartQ = NULL; - } - if (threadLock) { - PR_DestroyLock(threadLock); - threadLock = NULL; - } -} - -/************************************************************************** -** End thread management routines. -**************************************************************************/ - -PRBool useModelSocket = PR_TRUE; - -static const char stopCmd[] = { "GET /stop " }; -static const char outHeader[] = { - "HTTP/1.0 200 OK\r\n" - "Server: Netscape-Enterprise/2.0a\r\n" - "Date: Tue, 26 Aug 1997 22:10:05 GMT\r\n" - "Content-type: text/plain\r\n" - "\r\n" -}; - -struct lockedVarsStr { - PRLock * lock; - int count; - int waiters; - PRCondVar * condVar; -}; - -typedef struct lockedVarsStr lockedVars; - -void -lockedVars_Init( lockedVars * lv) -{ - lv->count = 0; - lv->waiters = 0; - lv->lock = PR_NewLock(); - lv->condVar = PR_NewCondVar(lv->lock); -} - -void -lockedVars_Destroy( lockedVars * lv) -{ - PR_DestroyCondVar(lv->condVar); - lv->condVar = NULL; - - PR_DestroyLock(lv->lock); - lv->lock = NULL; -} - -void -lockedVars_WaitForDone(lockedVars * lv) -{ - PR_Lock(lv->lock); - while (lv->count > 0) { - PR_WaitCondVar(lv->condVar, PR_INTERVAL_NO_TIMEOUT); - } - PR_Unlock(lv->lock); -} - -int /* returns count */ -lockedVars_AddToCount(lockedVars * lv, int addend) -{ - int rv; - - PR_Lock(lv->lock); - rv = lv->count += addend; - if (rv <= 0) { - PR_NotifyCondVar(lv->condVar); - } - PR_Unlock(lv->lock); - return rv; -} - -int -do_writes( - void * a, - void * b, - int c) -{ - PRFileDesc * ssl_sock = (PRFileDesc *)a; - lockedVars * lv = (lockedVars *)b; - int sent = 0; - int count = 0; - - while (sent < bigBuf.len) { - - count = PR_Write(ssl_sock, bigBuf.data + sent, bigBuf.len - sent); - if (count < 0) { - errWarn("PR_Write bigBuf"); - break; - } - FPRINTF(stderr, "strsclnt: PR_Write wrote %d bytes from bigBuf\n", - count ); - sent += count; - } - if (count >= 0) { /* last write didn't fail. */ - PR_Shutdown(ssl_sock, PR_SHUTDOWN_SEND); - } - - /* notify the reader that we're done. */ - lockedVars_AddToCount(lv, -1); - return (sent < bigBuf.len) ? SECFailure : SECSuccess; -} - -int -handle_fdx_connection( PRFileDesc * ssl_sock, int connection) -{ - SECStatus result; - int firstTime = 1; - int countRead = 0; - lockedVars lv; - char *buf; - - - lockedVars_Init(&lv); - lockedVars_AddToCount(&lv, 1); - - /* Attempt to launch the writer thread. */ - result = launch_thread(do_writes, ssl_sock, &lv, connection); - - if (result != SECSuccess) - goto cleanup; - - buf = PR_Malloc(RD_BUF_SIZE); - - if (buf) { - do { - /* do reads here. */ - PRInt32 count; - - count = PR_Read(ssl_sock, buf, RD_BUF_SIZE); - if (count < 0) { - errWarn("PR_Read"); - break; - } - countRead += count; - FPRINTF(stderr, - "strsclnt: connection %d read %d bytes (%d total).\n", - connection, count, countRead ); - if (firstTime) { - firstTime = 0; - printSecurityInfo(ssl_sock); - } - } while (lockedVars_AddToCount(&lv, 0) > 0); - PR_Free(buf); - buf = 0; - } - - /* Wait for writer to finish */ - lockedVars_WaitForDone(&lv); - lockedVars_Destroy(&lv); - - FPRINTF(stderr, - "strsclnt: connection %d read %d bytes total. -----------------------\n", - connection, countRead); - -cleanup: - /* Caller closes the socket. */ - - return SECSuccess; -} - -const char request[] = {"GET /abc HTTP/1.0\r\n\r\n" }; - -SECStatus -handle_connection( PRFileDesc *ssl_sock, int connection) -{ - int countRead = 0; - PRInt32 rv; - char *buf; - - buf = PR_Malloc(RD_BUF_SIZE); - if (!buf) - return SECFailure; - - /* compose the http request here. */ - - rv = PR_Write(ssl_sock, request, strlen(request)); - if (rv <= 0) { - errWarn("PR_Write"); - PR_Free(buf); - buf = 0; - failed_already = 1; - return SECFailure; - } - printSecurityInfo(ssl_sock); - - /* read until EOF */ - while (1) { - rv = PR_Read(ssl_sock, buf, RD_BUF_SIZE); - if (rv == 0) { - break; /* EOF */ - } - if (rv < 0) { - errWarn("PR_Read"); - break; - } - - countRead += rv; - FPRINTF(stderr, "strsclnt: connection %d read %d bytes (%d total).\n", - connection, rv, countRead ); - } - PR_Free(buf); - buf = 0; - - /* Caller closes the socket. */ - - FPRINTF(stderr, - "strsclnt: connection %d read %d bytes total. -----------------------\n", - connection, countRead); - - return SECSuccess; /* success */ -} - -/* one copy of this function is launched in a separate thread for each -** connection to be made. -*/ -int -do_connects( - void * a, - void * b, - int connection) -{ - PRNetAddr * addr = (PRNetAddr *) a; - PRFileDesc * model_sock = (PRFileDesc *) b; - PRFileDesc * ssl_sock = 0; - PRFileDesc * tcp_sock = 0; - PRStatus prStatus; - PRUint32 sleepInterval = 50; /* milliseconds */ - SECStatus result; - int rv = SECSuccess; - PRSocketOptionData opt; - -retry: - - tcp_sock = PR_NewTCPSocket(); - if (tcp_sock == NULL) { - errExit("PR_NewTCPSocket"); - } - - opt.option = PR_SockOpt_Nonblocking; - opt.value.non_blocking = PR_FALSE; - prStatus = PR_SetSocketOption(tcp_sock, &opt); - if (prStatus != PR_SUCCESS) { - errWarn("PR_SetSocketOption(PR_SockOpt_Nonblocking, PR_FALSE)"); - PR_Close(tcp_sock); - return SECSuccess; - } - - if (NoDelay) { - opt.option = PR_SockOpt_NoDelay; - opt.value.no_delay = PR_TRUE; - prStatus = PR_SetSocketOption(tcp_sock, &opt); - if (prStatus != PR_SUCCESS) { - errWarn("PR_SetSocketOption(PR_SockOpt_NoDelay, PR_TRUE)"); - PR_Close(tcp_sock); - return SECSuccess; - } - } - - prStatus = PR_Connect(tcp_sock, addr, PR_INTERVAL_NO_TIMEOUT); - if (prStatus != PR_SUCCESS) { - PRErrorCode err = PR_GetError(); - if ((err == PR_CONNECT_REFUSED_ERROR) || - (err == PR_CONNECT_RESET_ERROR) ) { - int connections = numConnected; - - PR_Close(tcp_sock); - if (connections > 2 && max_threads >= connections) { - max_threads = connections - 1; - fprintf(stderr,"max_threads set down to %d\n", max_threads); - } - if (QuitOnTimeout && sleepInterval > 40000) { - fprintf(stderr, - "strsclnt: Client timed out waiting for connection to server.\n"); - exit(1); - } - PR_Sleep(PR_MillisecondsToInterval(sleepInterval)); - sleepInterval <<= 1; - goto retry; - } - errWarn("PR_Connect"); - rv = SECFailure; - goto done; - } - - ssl_sock = SSL_ImportFD(model_sock, tcp_sock); - /* XXX if this import fails, close tcp_sock and return. */ - if (!ssl_sock) { - PR_Close(tcp_sock); - return SECSuccess; - } - - rv = SSL_ResetHandshake(ssl_sock, /* asServer */ 0); - if (rv != SECSuccess) { - errWarn("SSL_ResetHandshake"); - goto done; - } - - PR_AtomicIncrement(&numConnected); - - if (bigBuf.data != NULL) { - result = handle_fdx_connection( ssl_sock, connection); - } else { - result = handle_connection( ssl_sock, connection); - } - - PR_AtomicDecrement(&numConnected); - -done: - if (ssl_sock) { - PR_Close(ssl_sock); - } else if (tcp_sock) { - PR_Close(tcp_sock); - } - return SECSuccess; -} - -/* Returns IP address for hostname as PRUint32 in Host Byte Order. -** Since the value returned is an integer (not a string of bytes), -** it is inherently in Host Byte Order. -*/ -PRUint32 -getIPAddress(const char * hostName) -{ - const unsigned char *p; - PRStatus prStatus; - PRUint32 rv; - PRHostEnt prHostEnt; - char scratch[PR_NETDB_BUF_SIZE]; - - prStatus = PR_GetHostByName(hostName, scratch, sizeof scratch, &prHostEnt); - if (prStatus != PR_SUCCESS) - errExit("PR_GetHostByName"); - -#undef h_addr -#define h_addr h_addr_list[0] /* address, for backward compatibility */ - - p = (const unsigned char *)(prHostEnt.h_addr); /* in Network Byte order */ - FPRINTF(stderr, "strsclnt: %s -> %d.%d.%d.%d\n", hostName, - p[0], p[1], p[2], p[3]); - rv = (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]; - return rv; -} - -typedef struct { - PRLock* lock; - char* nickname; - CERTCertificate* cert; - SECKEYPrivateKey* key; - char* password; -} cert_and_key; - -PRBool FindCertAndKey(cert_and_key* Cert_And_Key) -{ - if ( (NULL == Cert_And_Key->nickname) || (0 == strcmp(Cert_And_Key->nickname,"none"))) { - return PR_TRUE; - } - Cert_And_Key->cert = CERT_FindUserCertByUsage(CERT_GetDefaultCertDB(), - Cert_And_Key->nickname, certUsageSSLClient, - PR_FALSE, Cert_And_Key->password); - if (Cert_And_Key->cert) { - Cert_And_Key->key = PK11_FindKeyByAnyCert(Cert_And_Key->cert, Cert_And_Key->password); - } - if (Cert_And_Key->cert && Cert_And_Key->key) { - return PR_TRUE; - } else { - return PR_FALSE; - } -} - -PRBool LoggedIn(CERTCertificate* cert, SECKEYPrivateKey* key) -{ - if ( (cert->slot) && (key->pkcs11Slot) && - (PR_TRUE == PK11_IsLoggedIn(cert->slot, NULL)) && - (PR_TRUE == PK11_IsLoggedIn(key->pkcs11Slot, NULL)) ) { - return PR_TRUE; - } - - return PR_FALSE; -} - -SECStatus -StressClient_GetClientAuthData(void * arg, - PRFileDesc * socket, - struct CERTDistNamesStr * caNames, - struct CERTCertificateStr ** pRetCert, - struct SECKEYPrivateKeyStr **pRetKey) -{ - cert_and_key* Cert_And_Key = (cert_and_key*) arg; - - if (!pRetCert || !pRetKey) { - /* bad pointers, can't return a cert or key */ - return SECFailure; - } - - *pRetCert = NULL; - *pRetKey = NULL; - - if (Cert_And_Key && Cert_And_Key->nickname) { - while (PR_TRUE) { - if (Cert_And_Key && Cert_And_Key->lock) { - int timeout = 0; - SECStatus rv = SECSuccess; - PR_Lock(Cert_And_Key->lock); - - if (Cert_And_Key->cert) { - *pRetCert = CERT_DupCertificate(Cert_And_Key->cert); - } - - if (Cert_And_Key->key) { - *pRetKey = SECKEY_CopyPrivateKey(Cert_And_Key->key); - } - PR_Unlock(Cert_And_Key->lock); - if (!*pRetCert || !*pRetKey) { - /* one or both of them failed to copy. Either the source was NULL, or there was - an out of memory condition. Free any allocated copy and fail */ - if (*pRetCert) { - CERT_DestroyCertificate(*pRetCert); - *pRetCert = NULL; - } - if (*pRetKey) { - SECKEY_DestroyPrivateKey(*pRetKey); - *pRetKey = NULL; - } - break; - } - /* now check if those objects are valid */ - if ( PR_FALSE == LoggedIn(*pRetCert, *pRetKey) ) { - /* token is no longer logged in, it was removed */ - int timeout = 0; - CERTCertificate* oldcert = NULL; - SECKEYPrivateKey* oldkey = NULL; - - /* first, delete and clear our invalid local objects */ - CERT_DestroyCertificate(*pRetCert); - SECKEY_DestroyPrivateKey(*pRetKey); - *pRetCert = NULL; - *pRetKey = NULL; - - PR_Lock(Cert_And_Key->lock); - /* check if another thread already logged back in */ - if (PR_TRUE == LoggedIn(Cert_And_Key->cert, Cert_And_Key->key)) { - /* yes : try again */ - PR_Unlock(Cert_And_Key->lock); - continue; - } - /* this is the thread to retry */ - CERT_DestroyCertificate(Cert_And_Key->cert); - SECKEY_DestroyPrivateKey(Cert_And_Key->key); - Cert_And_Key->cert = NULL; - Cert_And_Key->key = NULL; - - - /* now look up the cert and key again */ - while (PR_FALSE == FindCertAndKey(Cert_And_Key) ) { - PR_Sleep(PR_SecondsToInterval(1)); - timeout++; - if (timeout>=60) { - printf("\nToken pulled and not reinserted early enough : aborting.\n"); - exit(1); - } - } - PR_Unlock(Cert_And_Key->lock); - continue; - /* try again to reduce code size */ - } - return SECSuccess; - } - } - *pRetCert = NULL; - *pRetKey = NULL; - return SECFailure; - } else { - /* no cert configured, automatically find the right cert. */ - CERTCertificate * cert = NULL; - SECKEYPrivateKey * privkey = NULL; - CERTCertNicknames * names; - int i; - void * proto_win; - SECStatus rv = SECFailure; - - if (Cert_And_Key) { - proto_win = Cert_And_Key->password; - } - - names = CERT_GetCertNicknames(CERT_GetDefaultCertDB(), - SEC_CERT_NICKNAMES_USER, proto_win); - if (names != NULL) { - for (i = 0; i < names->numnicknames; i++) { - cert = CERT_FindUserCertByUsage(CERT_GetDefaultCertDB(), - names->nicknames[i], certUsageSSLClient, - PR_FALSE, proto_win); - if ( !cert ) - continue; - /* Only check unexpired certs */ - if (CERT_CheckCertValidTimes(cert, PR_Now(), PR_TRUE) != - secCertTimeValid ) { - CERT_DestroyCertificate(cert); - continue; - } - rv = NSS_CmpCertChainWCANames(cert, caNames); - if ( rv == SECSuccess ) { - privkey = PK11_FindKeyByAnyCert(cert, proto_win); - if ( privkey ) - break; - } - rv = SECFailure; - CERT_DestroyCertificate(cert); - } - CERT_FreeNicknames(names); - } - if (rv == SECSuccess) { - *pRetCert = cert; - *pRetKey = privkey; - } - return rv; - } -} - -void -client_main( - unsigned short port, - int connections, - cert_and_key* Cert_And_Key, - const char * hostName) -{ - PRFileDesc *model_sock = NULL; - int i; - int rv; - PRUint32 ipAddress; /* in host byte order */ - PRNetAddr addr; - - /* Assemble NetAddr struct for connections. */ - ipAddress = getIPAddress(hostName); - - addr.inet.family = PR_AF_INET; - addr.inet.port = PR_htons(port); - addr.inet.ip = PR_htonl(ipAddress); - - /* all suites except RSA_NULL_MD5 are enabled by Domestic Policy */ - NSS_SetDomesticPolicy(); - - /* all the SSL2 and SSL3 cipher suites are enabled by default. */ - if (cipherString) { - int ndx; - - /* disable all the ciphers, then enable the ones we want. */ - disableAllSSLCiphers(); - - while (0 != (ndx = *cipherString++)) { - int *cptr; - int cipher; - - if (! isalpha(ndx)) - Usage("strsclnt"); - cptr = islower(ndx) ? ssl3CipherSuites : ssl2CipherSuites; - for (ndx &= 0x1f; (cipher = *cptr++) != 0 && --ndx > 0; ) - /* do nothing */; - if (cipher) { - SECStatus rv; - rv = SSL_CipherPrefSetDefault(cipher, PR_TRUE); - if (rv != SECSuccess) { - fprintf(stderr, - "strsclnt: SSL_CipherPrefSetDefault failed with value 0x%04x\n", - cipher); - exit(1); - } - } - } - } - - /* configure model SSL socket. */ - - model_sock = PR_NewTCPSocket(); - if (model_sock == NULL) { - errExit("PR_NewTCPSocket on model socket"); - } - - model_sock = SSL_ImportFD(NULL, model_sock); - if (model_sock == NULL) { - errExit("SSL_ImportFD"); - } - - /* do SSL configuration. */ - - rv = SSL_OptionSet(model_sock, SSL_SECURITY, 1); - if (rv < 0) { - errExit("SSL_OptionSet SSL_SECURITY"); - } - - rv = SSL_OptionSet(model_sock, SSL_ENABLE_SSL3, !disableSSL3); - if (rv != SECSuccess) { - errExit("error enabling SSLv3 "); - } - - rv = SSL_OptionSet(model_sock, SSL_ENABLE_TLS, !disableTLS); - if (rv != SECSuccess) { - errExit("error enabling TLS "); - } - - if (bigBuf.data) { /* doing FDX */ - rv = SSL_OptionSet(model_sock, SSL_ENABLE_FDX, 1); - if (rv < 0) { - errExit("SSL_OptionSet SSL_ENABLE_FDX"); - } - } - - if (NoReuse) { - rv = SSL_OptionSet(model_sock, SSL_NO_CACHE, 1); - if (rv < 0) { - errExit("SSL_OptionSet SSL_NO_CACHE"); - } - } - - SSL_SetURL(model_sock, hostName); - - SSL_AuthCertificateHook(model_sock, mySSLAuthCertificate, - (void *)CERT_GetDefaultCertDB()); - SSL_BadCertHook(model_sock, myBadCertHandler, NULL); - - SSL_GetClientAuthDataHook(model_sock, StressClient_GetClientAuthData, (void*)Cert_And_Key); - - /* I'm not going to set the HandshakeCallback function. */ - - /* end of ssl configuration. */ - - i = 1; - if (!NoReuse) { - rv = launch_thread(do_connects, &addr, model_sock, i); - --connections; - ++i; - /* wait for the first connection to terminate, then launch the rest. */ - reap_threads(); - } - if (connections > 0) { - /* Start up the connections */ - do { - rv = launch_thread(do_connects, &addr, model_sock, i); - ++i; - } while (--connections > 0); - reap_threads(); - } - destroy_thread_data(); - - PR_Close(model_sock); -} - -SECStatus -readBigFile(const char * fileName) -{ - PRFileInfo info; - PRStatus status; - SECStatus rv = SECFailure; - int count; - int hdrLen; - PRFileDesc *local_file_fd = NULL; - - status = PR_GetFileInfo(fileName, &info); - - if (status == PR_SUCCESS && - info.type == PR_FILE_FILE && - info.size > 0 && - NULL != (local_file_fd = PR_Open(fileName, PR_RDONLY, 0))) { - - hdrLen = PORT_Strlen(outHeader); - bigBuf.len = hdrLen + info.size; - bigBuf.data = PORT_Malloc(bigBuf.len + 4095); - if (!bigBuf.data) { - errWarn("PORT_Malloc"); - goto done; - } - - PORT_Memcpy(bigBuf.data, outHeader, hdrLen); - - count = PR_Read(local_file_fd, bigBuf.data + hdrLen, info.size); - if (count != info.size) { - errWarn("PR_Read local file"); - goto done; - } - rv = SECSuccess; -done: - PR_Close(local_file_fd); - } - return rv; -} - -int -main(int argc, char **argv) -{ - const char * dir = "."; - const char * fileName = NULL; - char * hostName = NULL; - char * nickName = NULL; - char * progName = NULL; - char * tmp = NULL; - char * passwd = NULL; - int connections = 1; - int exitVal; - int tmpInt; - unsigned short port = 443; - SECStatus rv; - PLOptState * optstate; - PLOptStatus status; - cert_and_key Cert_And_Key; - - /* Call the NSPR initialization routines */ - PR_Init( PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1); - - tmp = strrchr(argv[0], '/'); - tmp = tmp ? tmp + 1 : argv[0]; - progName = strrchr(tmp, '\\'); - progName = progName ? progName + 1 : tmp; - - - optstate = PL_CreateOptState(argc, argv, "2:3C:DNTc:d:n:op:qt:vw:"); - while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) { - switch(optstate->option) { - - case '2': fileName = optstate->value; break; - - case '3': disableSSL3 = PR_TRUE; break; - - case 'C': cipherString = optstate->value; break; - - case 'D': NoDelay = PR_TRUE; break; - - case 'N': NoReuse = 1; break; - - case 'T': disableTLS = PR_TRUE; break; - - case 'c': connections = PORT_Atoi(optstate->value); break; - - case 'd': dir = optstate->value; break; - - case 'n': nickName = PL_strdup(optstate->value); break; - - case 'o': MakeCertOK = 1; break; - - case 'p': port = PORT_Atoi(optstate->value); break; - - case 'q': QuitOnTimeout = PR_TRUE; break; - - case 't': - tmpInt = PORT_Atoi(optstate->value); - if (tmpInt > 0 && tmpInt < MAX_THREADS) - max_threads = tmpInt; - break; - - case 'v': verbose++; break; - - case 'w': passwd = PL_strdup(optstate->value); break; - - case 0: /* positional parameter */ - if (hostName) { - Usage(progName); - } - hostName = PL_strdup(optstate->value); - break; - - default: - case '?': - Usage(progName); - break; - - } - } - if (!hostName || status == PL_OPT_BAD) - Usage(progName); - - if (port == 0) - Usage(progName); - - if (fileName) - readBigFile(fileName); - - /* set our password function */ - if ( passwd ) { - PK11_SetPasswordFunc(ownPasswd); - } else { - PK11_SetPasswordFunc(SECU_GetModulePassword); - } - - /* Call the libsec initialization routines */ - rv = NSS_Initialize(dir, "", "", SECMOD_DB, NSS_INIT_READONLY); - if (rv != SECSuccess) { - fputs("NSS_Init failed.\n", stderr); - exit(1); - } - ssl3stats = SSL_GetStatistics(); - Cert_And_Key.lock = PR_NewLock(); - Cert_And_Key.nickname = nickName; - Cert_And_Key.password = passwd; - Cert_And_Key.cert = NULL; - Cert_And_Key.key = NULL; - - if (PR_FALSE == FindCertAndKey(&Cert_And_Key)) { - - if (Cert_And_Key.cert == NULL) { - fprintf(stderr, "strsclnt: Can't find certificate %s\n", Cert_And_Key.nickname); - exit(1); - } - - if (Cert_And_Key.key == NULL) { - fprintf(stderr, "strsclnt: Can't find Private Key for cert %s\n", - Cert_And_Key.nickname); - exit(1); - } - - } - - client_main(port, connections, &Cert_And_Key, hostName); - - /* clean up */ - if (Cert_And_Key.cert) { - CERT_DestroyCertificate(Cert_And_Key.cert); - } - if (Cert_And_Key.key) { - SECKEY_DestroyPrivateKey(Cert_And_Key.key); - } - PR_DestroyLock(Cert_And_Key.lock); - - /* some final stats. */ - if (ssl3stats->hsh_sid_cache_hits + ssl3stats->hsh_sid_cache_misses + - ssl3stats->hsh_sid_cache_not_ok == 0) { - /* presumably we were testing SSL2. */ - printf("strsclnt: %d server certificates tested.\n", certsTested); - } else { - printf( - "strsclnt: %ld cache hits; %ld cache misses, %ld cache not reusable\n", - ssl3stats->hsh_sid_cache_hits, - ssl3stats->hsh_sid_cache_misses, - ssl3stats->hsh_sid_cache_not_ok); - } - - if (!NoReuse) - exitVal = (ssl3stats->hsh_sid_cache_misses > 1) || - (ssl3stats->hsh_sid_cache_not_ok != 0) || - (certsTested > 1); - else - exitVal = (ssl3stats->hsh_sid_cache_misses != connections) || - (certsTested != connections); - - exitVal = ( exitVal || failed_already ); - SSL_ClearSessionCache(); - if (NSS_Shutdown() != SECSuccess) { - exit(1); - } - - PR_Cleanup(); - return exitVal; -} - diff --git a/security/nss/cmd/swfort/Makefile b/security/nss/cmd/swfort/Makefile deleted file mode 100644 index a5b4350a6..000000000 --- a/security/nss/cmd/swfort/Makefile +++ /dev/null @@ -1,108 +0,0 @@ -#! gmake -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. - -CORE_DEPTH = ../../.. - -include manifest.mn -include $(CORE_DEPTH)/coreconf/config.mk - -# $(NULL) - - -INCLUDES += \ - -I$(DIST)/../public/security \ - -I$(DIST)/../private/security \ - -I$(DEPTH)/security/lib/cert \ - -I$(DEPTH)/security/lib/key \ - -I$(DEPTH)/security/lib/util \ - -I./include \ - $(NULL) - - -# For the time being, sec stuff is export only -# US_FLAGS = -DEXPORT_VERSION -DUS_VERSION - -US_FLAGS = -DEXPORT_VERSION -EXPORT_FLAGS = -DEXPORT_VERSION - -BASE_LIBS = \ - $(DIST)/lib/libdbm.$(LIB_SUFFIX) \ - $(DIST)/lib/libxp.$(LIB_SUFFIX) \ - $(DIST)/lib/libnspr.$(LIB_SUFFIX) \ - $(NULL) - -# $(DIST)/lib/libpurenspr.$(LIB_SUFFIX) \ - -#There are a circular dependancies in security/lib, and we deal with it by -# double linking some libraries -SEC_LIBS = \ - $(DIST)/lib/libsecnav.$(LIB_SUFFIX) \ - $(DIST)/lib/libssl.$(LIB_SUFFIX) \ - $(DIST)/lib/libpkcs7.$(LIB_SUFFIX) \ - $(DIST)/lib/libcert.$(LIB_SUFFIX) \ - $(DIST)/lib/libkey.$(LIB_SUFFIX) \ - $(DIST)/lib/libsecmod.$(LIB_SUFFIX) \ - $(DIST)/lib/libcrypto.$(LIB_SUFFIX) \ - $(DIST)/lib/libsecutil.$(LIB_SUFFIX) \ - $(DIST)/lib/libssl.$(LIB_SUFFIX) \ - $(DIST)/lib/libpkcs7.$(LIB_SUFFIX) \ - $(DIST)/lib/libcert.$(LIB_SUFFIX) \ - $(DIST)/lib/libkey.$(LIB_SUFFIX) \ - $(DIST)/lib/libsecmod.$(LIB_SUFFIX) \ - $(DIST)/lib/libcrypto.$(LIB_SUFFIX) \ - $(DIST)/lib/libsecutil.$(LIB_SUFFIX) \ - $(DIST)/lib/libhash.$(LIB_SUFFIX) \ - $(NULL) - -MYLIB = lib/$(OBJDIR)/libsectool.$(LIB_SUFFIX) - -US_LIBS = $(MYLIB) $(SEC_LIBS) $(BASE_LIBS) $(MYLIB) $(BASE_LIBS) -EX_LIBS = $(MYLIB) $(SEC_LIBS) $(BASE_LIBS) $(MYLIB) $(BASE_LIBS) - -REQUIRES = libxp nspr security - -CSRCS = $(EXEC_SRCS) $(BI_SRCS) - -OBJS = $(CSRCS:.c=.o) $(BI_SRCS:.c=-us.o) $(BI_SRCS:.c=-ex.o) - -PROGS = $(addprefix $(OBJDIR)/, $(EXEC_SRCS:.c=$(BIN_SUFFIX))) -US_PROGS = $(addprefix $(OBJDIR)/, $(BI_SRCS:.c=-us$(BIN_SUFFIX))) -EX_PROGS = $(addprefix $(OBJDIR)/, $(BI_SRCS:.c=-ex$(BIN_SUFFIX))) - - -NON_DIRS = $(PROGS) $(US_PROGS) $(EX_PROGS) -TARGETS = $(NON_DIRS) - -include $(CORE_DEPTH)/coreconf/rules.mk - -symbols:: - @echo "TARGETS = $(TARGETS)" diff --git a/security/nss/cmd/swfort/instinit/Makefile b/security/nss/cmd/swfort/instinit/Makefile deleted file mode 100644 index f912d54cd..000000000 --- a/security/nss/cmd/swfort/instinit/Makefile +++ /dev/null @@ -1,75 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - -include ../../platlibs.mk - - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - - -include ../../platrules.mk diff --git a/security/nss/cmd/swfort/instinit/instinit.c b/security/nss/cmd/swfort/instinit/instinit.c deleted file mode 100644 index 8b8b86c81..000000000 --- a/security/nss/cmd/swfort/instinit/instinit.c +++ /dev/null @@ -1,421 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ -#include <stdio.h> - -#include "prio.h" -#include "seccomon.h" -#include "swforti.h" -#include "cert.h" -#include "pk11func.h" -#include "nss.h" -#include "secutil.h" - -#define CERTDB_VALID_CA (1<<3) -#define CERTDB_TRUSTED_CA (1<<4) /* trusted for issuing server certs */ - -void secmod_GetInternalModule(SECMODModule *module); -void sec_SetCheckKRLState(int i); - -#define STEP 16 -void -printItem(SECItem *key) { - int i; - unsigned char *block; - int len; - for (block=key->data,len=key->len; len > 0; len -= STEP,block += STEP) { - for(i=0; i < STEP && i < len; i++) printf(" %02x ",block[i]); - printf("\n"); - } - printf("\n"); -} - -void -dump(unsigned char *block, int len) { - int i; - for (; len > 0; len -= STEP,block += STEP) { - for(i=0; i < STEP && i < len; i++) printf(" %02x ",block[i]); - printf("\n"); - } - printf("\n"); -} - - -/* - * We need to move this to security/cmd .. so we can use the password - * prompting infrastructure. - */ -char *GetUserInput(char * prompt) -{ - char phrase[200]; - - fprintf(stderr, "%s", prompt); - fflush (stderr); - - fgets ((char*) phrase, sizeof(phrase), stdin); - - /* stomp on newline */ - phrase[PORT_Strlen((char*)phrase)-1] = 0; - - /* Validate password */ - return (char*) PORT_Strdup((char*)phrase); -} - -void ClearPass(char *pass) { - PORT_Memset(pass,0,strlen(pass)); - PORT_Free(pass); -} - -char * -formatDERIssuer(FORTSWFile *file,SECItem *derIssuer) -{ - CERTName name; - SECStatus rv; - - PORT_Memset(&name,0,sizeof(name));; - rv = SEC_ASN1DecodeItem(file->arena,&name,CERT_NameTemplate,derIssuer); - if (rv != SECSuccess) { - return NULL; - } - return CERT_NameToAscii(&name); -} - -#define NETSCAPE_INIT_FILE "nsswft.swf" - -char *getDefaultTarget(void) -{ - char *fname = NULL; - char *home = NULL; - static char unix_home[512]; - - /* first try to get it from the environment */ - fname = getenv("SW_FORTEZZA_FILE"); - if (fname != NULL) { - return PORT_Strdup(fname); - } - -#ifdef XP_UNIX - home = getenv("HOME"); - if (home) { - strncpy(unix_home,home, sizeof(unix_home)-sizeof("/.netscape/"NETSCAPE_INIT_FILE)); - strcat(unix_home,"/.netscape/"NETSCAPE_INIT_FILE); - return unix_home; - } -#endif -#ifdef XP_WIN - home = getenv("windir"); - if (home) { - strncpy(unix_home,home, sizeof(unix_home)-sizeof("\\"NETSCAPE_INIT_FILE)); - strcat(unix_home,"\\"NETSCAPE_INIT_FILE); - return unix_home; - } -#endif - return (NETSCAPE_INIT_FILE); -} - -void -usage(char *prog) { - fprintf(stderr,"usage: %s [-v][-f][-t transport_pass][-u user_pass][-o output_file] source_file\n",prog); - exit(1); -} - -int main(int argc, char ** argv) -{ - - FORTSignedSWFile * swfile; - int size; - SECItem file; - char *progname = *argv++; - char *filename = NULL; - char *outname = NULL; - char *cp; - int verbose = 0; - int force = 0; - CERTCertDBHandle *certhandle = NULL; - CERTCertificate *cert; - CERTCertTrust *trust; - char * pass; - SECStatus rv; - int i; - int64 now; /* XXXX */ - char *issuer; - char *transport_pass = NULL; - char *user_pass = NULL; - SECItem *outItem = NULL; - PRFileDesc *fd; - PRFileInfo info; - PRStatus prv; - - - - - /* put better argument parsing here */ - while ((cp = *argv++) != NULL) { - if (*cp == '-') { - while (*++cp) { - switch (*cp) { - /* verbose mode */ - case 'v': - verbose++; - break; - /* explicitly set the target */ - case 'o': - outname = *argv++; - break; - case 'f': - /* skip errors in signatures without prompts */ - force++; - break; - case 't': - /* provide password on command line */ - transport_pass = *argv++; - break; - case 'u': - /* provide user password on command line */ - user_pass = *argv++; - break; - default: - usage(progname); - break; - } - } - } else if (filename) { - usage(progname); - } else { - filename = cp; - } - } - - if (filename == NULL) usage(progname); - if (outname == NULL) outname = getDefaultTarget(); - - - now = PR_Now(); - /* read the file in */ - fd = PR_Open(filename,PR_RDONLY,0); - if (fd == NULL) { - fprintf(stderr,"%s: couldn't open file \"%s\".\n",progname,filename); - exit(1); - } - - prv = PR_GetOpenFileInfo(fd,&info); - if (prv != PR_SUCCESS) { - fprintf(stderr,"%s: couldn't get info on file \"%s\".\n", - progname,filename); - exit(1); - } - - size = info.size; - - file.data = malloc(size); - file.len = size; - - file.len = PR_Read(fd,file.data,file.len); - if (file.len < 0) { - fprintf(stderr,"%s: couldn't read file \"%s\".\n",progname, filename); - exit(1); - } - - PR_Close(fd); - - /* Parse the file */ - swfile = FORT_GetSWFile(&file); - if (swfile == NULL) { - fprintf(stderr, - "%s: File \"%s\" not a valid FORTEZZA initialization file.\n", - progname,filename); - exit(1); - } - - issuer = formatDERIssuer(&swfile->file,&swfile->file.derIssuer); - if (issuer == NULL) { - issuer = "<Invalid Issuer DER>"; - } - - if (verbose) { - printf("Processing file %s ....\n",filename); - printf(" Version %ld\n",DER_GetInteger(&swfile->file.version)); - printf(" Issuer: %s\n",issuer); - printf(" Serial Number: "); - for (i=0; i < (int)swfile->file.serialID.len; i++) { - printf(" %02x",swfile->file.serialID.data[i]); - } - printf("\n"); - } - - - /* Check the Initalization phrase and save Kinit */ - if (!transport_pass) { - pass = SECU_GetPasswordString(NULL,"Enter the Initialization Memphrase:"); - transport_pass = pass; - } - rv = FORT_CheckInitPhrase(swfile,transport_pass); - if (rv != SECSuccess) { - fprintf(stderr, - "%s: Invalid Initialization Memphrase for file \"%s\".\n", - progname,filename); - exit(1); - } - - /* Check the user or init phrase and save Ks, use Kinit to unwrap the - * remaining data. */ - if (!user_pass) { - pass = SECU_GetPasswordString(NULL,"Enter the User Memphrase or the User PIN:"); - user_pass = pass; - } - rv = FORT_CheckUserPhrase(swfile,user_pass); - if (rv != SECSuccess) { - fprintf(stderr,"%s: Invalid User Memphrase or PIN for file \"%s\".\n", - progname,filename); - exit(1); - } - - NSS_NoDB_Init(NULL); - sec_SetCheckKRLState(1); - certhandle = CERT_GetDefaultCertDB(); - - /* now dump the certs into the temparary data base */ - for (i=0; swfile->file.slotEntries[i]; i++) { - int trusted = 0; - SECItem *derCert = FORT_GetDERCert(swfile, - swfile->file.slotEntries[i]->certIndex); - - if (derCert == NULL) { - if (verbose) { - printf(" Cert %02d: %s \"%s\" \n", - swfile->file.slotEntries[i]->certIndex, - "untrusted", "Couldn't decrypt Cert"); - } - continue; - } - cert = CERT_NewTempCertificate(certhandle, derCert, NULL, - PR_FALSE, PR_TRUE); - if (cert == NULL) { - if (verbose) { - printf(" Cert %02d: %s \"%s\" \n", - swfile->file.slotEntries[i]->certIndex, - "untrusted", "Couldn't decode Cert"); - } - continue; - } - if (swfile->file.slotEntries[i]->trusted.data[0]) { - /* Add TRUST */ - trust = PORT_ArenaAlloc(cert->arena,sizeof(CERTCertTrust)); - if (trust != NULL) { - trust->sslFlags = CERTDB_VALID_CA|CERTDB_TRUSTED_CA; - trust->emailFlags = CERTDB_VALID_CA|CERTDB_TRUSTED_CA; - trust->objectSigningFlags = CERTDB_VALID_CA|CERTDB_TRUSTED_CA; - cert->trust = trust; - trusted++; - } - } - if (verbose) { - printf(" Cert %02d: %s \"%s\" \n", - swfile->file.slotEntries[i]->certIndex, - trusted?" trusted ":"untrusted", - CERT_NameToAscii(&cert->subject)); - } - } - - fflush(stdout); - - - cert = CERT_FindCertByName(certhandle,&swfile->file.derIssuer); - if (cert == NULL) { - fprintf(stderr,"%s: Couldn't find signer certificate \"%s\".\n", - progname,issuer); - rv = SECFailure; - goto noverify; - } - rv = CERT_VerifySignedData(&swfile->signatureWrap,cert, now, NULL); - if (rv != SECSuccess) { - fprintf(stderr, - "%s: Couldn't verify the signature on file \"%s\" with certificate \"%s\".\n", - progname,filename,issuer); - goto noverify; - } - rv = CERT_VerifyCert(certhandle, cert, PR_TRUE, certUsageSSLServer, - now ,NULL,NULL); - /* not an normal cert, see if it's a CA? */ - if (rv != SECSuccess) { - rv = CERT_VerifyCert(certhandle, cert, PR_TRUE, certUsageAnyCA, - now ,NULL,NULL); - } - if (rv != SECSuccess) { - fprintf(stderr,"%s: Couldn't verify the signer certificate \"%s\".\n", - progname,issuer); - goto noverify; - } - -noverify: - if (rv != SECSuccess) { - if (!force) { - pass = GetUserInput( - "Signature verify failed, continue without verification? "); - if (!(pass && ((*pass == 'Y') || (*pass == 'y')))) { - exit(1); - } - } - } - - - /* now write out the modified init file for future use */ - outItem = FORT_PutSWFile(swfile); - if (outItem == NULL) { - fprintf(stderr,"%s: Couldn't format target init file.\n", - progname); - goto noverify; - } - - if (verbose) { - printf("writing modified file out to \"%s\".\n",outname); - } - - /* now write it out */ - fd = PR_Open(outname,PR_WRONLY|PR_CREATE_FILE|PR_TRUNCATE,0700); - if (fd == NULL) { - fprintf(stderr,"%s: couldn't open file \"%s\".\n",progname,outname); - exit(1); - } - - file.len = PR_Write(fd,outItem->data,outItem->len); - if (file.len < 0) { - fprintf(stderr,"%s: couldn't read file \"%s\".\n",progname, filename); - exit(1); - } - - PR_Close(fd); - - exit(0); - return (0); -} - diff --git a/security/nss/cmd/swfort/instinit/manifest.mn b/security/nss/cmd/swfort/instinit/manifest.mn deleted file mode 100644 index 8380f4246..000000000 --- a/security/nss/cmd/swfort/instinit/manifest.mn +++ /dev/null @@ -1,46 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# -CORE_DEPTH = ../../../.. - -DEFINES += -DNSPR20 - -MODULE = nss - -CSRCS = instinit.c - -REQUIRES = nspr dbm seccmd - -PROGRAM = instinit -# PROGRAM = ./$(OBJDIR)/selfserv.exe - -USE_STATIC_LIBS = 1 diff --git a/security/nss/cmd/swfort/manifest.mn b/security/nss/cmd/swfort/manifest.mn deleted file mode 100644 index aaacd83e8..000000000 --- a/security/nss/cmd/swfort/manifest.mn +++ /dev/null @@ -1,38 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# -CORE_DEPTH = ../../.. - -REQUIRES = nss seccmd dbm - - -DIRS = instinit newuser diff --git a/security/nss/cmd/swfort/newuser/Makefile b/security/nss/cmd/swfort/newuser/Makefile deleted file mode 100644 index f0a47a0a3..000000000 --- a/security/nss/cmd/swfort/newuser/Makefile +++ /dev/null @@ -1,83 +0,0 @@ -#! gmake -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - -ctmp := $(shell $(MAKE) -C ../../../lib/fortcrypt --no-print-directory cilib_name) -ifeq ($(ctmp), $(patsubst /%,/,$(ctmp))) - CILIB := ../../../lib/fortcrypt/$(ctmp) -else - CILIB := $(ctmp) -endif - -EXTRA_LIBS += $(CILIB) - -include ../../platlibs.mk - - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - -include ../../platrules.mk - diff --git a/security/nss/cmd/swfort/newuser/manifest.mn b/security/nss/cmd/swfort/newuser/manifest.mn deleted file mode 100644 index 4554c69ef..000000000 --- a/security/nss/cmd/swfort/newuser/manifest.mn +++ /dev/null @@ -1,45 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# -CORE_DEPTH = ../../../.. - -DEFINES += -DNSPR20 - -MODULE = nss - -CSRCS = newuser.c mktst.c - -REQUIRES = nspr dbm seccmd - -PROGRAM = newuser - -USE_STATIC_LIBS = 1 diff --git a/security/nss/cmd/swfort/newuser/mktst.c b/security/nss/cmd/swfort/newuser/mktst.c deleted file mode 100644 index 6e111d3dd..000000000 --- a/security/nss/cmd/swfort/newuser/mktst.c +++ /dev/null @@ -1,254 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ -#include <stdio.h> - -#include "prio.h" -#include "swforti.h" -#include "maci.h" -#include "secder.h" -#include "blapi.h" - -void -printkey(char *s, unsigned char *block) { - int i; - printf("%s \n 0x",s); - for(i=0; i < 10; i++) printf("%02x",block[i]); - printf("\n"); -} - -void -printblock(char *s, unsigned char *block) { - int i; - printf("%s \n 0x",s); - for(i=0; i < 8; i++) printf("%02x",block[i]); - printf("\n 0x"); - for(i=8; i < 16; i++) printf("%02x",block[i]); - printf("\n"); -} - - -static char *leafbits="THIS IS NOT LEAF"; - -static void -encryptCertEntry(fortProtectedData *pdata,FORTSkipjackKeyPtr Ks, - unsigned char *data,int len) -{ - unsigned char *dataout; - int enc_len; - /* XXX Make length */ - pdata->dataIV.data = PORT_ZAlloc(24); - pdata->dataIV.len = 24; - PORT_Memcpy(pdata->dataIV.data,leafbits,SKIPJACK_LEAF_SIZE); - fort_GenerateRandom(&pdata->dataIV.data[SKIPJACK_LEAF_SIZE], - SKIPJACK_BLOCK_SIZE); - enc_len = (len + (SKIPJACK_BLOCK_SIZE-1)) & ~(SKIPJACK_BLOCK_SIZE-1); - dataout = pdata->dataEncryptedWithKs.data = PORT_ZAlloc(enc_len); - pdata->dataEncryptedWithKs.len = enc_len; - fort_skipjackEncrypt(Ks,&pdata->dataIV.data[SKIPJACK_LEAF_SIZE], - enc_len, data,dataout); - if (len > 255) { - pdata->length.data = PORT_ZAlloc(2); - pdata->length.data[0] = (len >> 8) & 0xff; - pdata->length.data[1] = len & 0xff; - pdata->length.len = 2; - } else { - pdata->length.data = PORT_ZAlloc(1); - pdata->length.data[0] = len & 0xff; - pdata->length.len = 1; - } - -} - -unsigned char issuer[30] = { 0 }; - -void -makeCertSlot(fortSlotEntry *entry,int index,char *label,SECItem *cert, - FORTSkipjackKeyPtr Ks, unsigned char *xKEA, unsigned char *xDSA, - unsigned char *pubKey, int pubKeyLen, unsigned char *p, unsigned char *q, - unsigned char *g) -{ - unsigned char *key; /* private key */ - - entry->trusted.data = PORT_Alloc(1); - *entry->trusted.data = index == 0 ? 1 : 0; - entry->trusted.len = 1; - entry->certificateIndex.data = PORT_Alloc(1); - *entry->certificateIndex.data = index; - entry->certificateIndex.len = 1; - entry->certIndex = index; - encryptCertEntry(&entry->certificateLabel,Ks, - (unsigned char *)label, strlen(label)); - encryptCertEntry(&entry->certificateData,Ks, cert->data, cert->len); - if (xKEA) { - entry->exchangeKeyInformation = PORT_ZNew(fortKeyInformation); - entry->exchangeKeyInformation->keyFlags.data = PORT_ZAlloc(1); - entry->exchangeKeyInformation->keyFlags.data[0] = 1; - entry->exchangeKeyInformation->keyFlags.len = 1; - key = PORT_Alloc(24); - fort_skipjackWrap(Ks,24,xKEA,key); - entry->exchangeKeyInformation->privateKeyWrappedWithKs.data = key; - entry->exchangeKeyInformation->privateKeyWrappedWithKs.len = 24; - entry->exchangeKeyInformation->derPublicKey.data = pubKey; - entry->exchangeKeyInformation->derPublicKey.len = pubKeyLen; - entry->exchangeKeyInformation->p.data = p; - entry->exchangeKeyInformation->p.len = 128; - entry->exchangeKeyInformation->q.data = q; - entry->exchangeKeyInformation->q.len = 20; - entry->exchangeKeyInformation->g.data = g; - entry->exchangeKeyInformation->g.len = 128; - - entry->signatureKeyInformation = PORT_ZNew(fortKeyInformation); - entry->signatureKeyInformation->keyFlags.data = PORT_ZAlloc(1); - entry->signatureKeyInformation->keyFlags.data[0] = 1; - entry->signatureKeyInformation->keyFlags.len = 1; - key = PORT_Alloc(24); - fort_skipjackWrap(Ks,24,xDSA,key); - entry->signatureKeyInformation->privateKeyWrappedWithKs.data = key; - entry->signatureKeyInformation->privateKeyWrappedWithKs.len = 24; - entry->signatureKeyInformation->derPublicKey.data = pubKey; - entry->signatureKeyInformation->derPublicKey.len = pubKeyLen; - entry->signatureKeyInformation->p.data = p; - entry->signatureKeyInformation->p.len = 128; - entry->signatureKeyInformation->q.data = q; - entry->signatureKeyInformation->q.len = 20; - entry->signatureKeyInformation->g.data = g; - entry->signatureKeyInformation->g.len = 128; - } else { - entry->exchangeKeyInformation = NULL; - entry->signatureKeyInformation = NULL; - } - - return; -} - - -void -makeProtectedPhrase(FORTSWFile *file, fortProtectedPhrase *prot_phrase, - FORTSkipjackKeyPtr Ks, FORTSkipjackKeyPtr Kinit, char *phrase) -{ - SHA1Context *sha; - unsigned char hashout[SHA1_LENGTH]; - FORTSkipjackKey Kfek; - unsigned int len; - unsigned char cw[4]; - unsigned char enc_version[2]; - unsigned char *data = NULL; - int keySize; - int i,version; - char tmp_data[13]; - - if (strlen(phrase) < 12) { - PORT_Memset(tmp_data, ' ', sizeof(tmp_data)); - PORT_Memcpy(tmp_data,phrase,strlen(phrase)); - tmp_data[12] = 0; - phrase = tmp_data; - } - - /* now calculate the PBE key for fortezza */ - sha = SHA1_NewContext(); - SHA1_Begin(sha); - version = DER_GetUInteger(&file->version); - enc_version[0] = (version >> 8) & 0xff; - enc_version[1] = version & 0xff; - SHA1_Update(sha,enc_version,sizeof(enc_version)); - SHA1_Update(sha,file->derIssuer.data, file->derIssuer.len); - SHA1_Update(sha,file->serialID.data, file->serialID.len); - SHA1_Update(sha,(unsigned char *)phrase,strlen(phrase)); - SHA1_End(sha,hashout,&len,SHA1_LENGTH); - PORT_Memcpy(Kfek,hashout,sizeof(FORTSkipjackKey)); - - keySize = sizeof(CI_KEY); - if (Kinit) keySize = SKIPJACK_BLOCK_SIZE*2; - data = PORT_ZAlloc(keySize); - prot_phrase->wrappedKValue.data = data; - prot_phrase->wrappedKValue.len = keySize; - fort_skipjackWrap(Kfek,sizeof(CI_KEY),Ks,data); - - /* first, decrypt the hashed/Encrypted Memphrase */ - data = (unsigned char *) PORT_ZAlloc(SHA1_LENGTH+sizeof(cw)); - - /* now build the hash for comparisons */ - SHA1_Begin(sha); - SHA1_Update(sha,(unsigned char *)phrase,strlen(phrase)); - SHA1_End(sha,hashout,&len,SHA1_LENGTH); - SHA1_DestroyContext(sha,PR_TRUE); - - - /* now calcuate the checkword and compare it */ - cw[0] = cw[1] = cw[2] = cw[3] = 0; - for (i=0; i <5 ; i++) { - cw[0] = cw[0] ^ hashout[i*4]; - cw[1] = cw[1] ^ hashout[i*4+1]; - cw[2] = cw[2] ^ hashout[i*4+2]; - cw[3] = cw[3] ^ hashout[i*4+3]; - } - - PORT_Memcpy(data,hashout,len); - PORT_Memcpy(data+len,cw,sizeof(cw)); - - prot_phrase->memPhraseIV.data = PORT_ZAlloc(24); - prot_phrase->memPhraseIV.len = 24; - PORT_Memcpy(prot_phrase->memPhraseIV.data,leafbits,SKIPJACK_LEAF_SIZE); - fort_GenerateRandom(&prot_phrase->memPhraseIV.data[SKIPJACK_LEAF_SIZE], - SKIPJACK_BLOCK_SIZE); - prot_phrase->kValueIV.data = PORT_ZAlloc(24); - prot_phrase->kValueIV.len = 24; - PORT_Memcpy(prot_phrase->kValueIV.data,leafbits,SKIPJACK_LEAF_SIZE); - fort_GenerateRandom(&prot_phrase->kValueIV.data[SKIPJACK_LEAF_SIZE], - SKIPJACK_BLOCK_SIZE); - fort_skipjackEncrypt(Ks,&prot_phrase->memPhraseIV.data[SKIPJACK_LEAF_SIZE], - len+sizeof(cw), data,data); - - prot_phrase->hashedEncryptedMemPhrase.data = data; - prot_phrase->hashedEncryptedMemPhrase.len = len+sizeof(cw); - - if (Kinit) { - fort_skipjackEncrypt(Kinit, - &prot_phrase->kValueIV.data[SKIPJACK_LEAF_SIZE], - prot_phrase->wrappedKValue.len, - prot_phrase->wrappedKValue.data, - prot_phrase->wrappedKValue.data ); - } - - return; -} - - -void -fill_in(SECItem *item,unsigned char *data, int len) -{ - item->data = PORT_Alloc(len); - PORT_Memcpy(item->data,data,len); - item->len = len; -} - diff --git a/security/nss/cmd/swfort/newuser/newuser.c b/security/nss/cmd/swfort/newuser/newuser.c deleted file mode 100644 index c1b5c311b..000000000 --- a/security/nss/cmd/swfort/newuser/newuser.c +++ /dev/null @@ -1,1132 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ -#include <stdio.h> -#include <fcntl.h> -#include <sys/types.h> -#ifdef XP_UNIX -#include <unistd.h> -#endif -#include "cryptint.h" -#include "blapi.h" /* program calls low level functions directly!*/ -#include "pk11func.h" -#include "secmod.h" -/*#include "secmodi.h"*/ -#include "cert.h" -#include "key.h" -#include "nss.h" -#include "swforti.h" -#include "secutil.h" - -#ifndef O_BINARY -#define O_BINARY 0 -#endif - -#define MAX_PERSONALITIES 50 -typedef struct { - int index; - CI_CERT_STR label; - CERTCertificate *cert; -} certlist; - -typedef struct { - int card; - int index; - CI_CERT_STR label; - certlist valid[MAX_PERSONALITIES]; - int count; -} Cert; - - -#define EMAIL_OID_LEN 9 -#define EMAIL_OID 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01 -unsigned char emailAVA[127] = { - 0x31, 6+EMAIL_OID_LEN, /* Set */ - 0x30, 4+EMAIL_OID_LEN, /* Sequence */ - 0x06, EMAIL_OID_LEN, EMAIL_OID, - 0x13, 0, /* printable String */ -}; -#define EMAIL_DATA_START 8+EMAIL_OID_LEN - -int emailOffset[] = { 1, 3, EMAIL_DATA_START-1 }; -int offsetCount = sizeof(emailOffset)/sizeof(emailOffset[0]); - -unsigned char hash[20] = { 'H', 'a', 's', 'h', ' ', 'F', 'a', 'i', 'l', 'e', - 'd', ' ', '*', '*', '*', '*', '*', '*', '*', '*' }; -unsigned char sig[40] = { 'H', 'a', 's', 'h', ' ', 'F', 'a', 'i', 'l', 'e', - 'd', ' ', '*', '*', '*', '*', '*', '*', '*', '*', - '>', '>', '>', ' ', 'N', 'o', 't', ' ', 'S', 'i', - 'g', 'n', 'd', ' ', '<', '<', '<', ' ', ' ', ' ' }; - - -/*void *malloc(int); */ - -unsigned char *data_start(unsigned char *buf, int length, int *data_length) -{ - unsigned char tag; - int used_length= 0; - - tag = buf[used_length++]; - - /* blow out when we come to the end */ - if (tag == 0) { - return NULL; - } - - *data_length = buf[used_length++]; - - if (*data_length&0x80) { - int len_count = *data_length & 0x7f; - - *data_length = 0; - - while (len_count-- > 0) { - *data_length = (*data_length << 8) | buf[used_length++]; - } - } - - if (*data_length > (length-used_length) ) { - *data_length = length-used_length; - return NULL; - } - - return (buf + used_length); -} - -unsigned char * -GetAbove(unsigned char *cert,int cert_length,int *above_len) -{ - unsigned char *buf = cert; - int buf_length = cert_length; - unsigned char *tmp; - int len; - - *above_len = 0; - - /* optional serial number */ - if ((buf[0] & 0xa0) == 0xa0) { - tmp = data_start(buf,buf_length,&len); - if (tmp == NULL) return NULL; - buf_length -= (tmp-buf) + len; - buf = tmp + len; - } - /* serial number */ - tmp = data_start(buf,buf_length,&len); - if (tmp == NULL) return NULL; - buf_length -= (tmp-buf) + len; - buf = tmp + len; - /* skip the OID */ - tmp = data_start(buf,buf_length,&len); - if (tmp == NULL) return NULL; - buf_length -= (tmp-buf) + len; - buf = tmp + len; - /* issuer */ - tmp = data_start(buf,buf_length,&len); - if (tmp == NULL) return NULL; - buf_length -= (tmp-buf) + len; - buf = tmp + len; - /* skip the date */ - tmp = data_start(buf,buf_length,&len); - if (tmp == NULL) return NULL; - buf_length -= (tmp-buf) + len; - buf = tmp + len; - - *above_len = buf - cert; - return cert; -} - -unsigned char * -GetSubject(unsigned char *cert,int cert_length,int *subj_len) { - unsigned char *buf = cert; - int buf_length = cert_length; - unsigned char *tmp; - int len; - - *subj_len = 0; - - /* optional serial number */ - if ((buf[0] & 0xa0) == 0xa0) { - tmp = data_start(buf,buf_length,&len); - if (tmp == NULL) return NULL; - buf_length -= (tmp-buf) + len; - buf = tmp + len; - } - /* serial number */ - tmp = data_start(buf,buf_length,&len); - if (tmp == NULL) return NULL; - buf_length -= (tmp-buf) + len; - buf = tmp + len; - /* skip the OID */ - tmp = data_start(buf,buf_length,&len); - if (tmp == NULL) return NULL; - buf_length -= (tmp-buf) + len; - buf = tmp + len; - /* issuer */ - tmp = data_start(buf,buf_length,&len); - if (tmp == NULL) return NULL; - buf_length -= (tmp-buf) + len; - buf = tmp + len; - /* skip the date */ - tmp = data_start(buf,buf_length,&len); - if (tmp == NULL) return NULL; - buf_length -= (tmp-buf) + len; - buf = tmp + len; - - return data_start(buf,buf_length,subj_len); -} - -unsigned char * -GetBelow(unsigned char *cert,int cert_length,int *below_len) { - unsigned char *subj; - int subj_len; - unsigned char *below; - - *below_len = 0; - - subj = GetSubject(cert,cert_length,&subj_len); - - below = subj + subj_len; - *below_len = cert_length - (below - cert); - return below; -} - -unsigned char * -GetSignature(unsigned char *sig,int sig_length,int *subj_len) { - unsigned char *buf = sig; - int buf_length = sig_length; - unsigned char *tmp; - int len; - - *subj_len = 0; - - /* signature oid */ - tmp = data_start(buf,buf_length,&len); - if (tmp == NULL) return NULL; - buf_length -= (tmp-buf) + len; - buf = tmp + len; - /* signature data */ - tmp = data_start(buf,buf_length,&len); - if (tmp == NULL) return NULL; - - *subj_len = len -1; - return tmp+1; -} - -int DER_Sequence(unsigned char *buf, int length) { - int next = 0; - - buf[next++] = 0x30; - if (length < 0x80) { - buf[next++] = length; - } else { - buf[next++] = 0x82; - buf[next++] = (length >> 8) & 0xff; - buf[next++] = length & 0xff; - } - return next; -} - -static -int Cert_length(unsigned char *buf, int length) { - unsigned char tag; - int used_length= 0; - int data_length; - - tag = buf[used_length++]; - - /* blow out when we come to the end */ - if (tag == 0) { - return 0; - } - - data_length = buf[used_length++]; - - if (data_length&0x80) { - int len_count = data_length & 0x7f; - - data_length = 0; - - while (len_count-- > 0) { - data_length = (data_length << 8) | buf[used_length++]; - } - } - - if (data_length > (length-used_length) ) { - return length; - } - - return (data_length + used_length); -} - -int -InitCard(int card, char *inpass) { - int cirv; - char buf[50]; - char *pass; - - cirv = CI_Open( 0 /* flags */, card); - if (cirv != CI_OK) return cirv; - - if (inpass == NULL) { - sprintf(buf,"Enter PIN for card in socket %d: ",card); - pass = SECU_GetPasswordString(NULL, buf); - - if (pass == NULL) { - CI_Close(CI_POWER_DOWN_FLAG,card); - return CI_FAIL; - } - } else pass=inpass; - - cirv = CI_CheckPIN(CI_USER_PIN,(unsigned char *)pass); - if (cirv != CI_OK) { - CI_Close(CI_POWER_DOWN_FLAG,card); - } - return cirv; -} - -int -isUser(CI_PERSON *person) { - return 1; -} - -int -isCA(CI_PERSON *person) { - return 0; -} - -int FoundCert(int card, char *name, Cert *cert) { - CI_PERSON personalities[MAX_PERSONALITIES]; - CI_PERSON *person; - int cirv; - int i; - int user_len = strlen(name); - - PORT_Memset(personalities, 0, sizeof(CI_PERSON)*MAX_PERSONALITIES); - - cirv = CI_GetPersonalityList(MAX_PERSONALITIES,personalities); - if (cirv != CI_OK) return 0; - - - cert->count = 1; - cert->valid[0].index = 0; - memcpy(cert->valid[0].label,"RRXX0000Root PAA Certificate ", - sizeof(cert->valid[0].label)); - cert->valid[0].cert = NULL; - for (i=0; i < MAX_PERSONALITIES; i++) { - person = &personalities[i]; - if ( (PORT_Memcmp(person->CertLabel,"RRXX",4) == 0) || - (PORT_Memcmp(person->CertLabel,"RTXX",4) == 0) || - (PORT_Memcmp(person->CertLabel,"LAXX",4) == 0) || - (PORT_Memcmp(person->CertLabel,"INKS",4) == 0) || - (PORT_Memcmp(person->CertLabel,"INKX",4) == 0) || - (PORT_Memcmp(person->CertLabel,"ONKS",4) == 0) || - (PORT_Memcmp(person->CertLabel,"ONKX",4) == 0) || - (PORT_Memcmp(person->CertLabel,"KEAK",4) == 0) || - (PORT_Memcmp(person->CertLabel,"3IKX",4) == 0) || - (PORT_Memcmp(person->CertLabel,"DSA1",4) == 0) || - (PORT_Memcmp(person->CertLabel,"DSAI",4) == 0) || - (PORT_Memcmp(person->CertLabel,"DSAO",4) == 0) || - (PORT_Memcmp(person->CertLabel,"3IXS",4) == 0) || - (PORT_Memcmp(person->CertLabel,"3OXS",4) == 0) ){ - int index; - - cert->valid[cert->count].cert = NULL; - memcpy(cert->valid[cert->count].label, - person->CertLabel,sizeof(person->CertLabel)); - for (index = sizeof(person->CertLabel)-1; - cert->valid[cert->count].label[index] == ' '; index--) { - cert->valid[cert->count].label[index] = 0; - } - cert->valid[cert->count++].index = person->CertificateIndex; - } - } - for (i=0; i < MAX_PERSONALITIES; i++) { - person = &personalities[i]; - if (strncmp((char *)&person->CertLabel[8],name,user_len) == 0) { - cert->card = card; - cert->index = person->CertificateIndex; - memcpy(&cert->label,person->CertLabel,sizeof(person->CertLabel)); - return 1; - } - } - return 0; -} - -void -Terminate(char *mess, int cirv, int card1, int card2) -{ - fprintf(stderr,"FAIL: %s error %d\n",mess,cirv); - if (card1 != -1) CI_Close(CI_POWER_DOWN_FLAG,card1); - if (card2 != -1) CI_Close(CI_POWER_DOWN_FLAG,card2); - CI_Terminate(); - exit(1); -} - -void -usage(char *prog) -{ - fprintf(stderr,"usage: %s [-e email][-t transport][-u userpin][-U userpass][-s ssopin][-S ssopass][-o outfile] common_name ca_label\n",prog); - exit(1); -} - -#define CERT_SIZE 2048 - - -/* version and oid */ -unsigned char header[] = { - /* Cert OID */ - 0x02, 0x10, - 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, - 0x30, 0x0b, 0x06, 0x09, - 0x60, 0x86, 0x48, 0x01, 0x65, 0x02, 0x01, 0x01, 0x13 }; - -#define KEY_START 21 -#define KMID_OFFSET 4 -#define KEA_OFFSET 15 -#define DSA_OFFSET 148 -unsigned char key[] = { - /* Sequence(Constructed): 293 bytes (0x125) */ - 0x30, 0x82, 0x01, 0x25, - /*Sequence(Constructed): 11 bytes (0xb) */ - 0x30, 0x0b, - /* ObjectId(Universal): 9 bytes (0x9) */ - 0x06, 0x09, - 0x60, 0x86, 0x48, 0x01, 0x65, 0x02, 0x01, 0x01, 0x14, - /* BitString(Universal): 276 bytes (0x114) */ - 0x03, 0x82, 0x01, 0x14, - 0x00, 0x00, 0x01, 0xef, 0x04, 0x01, 0x00, 0x01, - 0x00, 0x00, 0x69, 0x60, 0x70, 0x00, 0x80, 0x02, - 0x2e, 0x46, 0xb9, 0xcb, 0x22, 0x72, 0x0b, 0x1c, - 0xe6, 0x25, 0x20, 0x16, 0x86, 0x05, 0x8e, 0x2b, - 0x98, 0xd1, 0x46, 0x3d, 0x00, 0xb8, 0x69, 0xe1, - 0x1a, 0x42, 0x7d, 0x7d, 0xb5, 0xbf, 0x9f, 0x26, - 0xd3, 0x2c, 0xb1, 0x73, 0x01, 0xb6, 0xb2, 0x6f, - 0x7b, 0xa5, 0x54, 0x85, 0x60, 0x77, 0x81, 0x8a, - 0x87, 0x86, 0xe0, 0x2d, 0xbf, 0xdb, 0x28, 0xe8, - 0xfa, 0x20, 0x35, 0xb4, 0xc0, 0x94, 0x10, 0x8e, - 0x1c, 0x58, 0xaa, 0x02, 0x60, 0x97, 0xf5, 0xb3, - 0x2f, 0xf8, 0x99, 0x29, 0x28, 0x73, 0x47, 0x36, - 0xdd, 0x1d, 0x78, 0x95, 0xeb, 0xb8, 0xec, 0x45, - 0x96, 0x69, 0x6f, 0x54, 0xc8, 0x1f, 0x2d, 0x3a, - 0xd9, 0x0e, 0x8e, 0xaa, 0x59, 0x11, 0x8c, 0x3b, - 0x8d, 0xa4, 0xed, 0xf2, 0x7d, 0xdc, 0x42, 0xaa, - 0xa4, 0xd2, 0x1c, 0xb9, 0x87, 0xd0, 0xd9, 0x3d, - 0x8e, 0x89, 0xbb, 0x06, 0x54, 0xcf, 0x32, 0x00, - 0x02, 0x00, 0x00, 0x80, 0x0b, 0x80, 0x6c, 0x0f, - 0x71, 0xd1, 0xa1, 0xa9, 0x26, 0xb4, 0xf1, 0xcd, - 0x6a, 0x7a, 0x09, 0xaa, 0x58, 0x28, 0xd7, 0x35, - 0x74, 0x8e, 0x7c, 0x83, 0xcb, 0xfe, 0x00, 0x3b, - 0x62, 0x00, 0xfb, 0x90, 0x37, 0xcd, 0x93, 0xcf, - 0xf3, 0xe4, 0x6d, 0x8d, 0xdd, 0xb8, 0x53, 0xe0, - 0x5c, 0xda, 0x1a, 0x7e, 0x56, 0x03, 0x95, 0x03, - 0x2f, 0x74, 0x86, 0xb1, 0xa0, 0xbb, 0x05, 0x91, - 0xe4, 0x76, 0x83, 0xe6, 0x62, 0xf9, 0x12, 0x64, - 0x5a, 0x62, 0xd8, 0x94, 0x04, 0x1f, 0x83, 0x02, - 0x2e, 0xc5, 0xa7, 0x17, 0x46, 0x46, 0x21, 0x96, - 0xc3, 0xa9, 0x8e, 0x92, 0x18, 0xd1, 0x52, 0x08, - 0x1d, 0xff, 0x8e, 0x24, 0xdb, 0x6c, 0xd8, 0xfe, - 0x80, 0x93, 0xe1, 0xa5, 0x4a, 0x0a, 0x37, 0x24, - 0x18, 0x07, 0xbe, 0x0f, 0xaf, 0x73, 0xea, 0x50, - 0x64, 0xa1, 0xb3, 0x77, 0xe5, 0x41, 0x02, 0x82, - 0x39, 0xb9, 0xe3, 0x94 -}; - -unsigned char valitity[] = { - 0x30, 0x1e, - 0x17, 0x0d, - '2','0','0','0','0','1','0','1','0','0','0','0','Z', - 0x17, 0x0d, - '2','0','0','5','1','2','0','1','0','0','0','0','Z' -}; - - -unsigned char cnam_oid[] = { 0x06, 0x03, 0x55, 0x04, 0x03 }; - -unsigned char signature[] = { - /* the OID */ - 0x30, 0x0b, 0x06, 0x09, - 0x60, 0x86, 0x48, 0x01, 0x65, 0x02, 0x01, 0x01, 0x13, - /* signature wrap */ - 0x03, 0x29, 0x00, - /* 40 byte dsa signature */ - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff -}; - -unsigned char fortezza_oid [] = { - 0x60, 0x86, 0x48, 0x01, 0x65, 0x02, 0x01, 0x01, 0x13 -}; - -unsigned char software_ou[] = { - 0x31, 26, 0x30, 24, - 0x06, 0x03, 0x55, 0x04, 0x0b, - 0x13, 17, - 'S','o','f','t','w', - 'a','r','e',' ','F', - 'O','R','T','E','Z','Z','A' -}; - - -char letterarray[] = { - 'a','b','c','d','e','f','g','h','i','j','k','l','m','n', - 'o','p','q','r','s','t','u','v','w','x','y','z' }; - -char constarray[] = { - 'b','c','d','f','g','h','j','k','l','m','n', - 'p','q','r','s','t','v','w','x','y','z' }; - -char vowelarray[] = { - 'a','e','i','o','u','y' }; - -char digitarray[] = { - '0','1','2','3','4','5','6','7','8','9' }; - -unsigned long -getRandom(unsigned long max) { - unsigned short data; - unsigned long result; - - fort_GenerateRandom((unsigned char *)&data,sizeof(data)); - - result = (unsigned long)data * max; - result = result >> 16; - return result; -} - - -char getLetter(void) -{ - return letterarray[getRandom(sizeof(letterarray))]; -} -char getVowel(void) -{ - return vowelarray[getRandom(sizeof(vowelarray))]; -} -char getDigit(void) -{ - return digitarray[getRandom(sizeof(digitarray))]; -} - -char getConst(void) -{ - return constarray[getRandom(sizeof(constarray))]; -} - -char *getPinPhrase(void) -{ - char * pass = PORT_ZAlloc(5); - - pass[0] = getDigit(); - pass[1] = getDigit(); - pass[2] = getDigit(); - pass[3] = getDigit(); - - return pass; -} - -char *getPassPhrase(void) -{ - char * pass = PORT_ZAlloc(13); - - pass[0] = getConst()+'A'-'a'; - pass[1] = getVowel(); - pass[2] = getConst(); - pass[3] = getVowel(); - pass[4] = getConst(); - pass[5] = getVowel(); - pass[6] = getConst(); - pass[7] = getDigit(); - pass[8] = getDigit(); - pass[9] = getDigit(); - pass[10] = getDigit(); - pass[11] = getLetter()+'A'-'a'; - - return pass; -} - -extern void -makeCertSlot(fortSlotEntry * entry, - int index, - char * label, - SECItem * cert, - FORTSkipjackKeyPtr Ks, - unsigned char *xKEA, - unsigned char *xDSA, - unsigned char *pubKey, - int pubKeyLen, - unsigned char *p, - unsigned char *q, - unsigned char *g); - -extern void -makeProtectedPhrase(FORTSWFile * file, - fortProtectedPhrase *prot_phrase, - FORTSkipjackKeyPtr Ks, - FORTSkipjackKeyPtr Kinit, - char * phrase); - -extern void -fill_in(SECItem *item, unsigned char *data, int len); - -char *userLabel = "INKS0002 "; -int main(int argc, char **argv) -{ - char *progname = *argv++; - char *commonName = NULL; - char *caname = NULL; - char *email = NULL; - char *outname = NULL; - char *cp; - int arg_count = 0; - Cert caCert; - SECItem userCert; - int cirv,i; - int cards, start; - unsigned char *subject; - int subject_len; - int signature_len = sizeof(signature); - int newSubject_len, newCertBody_len, len; - int cname1_len, cname_len, pstring_len; - int valitity_len = sizeof(valitity); - unsigned char origCert[CERT_SIZE]; - unsigned char newSubject[CERT_SIZE]; - unsigned char newCertBody[CERT_SIZE]; - unsigned char newCert[CERT_SIZE]; - unsigned char pstring[CERT_SIZE]; - unsigned char cname1[CERT_SIZE]; - unsigned char cname[CERT_SIZE]; - CERTCertificate *myCACert = NULL; - CERTCertificate *cert; - CERTCertDBHandle *certhandle; - SECStatus rv; - unsigned char serial[16]; - SECKEYPublicKey *pubKey; - DSAPrivateKey *keaPrivKey; - DSAPrivateKey *dsaPrivKey; - CI_RANDOM randomVal; - PQGParams *params; - int pca_index = -1; - unsigned char *p,*q,*g; - FORTSkipjackKey Ks; - FORTSkipjackKey Kinit; - FORTSWFile *file; - FORTSignedSWFile *signed_file; - FORTSignedSWFile *signed_file2; - unsigned char random[20]; - unsigned char vers; - unsigned char *data; - char *transportPin=NULL; - char *ssoMemPhrase=NULL; - char *userMemPhrase=NULL; - char *ssoPin=NULL; - char *userPin=NULL; - char *pass=NULL; - SECItem *outItem; - int email_len = 0; - int emailAVA_len = 0; - - - /* put better argument parsing here */ - while ((cp = *argv++) != NULL) { - if (*cp == '-') { - while (*++cp) { - switch (*cp) { - /* verbose mode */ - case 'e': - email = *argv++; - break; - /* explicitly set the target */ - case 'o': - outname = *argv++; - break; - case 't': - /* provide password on command line */ - transportPin = *argv++; - break; - case 'u': - /* provide user password on command line */ - userPin = *argv++; - break; - case 'U': - /* provide user password on command line */ - userMemPhrase = *argv++; - break; - case 's': - /* provide user password on command line */ - ssoPin = *argv++; - break; - case 'S': - /* provide user password on command line */ - ssoMemPhrase = *argv++; - break; - case 'p': - /* provide card password on command line */ - pass = *argv++; - break; - case 'd': - transportPin="test1234567890"; - ssoMemPhrase="sso1234567890"; - userMemPhrase="user1234567890"; - ssoPin="9999"; - userPin="0000"; - break; - default: - usage(progname); - break; - } - } - } else switch (arg_count++) { - case 0: - commonName = cp; - break; - case 1: - caname = cp; - break; - default: - usage(progname); - } - } - - if (outname == NULL) outname = "swfort.sfi"; - if (caname == NULL) usage(progname); - - - - caCert.card = -1; - memset(newCert,0,CERT_SIZE); - - if (commonName == NULL) usage(progname); - - - cirv = CI_Initialize(&cards); - - start = 0; - for (i=0; i < cards; i++) { - cirv = InitCard(i+1,pass); - if (cirv == CI_OK) { - if (FoundCert(i+1,caname,&caCert)) { - break; - } - } - } - - if (caCert.card == -1) { - fprintf(stderr, - "WARNING: Couldn't find Signing CA...new cert will not be signed\n"); - } - - - /* - * initialize enough security to deal with certificates. - */ - NSS_NoDB_Init(NULL); - certhandle = CERT_GetDefaultCertDB(); - if (certhandle == NULL) { - Terminate("Couldn't build temparary Cert Database", - 1, -1, caCert.card); - exit(1); - } - - CI_GenerateRandom(random); - RNG_RandomUpdate(random,sizeof(random)); - CI_GenerateRandom(random); - RNG_RandomUpdate(random,sizeof(random)); - - - if (transportPin == NULL) transportPin = getPassPhrase(); - if (ssoMemPhrase == NULL) ssoMemPhrase = getPassPhrase(); - if (userMemPhrase == NULL) userMemPhrase = getPassPhrase(); - if (ssoPin == NULL) ssoPin = getPinPhrase(); - if (userPin == NULL) userPin = getPinPhrase(); - - - - /* now dump the certs into the temparary data base */ - for (i=0; i < caCert.count; i++) { - int trusted = 0; - SECItem derCert; - - cirv = CI_Select(caCert.card); - if (cirv != CI_OK) { - Terminate("Couldn't select on CA card",cirv, - -1, caCert.card); - } - cirv = CI_GetCertificate(caCert.valid[i].index,origCert); - if (cirv != CI_OK) { - continue; - } - derCert.data = origCert; - derCert.len = Cert_length(origCert, sizeof(origCert)); - cert = - (CERTCertificate *)CERT_NewTempCertificate(certhandle,&derCert, NULL, - PR_FALSE, PR_TRUE); - caCert.valid[i].cert = cert; - if (cert == NULL) continue; - if (caCert.valid[i].index == caCert.index) myCACert=cert; - if (caCert.valid[i].index == atoi((char *)&caCert.label[4])) - pca_index = i; - } - - if (myCACert == NULL) { - Terminate("Couldn't find CA's Certificate", 1, -1, caCert.card); - exit(1); - } - - - /* - * OK now build the user cert. - */ - /* first get the serial number and KMID */ - cirv = CI_GenerateRandom(randomVal); - memcpy(&header[2],randomVal,sizeof(serial)); - memcpy(serial,randomVal,sizeof(serial)); - memcpy(&key[KEY_START+KMID_OFFSET],randomVal+sizeof(serial),7); - /* KMID */ - - /* now generate the keys */ - pubKey = CERT_ExtractPublicKey(myCACert); - if (pubKey == NULL) { - Terminate("Couldn't extract CA's public key", - 1, -1, caCert.card); - exit(1); - } - - - switch (pubKey->keyType) { - case fortezzaKey: - params = (PQGParams *)&pubKey->u.fortezza.params; - break; - case dsaKey: - params = (PQGParams *)&pubKey->u.dsa.params; - break; - default: - Terminate("Certificate is not a fortezza or DSA Cert", - 1, -1, caCert.card); - exit(1); - } - - rv = DSA_NewKey(params,&keaPrivKey); - if (rv != SECSuccess) { - Terminate("Couldn't Generate KEA key", - PORT_GetError(), -1, caCert.card); - exit(1); - } - rv = DSA_NewKey(params,&dsaPrivKey); - if (rv != SECSuccess) { - Terminate("Couldn't Generate DSA key", - PORT_GetError(), -1, caCert.card); - exit(1); - } - - if (keaPrivKey->publicValue.len == 129) - keaPrivKey->publicValue.data++; - if (dsaPrivKey->publicValue.len == 129) - dsaPrivKey->publicValue.data++; - if (keaPrivKey->privateValue.len == 21) - keaPrivKey->privateValue.data++; - if (dsaPrivKey->privateValue.len == 21) - dsaPrivKey->privateValue.data++; - - /* save the parameters */ - p = params->prime.data; - if (params->prime.len == 129) p++; - q = params->subPrime.data; - if (params->subPrime.len == 21) q++; - g = params->base.data; - if (params->base.len == 129) g++; - - memcpy(&key[KEY_START+KEA_OFFSET], - keaPrivKey->publicValue.data, - keaPrivKey->publicValue.len); - memcpy(&key[KEY_START+DSA_OFFSET], - dsaPrivKey->publicValue.data, - dsaPrivKey->publicValue.len); - - /* build the der subject */ - subject = data_start(myCACert->derSubject.data,myCACert->derSubject.len, - &subject_len); - - /* build the new Common name AVA */ - len = DER_Sequence(pstring,strlen(commonName)); - memcpy(pstring+len,commonName,strlen(commonName)); - len += strlen(commonName); - pstring_len = len; - pstring[0] = 0x13; - - len = DER_Sequence(cname1,sizeof(cnam_oid)+pstring_len); - memcpy(cname1+len,cnam_oid,sizeof(cnam_oid)); len += sizeof(cnam_oid); - memcpy(cname1+len,pstring,pstring_len); len += pstring_len; - cname1_len = len; - - len = DER_Sequence(cname, cname1_len); - memcpy(cname+len,cname1,cname1_len); len += cname1_len; - cname_len = len; - cname[0] = 0x31; /* make it a set rather than a sequence */ - - if (email) { - email_len = strlen(email); - emailAVA_len = EMAIL_DATA_START + email_len; - } - - /* now assemble it */ - len = DER_Sequence(newSubject,subject_len + sizeof(software_ou) + - cname_len + emailAVA_len); - memcpy(newSubject+len,subject,subject_len); - - for (i=0; i < subject_len; i++) { - if (memcmp(newSubject+len+i,cnam_oid,sizeof(cnam_oid)) == 0) { - newSubject[i+len+4] = 0x0b; /* change CN to OU */ - break; - } - } - len += subject_len; - memcpy(newSubject+len,software_ou,sizeof(software_ou)); - len += sizeof(software_ou); - memcpy(newSubject+len,cname,cname_len); len += cname_len; - newSubject_len = len; - - /* - * build the email AVA - */ - if (email) { - memcpy(&emailAVA[EMAIL_DATA_START],email,email_len); - for (i=0; i < offsetCount; i++) { - emailAVA[emailOffset[i]] += email_len; - } - memcpy(newSubject+len,emailAVA,emailAVA_len); - newSubject_len += emailAVA_len; - } - - - /* - * Assemble the Cert - */ - - len = DER_Sequence(newCertBody,sizeof(header)+newSubject_len+ - valitity_len+myCACert->derSubject.len+sizeof(key)); - memcpy(newCertBody+len,header,sizeof(header));len += sizeof(header); - memcpy(newCertBody+len,myCACert->derSubject.data, - myCACert->derSubject.len);len += myCACert->derSubject.len; - memcpy(newCertBody+len,valitity,valitity_len);len += valitity_len; - memcpy(newCertBody+len,newSubject,newSubject_len); - len += newSubject_len; - memcpy(newCertBody+len,key,sizeof(key));len += sizeof(key); - newCertBody_len = len; - - - /* - * generate the hash - */ - cirv = CI_InitializeHash(); - if (cirv == CI_OK) { - int hash_left = newCertBody_len & 63; - int hash_len = newCertBody_len - hash_left; - cirv = CI_Hash(hash_len,newCertBody); - if (cirv == CI_OK) { - cirv = CI_GetHash(hash_left,newCertBody+hash_len,hash); - } - } - - /* - * now sign the hash - */ - if ((cirv == CI_OK) && (caCert.card != -1)) { - cirv = CI_Select(caCert.card); - if (cirv == CI_OK) { - cirv = CI_SetPersonality(caCert.index); - if (cirv == CI_OK) { - cirv = CI_Sign(hash,sig); - } - } - } else cirv = -1; - - if (cirv != CI_OK) { - memcpy(sig,hash,sizeof(hash)); - } - - /* - * load in new signature - */ - { - int sig_len; - unsigned char *sig_start = - GetSignature(signature,signature_len,&sig_len); - memcpy(sig_start,sig,sizeof(sig)); - } - - /* - * now do the final wrap - */ - len = DER_Sequence(newCert,newCertBody_len+signature_len); - memcpy(newCert+len,newCertBody,newCertBody_len); len += newCertBody_len; - memcpy(newCert+len, signature, signature_len); len +=signature_len; - userCert.data = newCert; - userCert.len = len; - - - /* OK, we now have our cert, let's go build our software file */ - signed_file = PORT_ZNew(FORTSignedSWFile); - file = &signed_file->file; - - signed_file->signatureWrap.signature.data = PORT_ZAlloc(40); - signed_file->signatureWrap.signature.len = 40; - signed_file->signatureWrap.signatureAlgorithm.algorithm.data = - fortezza_oid; - signed_file->signatureWrap.signatureAlgorithm.algorithm.len = - sizeof(fortezza_oid); - - vers = 1; - fill_in(&file->version,&vers,1); - file->derIssuer.data = myCACert->derSubject.data; - file->derIssuer.len = myCACert->derSubject.len; - file->serialID.data = serial; - file->serialID.len =sizeof(serial); - /* generate out Ks value */ - fort_GenerateRandom(Ks,sizeof(Ks)); - makeProtectedPhrase(file,&file->initMemPhrase,Kinit,NULL,transportPin); - makeProtectedPhrase(file,&file->ssoMemPhrase,Ks,Kinit,ssoMemPhrase); - makeProtectedPhrase(file,&file->ssoPinPhrase,Ks,Kinit,ssoPin); - makeProtectedPhrase(file,&file->userMemPhrase,Ks,Kinit,userMemPhrase); - makeProtectedPhrase(file,&file->userPinPhrase,Ks,Kinit,userPin); - file->wrappedRandomSeed.data = PORT_ZAlloc(12); - file->wrappedRandomSeed.len = 12; - cirv = fort_GenerateRandom(file->wrappedRandomSeed.data,10); - if (cirv != CI_OK) { - Terminate("Couldn't get Random Seed", - cirv, -1, caCert.card); - } - fort_skipjackWrap(Ks,12,file->wrappedRandomSeed.data, - file->wrappedRandomSeed.data); - file->slotEntries = PORT_ZAlloc(sizeof(fortSlotEntry *)*5); - /* paa */ - file->slotEntries[0] = PORT_ZNew(fortSlotEntry); - makeCertSlot(file->slotEntries[0],0, - (char *)caCert.valid[0].label, - &caCert.valid[0].cert->derCert, - Ks,NULL,NULL,NULL,0,p,q,g); - /* pca */ - file->slotEntries[1] = PORT_ZNew(fortSlotEntry); - makeCertSlot(file->slotEntries[1],1, - (char *)caCert.valid[pca_index].label, - &caCert.valid[pca_index].cert->derCert, - Ks,NULL,NULL,NULL,0,p,q,g); - /* ca */ - file->slotEntries[2] = PORT_ZNew(fortSlotEntry); - /* make sure the caCert lable points to our new pca slot location */ - caCert.label[4] = '0'; - caCert.label[5] = '0'; - caCert.label[6] = '0'; - caCert.label[7] = '1'; - makeCertSlot(file->slotEntries[2],2,(char *)caCert.label, - &myCACert->derCert,Ks,NULL,NULL,NULL,0,p,q,g); - /* user */ - file->slotEntries[3] = PORT_ZNew(fortSlotEntry); - strncpy(&userLabel[8],commonName,sizeof(CI_PERSON)-8); - makeCertSlot(file->slotEntries[3],3,userLabel,&userCert,Ks, - keaPrivKey->privateValue.data, - dsaPrivKey->privateValue.data, - key, sizeof(key), p, q, g); - file->slotEntries[4] = 0; - - /* encode the file so we can sign it */ - outItem = FORT_PutSWFile(signed_file); - - /* get the der encoded data to sign */ - signed_file2 = FORT_GetSWFile(outItem); - - /* now sign it */ - len = signed_file2->signatureWrap.data.len; - data = signed_file2->signatureWrap.data.data; - /* - * generate the hash - */ - cirv = CI_InitializeHash(); - if (cirv == CI_OK) { - int hash_left = len & 63; - int hash_len = len - hash_left; - cirv = CI_Hash(hash_len,data); - if (cirv == CI_OK) { - cirv = CI_GetHash(hash_left,data+hash_len,hash); - } - } - - /* - * now sign the hash - */ - if ((cirv == CI_OK) && (caCert.card != -1)) { - cirv = CI_Select(caCert.card); - if (cirv == CI_OK) { - cirv = CI_SetPersonality(caCert.index); - if (cirv == CI_OK) { - cirv = CI_Sign(hash,sig); - } - } - } else cirv = -1; - - if (cirv != CI_OK) { - memcpy(sig,hash,sizeof(hash)); - } - memcpy( signed_file->signatureWrap.signature.data,sig,sizeof(sig)); - signed_file->signatureWrap.signature.len = sizeof(sig)*8; - - - /* encode it for the last time */ - outItem = FORT_PutSWFile(signed_file); - - - /* - * write it out to the .sfi file - */ - { - int fd = open(outname,O_WRONLY|O_CREAT|O_BINARY,0777); - - write(fd,outItem->data,outItem->len); - close(fd); - } - CI_Close(CI_POWER_DOWN_FLAG,caCert.card); - CI_Terminate(); - - printf("Wrote %s to file %s.\n",commonName,outname); - printf("Initialization Memphrase: %s\n",transportPin); - printf("SSO Memphrase: %s\n",ssoMemPhrase); - printf("User Memphrase: %s\n",userMemPhrase); - printf("SSO pin: %s\n",ssoPin); - printf("User pin: %s\n",userPin); - - return 0; -} - diff --git a/security/nss/cmd/symkeyutil/Makefile b/security/nss/cmd/symkeyutil/Makefile deleted file mode 100644 index 8650a607d..000000000 --- a/security/nss/cmd/symkeyutil/Makefile +++ /dev/null @@ -1,76 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - -include ../platlibs.mk - - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - - -include ../platrules.mk - diff --git a/security/nss/cmd/symkeyutil/manifest.mn b/security/nss/cmd/symkeyutil/manifest.mn deleted file mode 100644 index dd0eb9ff2..000000000 --- a/security/nss/cmd/symkeyutil/manifest.mn +++ /dev/null @@ -1,51 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -CORE_DEPTH = ../../.. - -DEFINES += -DNSPR20 - -# MODULE public and private header directories are implicitly REQUIRED. -MODULE = nss - -CSRCS = symkeyutil.c -#CSRCS = symkeytest.c - -# The MODULE is always implicitly required. -# Listing it here in REQUIRES makes it appear twice in the cc command line. -REQUIRES = dbm seccmd - -PROGRAM = symkeyutil -#PROGRAM = symkeytest - -#USE_STATIC_LIBS = 1 diff --git a/security/nss/cmd/symkeyutil/symkey.man b/security/nss/cmd/symkeyutil/symkey.man deleted file mode 100644 index 9f7c4f336..000000000 --- a/security/nss/cmd/symkeyutil/symkey.man +++ /dev/null @@ -1,182 +0,0 @@ - -NAME - symkeyutil - manage fixed keys in the database - -SYNOPSIS - symkeyutil -H - symkeyutil -L [std_opts] [-r] - symkeyutil -K [-n name] -t type [-s size] [-i id |-j id_file] [std_opts] - symkeyutil -D <[-n name | -i id | -j id_file> [std_opts] - symkeyutil -I [-n name] [-t type] [-i id | -j id_file] -k data_file [std_opts] - symkeyutil -E <-nname | -i id | -j id_file> [-t type] -k data_file [-r] [std_opts] - symkeyutil -U [-n name] [-t type] [-i id | -j id_file] -k data_file <wrap_opts> [std_opts] - symkeyutil -W <-n name | -i id | -j id_file> [-t type] -k data_file [-r] <wrap_opts> [std_opts] - symkeyutil -M <-n name | -i id | -j id_file> -g target_token [std_opts] - std_opts -> [-d certdir] [-P dbprefix] [-p password] [-f passwordFile] [-h token] - wrap_opts -> <-w wrap_name | -x wrap_id | -y id_file> - -DESCRIPTION - - NSS can store fixed keys as well as asymetric keys in the database. The - symkeyutil command can be used to manage these keys. - - As with certutil, symkeyutil takes two types of arguments, commands and - options. Most commands fall into one of two catagories: commands which - create keys and commands which extract or destroy keys. - - Exceptions to these catagories are listed first: - - -H takes no additional options. It lists a more detailed help message. - -L takes the standard set of options. It lists all the keys in a the - specified token (NSS Internal DB Token is the default). Only the - -L option accepts the all option for tokens to list all the fixed - keys. - - Key Creation commands: - For these commands, the key type (-t) option is always required. - In addition, the -s option may be required for certain key types. - The standard set of options may be specified. - - -K Create a new key using the token key gen function. - -I Import a new key from the raw data specified in the data file, - specified with the -k options (required). This command may fail on - some tokens that don't support direct import of key material. - -U Unwrap a new key from an encrypted data file specified with the -k - option. The -w, -x, or -y option specifies the unwrapping key. - The unwrapping algorithm is selected based on the type of the - unwrapping key. - - Key extraction/destruction options: - For these keys, one and only of of the -n, -i, or -j options must be - specified. If more than one key matches the -n option, the 'first' key - matching will be used. The standard set of options may be specified. - - -D Delete the key specified by the -n, -i, or -j options. - -E Export the key specified by the -n, -i, or -j options and store the - contents to a file specified by the -k file (required). - This command will seldom work on any token since most keys are - protected from export. - -W Wrap the key specified by the -n, -i, or -j options and store the - encrypted contents to a file specified by the -k file (required). - The -w, -x, or -y option specifies the key used to wrap the - target key. - -M Move the key specified by the -n, -i, or -j options to the token - specified by the -g option (required). The new key will have the - same attributes as the source key. - -OPTIONS - - Standard options are those options that may be used by any command, and - whose meaning is the same for all commands. - - -h token Specify the token which the command will operate on. - If -h is not specified the internal token is presumed. In - addition the special value 'all' may be used to specify - that all tokens should be used. This is only valid for - the '-L' command. - -d certdir Specify the location of the NSS databases. The default - value is platform dependent. - -P dbprefix Specify the prefix for the NSS database. The default value - is NULL. - -p password Specify the password for the token. On the command line. - The -p and -f options are mutually exclusive. If - neither option is specified, the password would be - prompted from the user. - -f passwordFile Specify a file that contains the password for the token. - This option is mutually exclusive to the -p option. - - In addition to the standard options are the following command specific - options are. - - -r Opens the NSS databases Read/Write. By default the -L, - -E, and -W commands open the database read only. Other - commands automatically opens the databases Read/Write and - igore this option if it is specified. - - -n name Specifies the nickname for the key. - - For the -K, -I, or -U options, name is the name for - the new key. If -n is not specified, no name is - assumed. There is not check for duplicate names. - - For the -D, -E, -W, or -M, the name specifies the key to - operate on. In this case one andy only one of the -n, -i - or -j options should be specifed. It is possible that - the -n options specifies and ambiguous key. In that case - the 'first' valid key is used. - - For the -M option, the nickname for the new key is copied - from it's original key, even if the original key is - specified using -i or -j. - - -i key id - -j key id file These options are equivalent and mutually exclusive. - They specify the key id for the file. The -i option - specifies the key id on the command line using a hex - string. The -j specifies a file to read the raw key - id from. - - For the -K, -I, or -U options, key id is the key id for - the new key. If -i or -j is not specified, no key id - is assumed. Some tokens may generate their own unique - id for the key in this case (but it is not guarrenteed). - - For the -D, -E, -W, or -M, the key id specifies the key to - operate on. In this case one andy only one of the -n, -i - or -j options should be specifed. - - -t type Specifies the key Type for the new key. This option is - required for the -K, -I, and -U commands. Valid values - are: - generic, rc2, rc4, des, des2, des3, cast, cast3, - cast5, cast128, rc5, idea, skipjack, baton, juniper, - cdmf, aes - - Not all tokens support all key types. The generic key - type is usually used in MACing and key derivation - algorithms. Neither generic nor rc4 keys may be used - to wrap other keys. Fixed rc4 keys are dangerous since - multiple use of the same stream cipher key to encrypted - different data can compromise all data encrypted with - that key. - - -s size Specifies the key size. For most situations the key size - is already known and need not be specified. For some - algorithms, however, it is necessary to specify the key - size when generation or unwrapping the key. - - -k key file Specifies the name of a file that contains key data to - import or unwrap (-I or -U), or the location to store - key data or encrypted key data (-E or -W). - - -g target token Specifies the target token when moving a key (-M). This - option is required for the -M command. It is invalid for - all other commands. - - - - -w wrap name - -x wrap key id - -y wrap key id file Specifies the wrapping key used int the -U and -W - command. Exactly one of these must be specified for the - -U or -W commands. Same semantics as the -n, -i, and -j - options above. - -BUGS - - There is no way display the key id of a key. - - The -p and -f options only specifies one password. Multiple passwords may - be needed for the -L -h all command and the -M command. - - Perhaps RC4 should not be supported as a key type. Use of these keys as - fixed keys is exceedingly dangerous. - - The handling of multiple keys with the same nickname should be more - deterministic than 'the first one' - - There is no way to specify, or display the operation flags of a key. The - operation flags are not copied with the -M option as they should be. - - There is no way to change the attributes of a key (nickname, id, operation - flags). diff --git a/security/nss/cmd/symkeyutil/symkeyutil.c b/security/nss/cmd/symkeyutil/symkeyutil.c deleted file mode 100644 index f1f3d1c41..000000000 --- a/security/nss/cmd/symkeyutil/symkeyutil.c +++ /dev/null @@ -1,1145 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -/* -** symkeyutil.c -** -** utility for managing symetric keys in the database or the token -** -*/ - -/* - * Wish List for this utility: - * 1) Display and Set the CKA_ operation flags for the key. - * 2) Modify existing keys - * 3) Copy keys - * 4) Read CKA_ID and display for keys. - * 5) Option to store CKA_ID in a file on key creation. - * 6) Encrypt, Decrypt, Hash, and Mac with generated keys. - * 7) Use asymetric keys to wrap and unwrap keys. - * 8) Derive. - * 9) PBE keys. - */ - -#include <stdio.h> -#include <string.h> - -#if defined(WIN32) -#include "io.h" -#endif - -#include "secutil.h" - -#if defined(XP_UNIX) -#include <unistd.h> -#endif - -#include "nspr.h" -#include "prtypes.h" -#include "prtime.h" -#include "prlong.h" - -#include "pk11func.h" -#include "secasn1.h" -#include "cert.h" -#include "cryptohi.h" -#include "secoid.h" -#include "certdb.h" -#include "nss.h" -#include <sys/types.h> -#include <sys/stat.h> -#include <fcntl.h> - -typedef struct _KeyTypes { - CK_KEY_TYPE keyType; - CK_MECHANISM_TYPE mechType; - CK_MECHANISM_TYPE wrapMech; - char *label; -} KeyTypes; - -static KeyTypes keyArray[] = { -#ifdef RECOGNIZE_ASYMETRIC_TYPES - { CKK_RSA, CKM_RSA_PKCS, CKM_RSA_PKCS, "rsa" }, - { CKK_DSA, CKM_DSA, CKM_INVALID_MECHANISM, "dsa" }, - { CKK_DH, CKM_DH_PKCS_DERIVE, CKM_INVALID_MECHANISM, "dh" }, - { CKK_EC, CKM_ECDSA, CKM_INVALID_MECHANISM, "ec" }, - { CKK_X9_42_DH, CKM_X9_42_DH_DERIVE, CKM_INVALID_MECHANISM, "x9.42dh" }, - { CKK_KEA, CKM_KEA_KEY_DERIVE, CKM_INVALID_MECHANISM, "kea" }, -#endif - { CKK_GENERIC_SECRET, CKM_SHA_1_HMAC, CKM_INVALID_MECHANISM, "generic" }, - { CKK_RC2, CKM_RC2_CBC, CKM_RC2_ECB,"rc2" }, - /* don't define a wrap mech for RC-4 since it's note really safe */ - { CKK_RC4, CKM_RC4, CKM_INVALID_MECHANISM, "rc4" }, - { CKK_DES, CKM_DES_CBC, CKM_DES_ECB,"des" }, - { CKK_DES2, CKM_DES2_KEY_GEN, CKM_DES3_ECB, "des2" }, - { CKK_DES3, CKM_DES3_KEY_GEN, CKM_DES3_ECB, "des3" }, - { CKK_CAST, CKM_CAST_CBC, CKM_CAST_ECB, "cast" }, - { CKK_CAST3, CKM_CAST3_CBC, CKM_CAST3_ECB, "cast3" }, - { CKK_CAST5, CKM_CAST5_CBC, CKM_CAST5_ECB, "cast5" }, - { CKK_CAST128, CKM_CAST128_CBC, CKM_CAST128_ECB, "cast128" }, - { CKK_RC5, CKM_RC5_CBC, CKM_RC5_ECB, "rc5" }, - { CKK_IDEA, CKM_IDEA_CBC, CKM_IDEA_ECB, "idea" }, - { CKK_SKIPJACK, CKM_SKIPJACK_CBC64, CKM_SKIPJACK_WRAP, "skipjack" }, - { CKK_BATON, CKM_BATON_CBC128, CKM_BATON_WRAP, "baton" }, - { CKK_JUNIPER, CKM_JUNIPER_CBC128, CKM_JUNIPER_WRAP, "juniper" }, - { CKK_CDMF, CKM_CDMF_CBC, CKM_CDMF_ECB, "cdmf" }, - { CKK_AES, CKM_AES_CBC, CKM_AES_ECB, "aes" }, -}; - -static int keyArraySize = sizeof(keyArray)/sizeof(keyArray[0]); - -int -GetLen(int fd) -{ - struct stat buf; - int ret; - - ret = fstat(fd,&buf); - if (ret < 0) return ret; - - return buf.st_size; -} - -#ifndef O_BINARY -#define O_BINARY 0 -#endif - -int -ReadBuf(char *inFile, SECItem *item) -{ - int len; - int ret; - int fd = open(inFile, O_RDONLY|O_BINARY); - if (fd < 0) { - perror(inFile); - return -1; - } - - len = GetLen(fd); - if (len < 0) { - perror(inFile); - return -1; - } - item->data = (unsigned char *)PORT_Alloc(len); - if (item->data == NULL) { - fprintf(stderr,"Failed to allocate %d to read file %s\n",len,inFile); - return -1; - } - - ret = read(fd,item->data,item->len); - if (ret < 0) { - PORT_Free(item->data); - item->data = NULL; - perror(inFile); - return -1; - } - close(fd); - item->len = len; - return 0; -} - -int -WriteBuf(char *inFile, SECItem *item) -{ - int ret; - int fd = open(inFile, O_WRONLY|O_CREAT|O_BINARY); - if (fd < 0) { - perror(inFile); - return -1; - } - - ret = write(fd,item->data,item->len); - if (ret < 0) { - perror(inFile); - return -1; - } - close(fd); - return 0; -} - -CK_KEY_TYPE -GetKeyTypeFromString(const char *keyString) -{ - int i; - for (i=0; i < keyArraySize; i++) { - if (PL_strcasecmp(keyString,keyArray[i].label) == 0) { - return keyArray[i].keyType; - } - } - return (CK_KEY_TYPE)-1; -} - -CK_MECHANISM_TYPE -GetKeyMechFromString(const char *keyString) -{ - int i; - for (i=0; i < keyArraySize; i++) { - if (PL_strcasecmp(keyString,keyArray[i].label) == 0) { - return keyArray[i].mechType; - } - } - return (CK_MECHANISM_TYPE)-1; -} - -const char * -GetStringFromKeyType(CK_KEY_TYPE type) -{ - int i; - for (i=0; i < keyArraySize; i++) { - if (keyArray[i].keyType == type) { - return keyArray[i].label; - } - } - return "unmatched"; -} - -CK_MECHANISM_TYPE -GetWrapFromKeyType(CK_KEY_TYPE type) -{ - int i; - for (i=0; i < keyArraySize; i++) { - if (keyArray[i].keyType == type) { - return keyArray[i].wrapMech; - } - } - return CKM_INVALID_MECHANISM; -} - -CK_MECHANISM_TYPE -GetWrapMechanism(PK11SymKey *symKey) -{ - CK_KEY_TYPE type = PK11_GetSymKeyType(symKey); - - return GetWrapFromKeyType(type); -} - -int -GetDigit(char c) -{ - if (c == 0) { - return -1; - } - if (c <= '9' && c >= '0') { - return c - '0'; - } - if (c <= 'f' && c >= 'a') { - return c - 'a' + 0xa; - } - if (c <= 'F' && c >= 'A') { - return c - 'A' + 0xa; - } - return -1; -} - -char -ToDigit(unsigned char c) -{ - c = c & 0xf; - if (c <= 9) { - return (char) (c+'0'); - } - return (char) (c+'a'-0xa); -} - -char * -BufToHex(SECItem *outbuf) -{ - int len = outbuf->len * 2 +1; - char *string, *ptr; - unsigned int i; - - string = PORT_Alloc(len); - - ptr = string; - for (i=0; i < outbuf->len; i++) { - *ptr++ = ToDigit(outbuf->data[i] >> 4); - *ptr++ = ToDigit(outbuf->data[i] & 0xf); - } - *ptr = 0; - return string; -} - - -int -HexToBuf(char *inString, SECItem *outbuf) -{ - int len = strlen(inString); - int outlen = len+1/2; - int trueLen = 0; - - outbuf->data = PORT_Alloc(outlen); - if (outbuf->data) { - return -1; - } - - while (*inString) { - int digit1, digit2; - digit1 = GetDigit(*inString++); - digit2 = GetDigit(*inString++); - if ((digit1 == -1) || (digit2 == -1)) { - PORT_Free(outbuf->data); - outbuf->data = NULL; - return -1; - } - outbuf->data[trueLen++] = digit1 << 4 | digit2; - } - outbuf->len = trueLen; - return 0; -} - -void -printBuf(unsigned char *data, int len) -{ - int i; - - for (i=0; i < len; i++) { - printf("%02x",data[i]); - } -} - -void -PrintKey(PK11SymKey *symKey) -{ - char *name = PK11_GetSymKeyNickname(symKey); - int len = PK11_GetKeyLength(symKey); - int strength = PK11_GetKeyStrength(symKey, NULL); - SECItem *value = NULL; - SECItem *id = NULL; /* need to read the ID of a key */ - CK_KEY_TYPE type = PK11_GetSymKeyType(symKey); - (void) PK11_ExtractKeyValue(symKey); - - value = PK11_GetKeyData(symKey); - - printf("%-20s %3d %4d %10s ", name ? name: " ", len, strength, - GetStringFromKeyType(type)); - if (value && value->data) { - printBuf(value->data, value->len); - } else { - printf("<restricted>"); - } - printf("\n"); -} - -SECStatus -ListKeys(PK11SlotInfo *slot, int *printLabel, void *pwd) { - PK11SymKey *keyList; - SECStatus rv = PK11_Authenticate(slot, PR_FALSE, pwd); - if (rv != SECSuccess) { - return rv;; - } - - keyList = PK11_ListFixedKeysInSlot(slot, NULL, pwd); - if (keyList) { - if (*printLabel) { - printf(" Name Len Strength Type Data\n"); - *printLabel = 0; - } - printf("%s:\n",PK11_GetTokenName(slot)); - } - while (keyList) { - PK11SymKey *freeKey = keyList; - PrintKey(keyList); - keyList = PK11_GetNextSymKey(keyList); - PK11_FreeSymKey(freeKey); - } - return SECSuccess; -} - -PK11SymKey * -FindKey(PK11SlotInfo *slot, char *name, SECItem *id, void *pwd) -{ - PK11SymKey *key = NULL; - SECStatus rv = PK11_Authenticate(slot, PR_FALSE, pwd); - - if (rv != SECSuccess) { - return NULL; - } - - - if (id->data) { - key = PK11_FindFixedKey(slot,CKM_INVALID_MECHANISM, id, pwd); - } - if (name && !key) { - key = PK11_ListFixedKeysInSlot(slot,name, pwd); - } - - if (key) { - printf("Found a key\n"); - PrintKey(key); - } - return key; -} - -PRBool -IsKeyList(PK11SymKey *symKey) -{ - return (PRBool) (PK11_GetNextSymKey(symKey) != NULL); -} - -void -FreeKeyList(PK11SymKey *symKey) -{ - PK11SymKey *next,*current; - - for (current = symKey; current; current = next) { - next = PK11_GetNextSymKey(current); - PK11_FreeSymKey(current); - } - return; -} - -static void -Usage(char *progName) -{ -#define FPS fprintf(stderr, - FPS "Type %s -H for more detailed descriptions\n", progName); - FPS "Usage:"); - FPS "\t%s -L [std_opts] [-r]\n", progName); - FPS "\t%s -K [-n name] -t type [-s size] [-i id |-j id_file] [std_opts]\n", progName); - FPS "\t%s -D <[-n name | -i id | -j id_file> [std_opts]\n", progName); - FPS "\t%s -I [-n name] [-t type] [-i id | -j id_file] -k data_file [std_opts]\n", progName); - FPS "\t%s -E <-nname | -i id | -j id_file> [-t type] -k data_file [-r] [std_opts]\n", progName); - FPS "\t%s -U [-n name] [-t type] [-i id | -j id_file] -k data_file <wrap_opts> [std_opts]\n", progName); - FPS "\t%s -W <-n name | -i id | -j id_file> [-t type] -k data_file [-r] <wrap_opts> [std_opts]\n", progName); - FPS "\t%s -M <-n name | -i id | -j id_file> -g target_token [std_opts]\n", progName); - FPS "\t\t std_opts -> [-d certdir] [-P dbprefix] [-p password] [-f passwordFile] [-h token]\n"); - FPS "\t\t wrap_opts -> <-w wrap_name | -x wrap_id | -y id_file>\n"); - exit(1); -} - -static void LongUsage(char *progName) -{ - int i; - FPS "%-15s List all the keys.\n", "-L"); - FPS "%-15s Generate a new key.\n", "-K"); - FPS "%-20s Specify the nickname of the new key\n", - " -n name"); - FPS "%-20s Specify the id in hex of the new key\n", - " -i key id"); - FPS "%-20s Specify a file to read the id of the new key\n", - " -j key id file"); - FPS "%-20s Specify the keyType of the new key\n", - " -t type"); - FPS "%-20s", " valid types: "); - for (i=0; i < keyArraySize ; i++) { - FPS "%s%c", keyArray[i].label, i == keyArraySize-1? '\n':','); - } - FPS "%-20s Specify the size of the new key in bytes (required by some types)\n", - " -s size"); - FPS "%-15s Delete a key.\n", "-D"); - FPS "%-20s Specify the nickname of the key to delete\n", - " -n name"); - FPS "%-20s Specify the id in hex of the key to delete\n", - " -i key id"); - FPS "%-20s Specify a file to read the id of the key to delete\n", - " -j key id file"); - FPS "%-15s Import a new key from a data file.\n", "-I"); - FPS "%-20s Specify the data file to read the key from.\n", - " -k key file"); - FPS "%-20s Specify the nickname of the new key\n", - " -n name"); - FPS "%-20s Specify the id in hex of the new key\n", - " -i key id"); - FPS "%-20s Specify a file to read the id of the new key\n", - " -j key id file"); - FPS "%-20s Specify the keyType of the new key\n", - " -t type"); - FPS "%-20s", " valid types: "); - for (i=0; i < keyArraySize ; i++) { - FPS "%s%c", keyArray[i].label, i == keyArraySize-1? '\n':','); - } - FPS "%-15s Export a key to a data file.\n", "-E"); - FPS "%-20s Specify the data file to write the key to.\n", - " -k key file"); - FPS "%-20s Specify the nickname of the key to export\n", - " -n name"); - FPS "%-20s Specify the id in hex of the key to export\n", - " -i key id"); - FPS "%-20s Specify a file to read the id of the key to export\n", - " -j key id file"); - FPS "%-15s Move a key to a new token.\n", "-M"); - FPS "%-20s Specify the nickname of the key to move\n", - " -n name"); - FPS "%-20s Specify the id in hex of the key to move\n", - " -i key id"); - FPS "%-20s Specify a file to read the id of the key to move\n", - " -j key id file"); - FPS "%-20s Specify the token to move the key to\n", - " -g target token"); - FPS "%-15s Unwrap a new key from a data file.\n", "-U"); - FPS "%-20s Specify the data file to read the encrypted key from.\n", - " -k key file"); - FPS "%-20s Specify the nickname of the new key\n", - " -n name"); - FPS "%-20s Specify the id in hex of the new key\n", - " -i key id"); - FPS "%-20s Specify a file to read the id of the new key\n", - " -j key id file"); - FPS "%-20s Specify the keyType of the new key\n", - " -t type"); - FPS "%-20s", " valid types: "); - for (i=0; i < keyArraySize ; i++) { - FPS "%s%c", keyArray[i].label, i == keyArraySize-1? '\n':','); - } - FPS "%-20s Specify the nickname of the wrapping key\n", - " -w wrap name"); - FPS "%-20s Specify the id in hex of the wrapping key\n", - " -x wrap key id"); - FPS "%-20s Specify a file to read the id of the wrapping key\n", - " -y wrap key id file"); - FPS "%-15s Wrap a new key to a data file. [not yet implemented]\n", "-W"); - FPS "%-20s Specify the data file to write the encrypted key to.\n", - " -k key file"); - FPS "%-20s Specify the nickname of the key to wrap\n", - " -n name"); - FPS "%-20s Specify the id in hex of the key to wrap\n", - " -i key id"); - FPS "%-20s Specify a file to read the id of the key to wrap\n", - " -j key id file"); - FPS "%-20s Specify the nickname of the wrapping key\n", - " -w wrap name"); - FPS "%-20s Specify the id in hex of the wrapping key\n", - " -x wrap key id"); - FPS "%-20s Specify a file to read the id of the wrapping key\n", - " -y wrap key id file"); - FPS "%-15s Options valid for all commands\n", "std_opts"); - FPS "%-20s The directory where the NSS db's reside\n", - " -d certdir"); - FPS "%-20s Prefix for the NSS db's\n", - " -P db prefix"); - FPS "%-20s Specify password on the command line\n", - " -p password"); - FPS "%-20s Specify password file on the command line\n", - " -f password file"); - FPS "%-20s Specify token to act on\n", - " -h token"); - exit(1); -#undef FPS -} - -/* Certutil commands */ -enum { - cmd_CreateNewKey = 0, - cmd_DeleteKey, - cmd_ImportKey, - cmd_ExportKey, - cmd_WrapKey, - cmd_UnwrapKey, - cmd_MoveKey, - cmd_ListKeys, - cmd_PrintHelp -}; - -/* Certutil options */ -enum { - opt_CertDir = 0, - opt_PasswordFile, - opt_TargetToken, - opt_TokenName, - opt_KeyID, - opt_KeyIDFile, - opt_KeyType, - opt_Nickname, - opt_KeyFile, - opt_Password, - opt_dbPrefix, - opt_RW, - opt_KeySize, - opt_WrapKeyName, - opt_WrapKeyID, - opt_WrapKeyIDFile, - opt_NoiseFile -}; - -static secuCommandFlag symKeyUtil_commands[] = -{ - { /* cmd_CreateNewKey */ 'K', PR_FALSE, 0, PR_FALSE }, - { /* cmd_DeleteKey */ 'D', PR_FALSE, 0, PR_FALSE }, - { /* cmd_ImportKey */ 'I', PR_FALSE, 0, PR_FALSE }, - { /* cmd_ExportKey */ 'E', PR_FALSE, 0, PR_FALSE }, - { /* cmd_WrapKey */ 'W', PR_FALSE, 0, PR_FALSE }, - { /* cmd_UnwrapKey */ 'U', PR_FALSE, 0, PR_FALSE }, - { /* cmd_MoveKey */ 'M', PR_FALSE, 0, PR_FALSE }, - { /* cmd_ListKeys */ 'L', PR_FALSE, 0, PR_FALSE }, - { /* cmd_PrintHelp */ 'H', PR_FALSE, 0, PR_FALSE }, -}; - -static secuCommandFlag symKeyUtil_options[] = -{ - { /* opt_CertDir */ 'd', PR_TRUE, 0, PR_FALSE }, - { /* opt_PasswordFile */ 'f', PR_TRUE, 0, PR_FALSE }, - { /* opt_TargetToken */ 'g', PR_TRUE, 0, PR_FALSE }, - { /* opt_TokenName */ 'h', PR_TRUE, 0, PR_FALSE }, - { /* opt_KeyID */ 'i', PR_TRUE, 0, PR_FALSE }, - { /* opt_KeyIDFile */ 'j', PR_TRUE, 0, PR_FALSE }, - { /* opt_KeyType */ 't', PR_TRUE, 0, PR_FALSE }, - { /* opt_Nickname */ 'n', PR_TRUE, 0, PR_FALSE }, - { /* opt_KeyFile */ 'k', PR_TRUE, 0, PR_FALSE }, - { /* opt_Password */ 'p', PR_TRUE, 0, PR_FALSE }, - { /* opt_dbPrefix */ 'P', PR_TRUE, 0, PR_FALSE }, - { /* opt_RW */ 'r', PR_FALSE, 0, PR_FALSE }, - { /* opt_KeySize */ 's', PR_TRUE, 0, PR_FALSE }, - { /* opt_WrapKeyName */ 'w', PR_TRUE, 0, PR_FALSE }, - { /* opt_WrapKeyID */ 'x', PR_TRUE, 0, PR_FALSE }, - { /* opt_WrapKeyIDFile */ 'y', PR_TRUE, 0, PR_FALSE }, - { /* opt_NoiseFile */ 'z', PR_TRUE, 0, PR_FALSE }, -}; - -int -main(int argc, char **argv) -{ - PK11SlotInfo *slot = NULL; - char * slotname = "internal"; - char * certPrefix = ""; - CK_MECHANISM_TYPE keyType = CKM_SHA_1_HMAC; - int keySize = 0; - char * name = NULL; - char * wrapName = NULL; - secuPWData pwdata = { PW_NONE, 0 }; - PRBool readOnly = PR_FALSE; - SECItem key; - SECItem keyID; - SECItem wrapKeyID; - int commandsEntered = 0; - int commandToRun = 0; - char *progName; - int i; - SECStatus rv = SECFailure; - - secuCommand symKeyUtil; - symKeyUtil.numCommands=sizeof(symKeyUtil_commands)/sizeof(secuCommandFlag); - symKeyUtil.numOptions=sizeof(symKeyUtil_options)/sizeof(secuCommandFlag); - symKeyUtil.commands = symKeyUtil_commands; - symKeyUtil.options = symKeyUtil_options; - - key.data = NULL; key.len = 0; - keyID.data = NULL; keyID.len = 0; - wrapKeyID.data = NULL; wrapKeyID.len = 0; - - progName = strrchr(argv[0], '/'); - progName = progName ? progName+1 : argv[0]; - - rv = SECU_ParseCommandLine(argc, argv, progName, &symKeyUtil); - - if (rv != SECSuccess) - Usage(progName); - - rv = SECFailure; - - /* -H print help */ - if (symKeyUtil.commands[cmd_PrintHelp].activated) - LongUsage(progName); - - /* -f password file, -p password */ - if (symKeyUtil.options[opt_PasswordFile].arg) { - pwdata.source = PW_FROMFILE; - pwdata.data = symKeyUtil.options[opt_PasswordFile].arg; - } else if (symKeyUtil.options[opt_Password].arg) { - pwdata.source = PW_PLAINTEXT; - pwdata.data = symKeyUtil.options[opt_Password].arg; - } - - /* -d directory */ - if (symKeyUtil.options[opt_CertDir].activated) - SECU_ConfigDirectory(symKeyUtil.options[opt_CertDir].arg); - - /* -s key size */ - if (symKeyUtil.options[opt_KeySize].activated) { - keySize = PORT_Atoi(symKeyUtil.options[opt_KeySize].arg); - } - - /* -h specify token name */ - if (symKeyUtil.options[opt_TokenName].activated) { - if (PL_strcmp(symKeyUtil.options[opt_TokenName].arg, "all") == 0) - slotname = NULL; - else - slotname = PL_strdup(symKeyUtil.options[opt_TokenName].arg); - } - - /* -t key type */ - if (symKeyUtil.options[opt_KeyType].activated) { - keyType = GetKeyMechFromString(symKeyUtil.options[opt_KeyType].arg); - if (keyType == (CK_MECHANISM_TYPE)-1) { - PR_fprintf(PR_STDERR, - "%s unknown key type (%s).\n", - progName, symKeyUtil.options[opt_KeyType].arg); - return 255; - } - } - - /* -k for import and unwrap, it specifies an input file to read from, - * for export and wrap it specifies an output file to write to */ - if (symKeyUtil.options[opt_KeyFile].activated) { - if (symKeyUtil.commands[cmd_ImportKey].activated || - symKeyUtil.commands[cmd_UnwrapKey].activated ) { - int ret = ReadBuf(symKeyUtil.options[opt_KeyFile].arg, &key); - if (ret < 0) { - PR_fprintf(PR_STDERR, - "%s Couldn't read key file (%s).\n", - progName, symKeyUtil.options[opt_KeyFile].arg); - return 255; - } - } - } - - /* -i specify the key ID */ - if (symKeyUtil.options[opt_KeyID].activated) { - int ret = HexToBuf(symKeyUtil.options[opt_KeyID].arg, &keyID); - if (ret < 0) { - PR_fprintf(PR_STDERR, - "%s invalid key ID (%s).\n", - progName, symKeyUtil.options[opt_KeyID].arg); - return 255; - } - } - - /* -i & -j are mutually exclusive */ - if ((symKeyUtil.options[opt_KeyID].activated) && - (symKeyUtil.options[opt_KeyIDFile].activated)) { - PR_fprintf(PR_STDERR, - "%s -i and -j options are mutually exclusive.\n", progName); - return 255; - } - - /* -x specify the Wrap key ID */ - if (symKeyUtil.options[opt_WrapKeyID].activated) { - int ret = HexToBuf(symKeyUtil.options[opt_WrapKeyID].arg, &wrapKeyID); - if (ret < 0) { - PR_fprintf(PR_STDERR, - "%s invalid key ID (%s).\n", - progName, symKeyUtil.options[opt_WrapKeyID].arg); - return 255; - } - } - - /* -x & -y are mutually exclusive */ - if ((symKeyUtil.options[opt_KeyID].activated) && - (symKeyUtil.options[opt_KeyIDFile].activated)) { - PR_fprintf(PR_STDERR, - "%s -i and -j options are mutually exclusive.\n", progName); - return 255; - } - - - /* -y specify the key ID */ - if (symKeyUtil.options[opt_WrapKeyIDFile].activated) { - int ret = ReadBuf(symKeyUtil.options[opt_WrapKeyIDFile].arg, - &wrapKeyID); - if (ret < 0) { - PR_fprintf(PR_STDERR, - "%s Couldn't read key ID file (%s).\n", - progName, symKeyUtil.options[opt_WrapKeyIDFile].arg); - return 255; - } - } - - /* -P certdb name prefix */ - if (symKeyUtil.options[opt_dbPrefix].activated) - certPrefix = strdup(symKeyUtil.options[opt_dbPrefix].arg); - - /* Check number of commands entered. */ - commandsEntered = 0; - for (i=0; i< symKeyUtil.numCommands; i++) { - if (symKeyUtil.commands[i].activated) { - commandToRun = symKeyUtil.commands[i].flag; - commandsEntered++; - } - if (commandsEntered > 1) - break; - } - if (commandsEntered > 1) { - PR_fprintf(PR_STDERR, "%s: only one command at a time!\n", progName); - PR_fprintf(PR_STDERR, "You entered: "); - for (i=0; i< symKeyUtil.numCommands; i++) { - if (symKeyUtil.commands[i].activated) - PR_fprintf(PR_STDERR, " -%c", symKeyUtil.commands[i].flag); - } - PR_fprintf(PR_STDERR, "\n"); - return 255; - } - if (commandsEntered == 0) { - PR_fprintf(PR_STDERR, "%s: you must enter a command!\n", progName); - Usage(progName); - } - - if (symKeyUtil.commands[cmd_ListKeys].activated || - symKeyUtil.commands[cmd_PrintHelp].activated || - symKeyUtil.commands[cmd_ExportKey].activated || - symKeyUtil.commands[cmd_WrapKey].activated) { - readOnly = !symKeyUtil.options[opt_RW].activated; - } - - if ((symKeyUtil.commands[cmd_ImportKey].activated || - symKeyUtil.commands[cmd_ExportKey].activated || - symKeyUtil.commands[cmd_WrapKey].activated || - symKeyUtil.commands[cmd_UnwrapKey].activated ) && - !symKeyUtil.options[opt_KeyFile].activated) { - PR_fprintf(PR_STDERR, - "%s -%c: keyfile is required for this command (-k).\n", - progName, commandToRun); - return 255; - } - - /* -E, -D, -W, and all require -n, -i, or -j to identify the key */ - if ((symKeyUtil.commands[cmd_ExportKey].activated || - symKeyUtil.commands[cmd_DeleteKey].activated || - symKeyUtil.commands[cmd_WrapKey].activated) && - !(symKeyUtil.options[opt_Nickname].activated || - symKeyUtil.options[opt_KeyID].activated || - symKeyUtil.options[opt_KeyIDFile].activated)) { - PR_fprintf(PR_STDERR, - "%s -%c: nickname or id is required for this command (-n, -i, -j).\n", - progName, commandToRun); - return 255; - } - - /* -W, -U, and all -w, -x, or -y to identify the wrapping key */ - if (( symKeyUtil.commands[cmd_WrapKey].activated || - symKeyUtil.commands[cmd_UnwrapKey].activated) && - !(symKeyUtil.options[opt_WrapKeyName].activated || - symKeyUtil.options[opt_WrapKeyID].activated || - symKeyUtil.options[opt_WrapKeyIDFile].activated)) { - PR_fprintf(PR_STDERR, - "%s -%c: wrap key is required for this command (-w, -x, or -y).\n", - progName, commandToRun); - return 255; - } - - /* -M needs the target slot (-g) */ - if (symKeyUtil.commands[cmd_MoveKey].activated && - !symKeyUtil.options[opt_TargetToken].activated) { - PR_fprintf(PR_STDERR, - "%s -%c: target token is required for this command (-g).\n", - progName, commandToRun); - return 255; - } - - /* Using slotname == NULL for listing keys and certs on all slots, - * but only that. */ - if (!(symKeyUtil.commands[cmd_ListKeys].activated) && slotname == NULL) { - PR_fprintf(PR_STDERR, - "%s -%c: cannot use \"-h all\" for this command.\n", - progName, commandToRun); - return 255; - } - - name = SECU_GetOptionArg(&symKeyUtil, opt_Nickname); - wrapName = SECU_GetOptionArg(&symKeyUtil, opt_WrapKeyName); - - PK11_SetPasswordFunc(SECU_GetModulePassword); - - /* Initialize NSPR and NSS. */ - PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1); - rv = NSS_Initialize(SECU_ConfigDirectory(NULL), certPrefix, certPrefix, - "secmod.db", readOnly ? NSS_INIT_READONLY: 0); - if (rv != SECSuccess) { - SECU_PrintPRandOSError(progName); - goto shutdown; - } - rv = SECFailure; - - if (PL_strcmp(slotname, "internal") == 0) - slot = PK11_GetInternalKeySlot(); - else if (slotname != NULL) - slot = PK11_FindSlotByName(slotname); - - /* generating a new key */ - if (symKeyUtil.commands[cmd_CreateNewKey].activated) { - PK11SymKey *symKey; - - symKey = PK11_TokenKeyGen(slot, keyType, NULL, keySize, - NULL, PR_TRUE, &pwdata); - if (!symKey) { - PR_fprintf(PR_STDERR, "%s: Token Key Gen Failed\n", progName); - goto shutdown; - } - if (symKeyUtil.options[opt_Nickname].activated) { - rv = PK11_SetSymKeyNickname(symKey, name); - if (rv != SECSuccess) { - PK11_DeleteTokenSymKey(symKey); - PK11_FreeSymKey(symKey); - PR_fprintf(PR_STDERR, "%s: Couldn't set nickname on key\n", - progName); - goto shutdown; - } - } - rv = SECSuccess; - PrintKey(symKey); - PK11_FreeSymKey(symKey); - } - if (symKeyUtil.commands[cmd_DeleteKey].activated) { - PK11SymKey *symKey = FindKey(slot,name,&keyID,&pwdata); - - if (!symKey) { - char *keyName = keyID.data ? BufToHex(&keyID) : PORT_Strdup(name); - PR_fprintf(PR_STDERR, "%s: Couldn't find key %s on %s\n", - progName, keyName, PK11_GetTokenName(slot)); - PORT_Free(keyName); - goto shutdown; - } - - rv = PK11_DeleteTokenSymKey(symKey); - FreeKeyList(symKey); - if (rv != SECSuccess) { - PR_fprintf(PR_STDERR, "%s: Couldn't Delete Key \n", progName); - goto shutdown; - } - } - if (symKeyUtil.commands[cmd_UnwrapKey].activated) { - PK11SymKey *wrapKey = FindKey(slot,wrapName,&wrapKeyID,&pwdata); - PK11SymKey *symKey; - CK_MECHANISM_TYPE mechanism; - - if (!wrapKey) { - char *keyName = wrapKeyID.data ? BufToHex(&wrapKeyID) - : PORT_Strdup(wrapName); - PR_fprintf(PR_STDERR, "%s: Couldn't find key %s on %s\n", - progName, keyName, PK11_GetTokenName(slot)); - PORT_Free(keyName); - goto shutdown; - } - mechanism = GetWrapMechanism(wrapKey); - if (mechanism == CKM_INVALID_MECHANISM) { - char *keyName = wrapKeyID.data ? BufToHex(&wrapKeyID) - : PORT_Strdup(wrapName); - PR_fprintf(PR_STDERR, "%s: %s on %s is an invalid wrapping key\n", - progName, keyName, PK11_GetTokenName(slot)); - PORT_Free(keyName); - PK11_FreeSymKey(wrapKey); - goto shutdown; - } - - symKey = PK11_UnwrapSymKeyWithFlagsPerm(wrapKey, mechanism, NULL, - &key, keyType, CKA_ENCRYPT, keySize, 0, PR_TRUE); - PK11_FreeSymKey(wrapKey); - if (!symKey) { - PR_fprintf(PR_STDERR, "%s: Unwrap Key Failed\n", progName); - goto shutdown; - } - - if (symKeyUtil.options[opt_Nickname].activated) { - rv = PK11_SetSymKeyNickname(symKey, name); - if (rv != SECSuccess) { - PR_fprintf(PR_STDERR, "%s: Couldn't set name on key\n", - progName); - PK11_DeleteTokenSymKey(symKey); - PK11_FreeSymKey(symKey); - goto shutdown; - } - } - rv = SECSuccess; - PrintKey(symKey); - PK11_FreeSymKey(symKey); - } - -#define MAX_KEY_SIZE 4098 - if (symKeyUtil.commands[cmd_WrapKey].activated) { - PK11SymKey *symKey = FindKey(slot, name, &keyID, &pwdata); - PK11SymKey *wrapKey; - CK_MECHANISM_TYPE mechanism; - SECItem data; - unsigned char buf[MAX_KEY_SIZE]; - int ret; - - if (!symKey) { - char *keyName = keyID.data ? BufToHex(&keyID) : PORT_Strdup(name); - PR_fprintf(PR_STDERR, "%s: Couldn't find key %s on %s\n", - progName, keyName, PK11_GetTokenName(slot)); - PORT_Free(keyName); - goto shutdown; - } - - wrapKey = FindKey(slot, wrapName, &wrapKeyID, &pwdata); - if (!wrapKey) { - char *keyName = wrapKeyID.data ? BufToHex(&wrapKeyID) - : PORT_Strdup(wrapName); - PR_fprintf(PR_STDERR, "%s: Couldn't find key %s on %s\n", - progName, keyName, PK11_GetTokenName(slot)); - PORT_Free(keyName); - PK11_FreeSymKey(symKey); - goto shutdown; - } - - mechanism = GetWrapMechanism(wrapKey); - if (mechanism == CKM_INVALID_MECHANISM) { - char *keyName = wrapKeyID.data ? BufToHex(&wrapKeyID) - : PORT_Strdup(wrapName); - PR_fprintf(PR_STDERR, "%s: %s on %s is an invalid wrapping key\n", - progName, keyName, PK11_GetTokenName(slot)); - PORT_Free(keyName); - PK11_FreeSymKey(symKey); - PK11_FreeSymKey(wrapKey); - goto shutdown; - } - - data.data = buf; - data.len = sizeof(buf); - rv = PK11_WrapSymKey(mechanism, NULL, wrapKey, symKey, &data); - PK11_FreeSymKey(symKey); - PK11_FreeSymKey(wrapKey); - if (rv != SECSuccess) { - PR_fprintf(PR_STDERR, "%s: Couldn't wrap key\n",progName); - goto shutdown; - } - - /* WriteBuf outputs it's own error using Perror */ - ret = WriteBuf(symKeyUtil.options[opt_KeyFile].arg, &data); - if (ret < 0) { - goto shutdown; - } - } - - if (symKeyUtil.commands[cmd_ImportKey].activated) { - PK11SymKey *symKey = PK11_ImportSymKey(slot, keyType, - PK11_OriginUnwrap, CKA_ENCRYPT, &key,&pwdata); - if (!symKey) { - PR_fprintf(PR_STDERR, "%s: Import Key Failed\n", progName); - goto shutdown; - } - if (symKeyUtil.options[opt_Nickname].activated) { - rv = PK11_SetSymKeyNickname(symKey, name); - if (rv != SECSuccess) { - PR_fprintf(PR_STDERR, "%s: Couldn't set name on key\n", - progName); - PK11_DeleteTokenSymKey(symKey); - PK11_FreeSymKey(symKey); - goto shutdown; - } - } - rv = SECSuccess; - PrintKey(symKey); - PK11_FreeSymKey(symKey); - } - - /* List certs (-L) */ - if (symKeyUtil.commands[cmd_ListKeys].activated) { - int printLabel = 1; - if (slot) { - rv = ListKeys(slot,&printLabel,&pwdata); - } else { - /* loop over all the slots */ - PK11SlotList *slotList = PK11_GetAllTokens(CKM_INVALID_MECHANISM, - PR_FALSE, PR_FALSE, &pwdata); - PK11SlotListElement *se; - - if (slotList == NULL) { - PR_fprintf(PR_STDERR, "%s: No tokens found\n",progName); - } - for (se = PK11_GetFirstSafe(slotList); se; - se=PK11_GetNextSafe(slotList,se, PR_FALSE)) { - rv = ListKeys(se->slot,&printLabel,&pwdata); - if (rv !=SECSuccess) { - break; - } - } - } - } - - /* Move key (-M) */ - if (symKeyUtil.commands[cmd_MoveKey].activated) { - PK11SlotInfo *target; - char *targetName = symKeyUtil.options[opt_TargetToken].arg; - PK11SymKey *newKey; - PK11SymKey *symKey = FindKey(slot,name,&keyID,&pwdata); - char *keyName = PK11_GetSymKeyNickname(symKey); - - if (!symKey) { - char *keyName = keyID.data ? BufToHex(&keyID) : PORT_Strdup(name); - PR_fprintf(PR_STDERR, "%s: Couldn't find key %s on %s\n", - progName, keyName, PK11_GetTokenName(slot)); - PORT_Free(keyName); - goto shutdown; - } - target = PK11_FindSlotByName(targetName); - if (!target) { - PR_fprintf(PR_STDERR, "%s: Couldn't find slot %s\n", - progName, targetName); - goto shutdown; - } - rv = PK11_Authenticate(target, PR_FALSE, &pwdata); - if (rv != SECSuccess) { - PR_fprintf(PR_STDERR, "%s: Failed to log into %s\n", - progName, targetName); - goto shutdown; - } - rv = SECFailure; - newKey = PK11_MoveSymKey(target, CKA_ENCRYPT, 0, PR_TRUE, symKey); - if (!newKey) { - PR_fprintf(PR_STDERR, "%s: Couldn't move the key \n",progName); - goto shutdown; - } - if (keyName) { - rv = PK11_SetSymKeyNickname(newKey, keyName); - if (rv != SECSuccess) { - PK11_DeleteTokenSymKey(newKey); - PK11_FreeSymKey(newKey); - PR_fprintf(PR_STDERR, "%s: Couldn't set nickname on key\n", - progName); - goto shutdown; - } - } - PK11_FreeSymKey(newKey); - rv = SECSuccess; - } - -shutdown: - if (rv != SECSuccess) { - PR_fprintf(PR_STDERR, "%s: %s\n", progName, - SECU_Strerror(PORT_GetError())); - } - - if (key.data) { - PORT_Free(key.data); - } - - if (keyID.data) { - PORT_Free(keyID.data); - } - - if (slot) { - PK11_FreeSlot(slot); - } - - if (NSS_Shutdown() != SECSuccess) { - exit(1); - } - - if (rv == SECSuccess) { - return 0; - } else { - return 255; - } -} - - - diff --git a/security/nss/cmd/tests/Makefile b/security/nss/cmd/tests/Makefile deleted file mode 100644 index da66e20df..000000000 --- a/security/nss/cmd/tests/Makefile +++ /dev/null @@ -1,73 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### -include ../platlibs.mk - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - - -include ../platrules.mk diff --git a/security/nss/cmd/tests/manifest.mn b/security/nss/cmd/tests/manifest.mn deleted file mode 100644 index 878effc3c..000000000 --- a/security/nss/cmd/tests/manifest.mn +++ /dev/null @@ -1,49 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -CORE_DEPTH = ../../.. - -# MODULE public and private header directories are implicitly REQUIRED. -MODULE = nss - -CSRCS = remtest.c - -# The MODULE is always implicitly required. -# Listing it here in REQUIRES makes it appear twice in the cc command line. -REQUIRES = seccmd dbm - -PROGRAMS = $(CSRCS:.c=) - -TARGETS = $(PROGRAMS) - -#NO_MD_RELEASE = 1 diff --git a/security/nss/cmd/tests/remtest.c b/security/nss/cmd/tests/remtest.c deleted file mode 100644 index b17bc0f8b..000000000 --- a/security/nss/cmd/tests/remtest.c +++ /dev/null @@ -1,162 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -/* -** -** Sample client side test program that uses SSL and libsec -** -*/ - -#include "secutil.h" - -#if defined(XP_UNIX) -#include <unistd.h> -#else -#include "ctype.h" /* for isalpha() */ -#endif - -#include <stdio.h> -#include <string.h> -#include <stdlib.h> -#include <errno.h> -#include <fcntl.h> -#include <stdarg.h> - -#include "nspr.h" -#include "prio.h" -#include "prnetdb.h" -#include "nss.h" -#include "pk11func.h" -#include "plgetopt.h" - -void -Usage(char *progName) -{ - fprintf(stderr,"usage: %s [-d profiledir] -t tokenName [-r]\n", progName); - exit(1); -} - -int main(int argc, char **argv) -{ - char * certDir = NULL; - PLOptState *optstate; - PLOptStatus optstatus; - SECStatus rv; - char * tokenName = NULL; - PRBool cont=PR_TRUE; - PK11TokenEvent event = PK11TokenPresentEvent; - PK11TokenStatus status; - char *progName; - PK11SlotInfo *slot; - - progName = strrchr(argv[0], '/'); - if (!progName) - progName = strrchr(argv[0], '\\'); - progName = progName ? progName+1 : argv[0]; - - optstate = PL_CreateOptState(argc, argv, "rd:t:"); - while ((optstatus = PL_GetNextOpt(optstate)) == PL_OPT_OK) { - switch (optstate->option) { - - case 'd': - certDir = strdup(optstate->value); - certDir = SECU_ConfigDirectory(certDir); - break; - case 't': - tokenName = strdup(optstate->value); - break; - case 'r': - event = PK11TokenRemovedOrChangedEvent; - break; - } - } - if (optstatus == PL_OPT_BAD) - Usage(progName); - - if (tokenName == NULL) { - Usage(progName); - } - - if (!certDir) { - certDir = SECU_DefaultSSLDir(); /* Look in $SSL_DIR */ - certDir = SECU_ConfigDirectory(certDir); /* call even if it's NULL */ - } - - PR_Init( PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1); - - PK11_SetPasswordFunc(SECU_GetModulePassword); - - /* open the cert DB, the key DB, and the secmod DB. */ - rv = NSS_Init(certDir); - if (rv != SECSuccess) { - SECU_PrintError(progName, "unable to open cert database"); - return 1; - } - - printf("Looking up tokenNamed: <%s>\n",tokenName); - slot = PK11_FindSlotByName(tokenName); - if (slot == NULL) { - SECU_PrintError(progName, "unable to find token"); - return 1; - } - - do { - status = - PK11_WaitForTokenEvent(slot,event,PR_INTERVAL_NO_TIMEOUT, 0, 0); - - switch (status) { - case PK11TokenNotRemovable: - cont = PR_FALSE; - printf("%s Token Not Removable\n",tokenName); - break; - case PK11TokenChanged: - event = PK11TokenRemovedOrChangedEvent; - printf("%s Token Changed\n", tokenName); - break; - case PK11TokenRemoved: - event = PK11TokenPresentEvent; - printf("%s Token Removed\n", tokenName); - break; - case PK11TokenPresent: - event = PK11TokenRemovedOrChangedEvent; - printf("%s Token Present\n", tokenName); - break; - } - } while (cont); - - if (NSS_Shutdown() != SECSuccess) { - exit(1); - } - PR_Cleanup(); - return 0; -} diff --git a/security/nss/cmd/tstclnt/Makefile b/security/nss/cmd/tstclnt/Makefile deleted file mode 100644 index b31a4fdc8..000000000 --- a/security/nss/cmd/tstclnt/Makefile +++ /dev/null @@ -1,84 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - -include ../platlibs.mk - -ifeq (,$(filter-out WINNT WIN95 WIN16,$(OS_TARGET))) # omits WINCE -ifndef BUILD_OPT -ifndef NS_USE_GCC -LDFLAGS += /subsystem:console /profile /debug /machine:I386 /incremental:no -endif -OS_CFLAGS += -D_CONSOLE -endif -endif - - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - -#include ../platlibs.mk - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - -include ../platrules.mk - diff --git a/security/nss/cmd/tstclnt/makefile.win b/security/nss/cmd/tstclnt/makefile.win deleted file mode 100644 index 6cf6c12cf..000000000 --- a/security/nss/cmd/tstclnt/makefile.win +++ /dev/null @@ -1,130 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -VERBOSE = 1 -include <manifest.mn> - -#cannot define PROGRAM in manifest compatibly with NT and UNIX -PROGRAM = tstclnt -PROGRAM = ./$(OBJDIR)/$(PROGRAM).exe -include <$(DEPTH)\config\config.mak> - -# let manifest generate C_OBJS, it will prepend ./$(OBJDIR)/ -# rules.mak will append C_OBJS onto OBJS. -# OBJS = $(CSRCS:.c=.obj) - -# include files are looked for in $LINCS and $INCS. -# $LINCS is in manifest.mnw, computed from REQUIRES= -INCS = $(INCS) \ - -I$(DEPTH)/security/lib/cert \ - -I../include \ - $(NULL) - -IGNORE_ME = \ - -I$(DEPTH)/security/lib/key \ - -I$(DEPTH)/security/lib/util \ - $(NULL) - - -WINFE = $(DEPTH)/cmd/winfe/mkfiles$(MOZ_BITS)/x86Dbg - -# these files are the content of libdbm -DBM_LIB = \ - $(WINFE)/DB.obj \ - $(WINFE)/HASH.obj \ - $(WINFE)/H_BIGKEY.obj \ - $(WINFE)/H_PAGE.obj \ - $(WINFE)/H_LOG2.obj \ - $(WINFE)/H_FUNC.obj \ - $(WINFE)/HASH_BUF.obj \ - $(NULL) - -MOZ_LIBS = \ - $(WINFE)/ALLXPSTR.obj \ - $(WINFE)/XP_ERROR.obj \ - $(WINFE)/XPASSERT.obj \ - $(WINFE)/XP_REG.obj \ - $(WINFE)/XP_TRACE.obj \ - $(DBM_LIB) \ - $(WINFE)/XP_STR.obj \ - $(WINFE)/MKTEMP.obj \ - $(NULL) - -SEC_LIBS = \ - $(DIST)/lib/cert$(MOZ_BITS).lib \ - $(DIST)/lib/crypto$(MOZ_BITS).lib \ - $(DIST)/lib/hash$(MOZ_BITS).lib \ - $(DIST)/lib/key$(MOZ_BITS).lib \ - $(DIST)/lib/pkcs7$(MOZ_BITS).lib \ - $(DIST)/lib/secmod$(MOZ_BITS).lib \ - $(DIST)/lib/secutl$(MOZ_BITS).lib \ - $(DIST)/lib/ssl$(MOZ_BITS).lib \ - $(NULL) - -LLFLAGS = $(LLFLAGS) \ - ../lib/$(OBJDIR)/sectool$(MOZ_BITS).lib \ - $(SEC_LIBS) \ - $(MOZ_LIBS) \ - $(DEPTH)/nspr/src/$(OBJDIR)/getopt.obj \ - $(LIBNSPR) \ - $(NULL) - - -include <$(DEPTH)\config\rules.mak> - -INSTALL = $(MAKE_INSTALL) - -objs: $(OBJS) - -$(PROGRAM):: - $(INSTALL) $(DIST)/bin/pr3240.dll ./$(OBJDIR) - -programs: $(PROGRAM) - -install:: $(TARGETS) - $(INSTALL) $(TARGETS) $(DIST)/bin - - -symbols: - @echo "CSRCS = $(CSRCS)" - @echo "INCS = $(INCS)" - @echo "OBJS = $(OBJS)" - @echo "LIBRARY = $(LIBRARY)" - @echo "PROGRAM = $(PROGRAM)" - @echo "TARGETS = $(TARGETS)" - @echo "DIST = $(DIST)" - @echo "VERSION_NUMBER = $(VERSION_NUMBER)" - @echo "WINFE = $(WINFE)" - @echo "DBM_LIB = $(DBM_LIB)" - @echo "INSTALL = $(INSTALL)" - diff --git a/security/nss/cmd/tstclnt/manifest.mn b/security/nss/cmd/tstclnt/manifest.mn deleted file mode 100644 index d771e33f4..000000000 --- a/security/nss/cmd/tstclnt/manifest.mn +++ /dev/null @@ -1,54 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -CORE_DEPTH = ../../.. - -# MODULE public and private header directories are implicitly REQUIRED. -MODULE = nss - -# This next line is used by .mk files -# and gets translated into $LINCS in manifest.mnw -# The MODULE is always implicitly required. -# Listing it here in REQUIRES makes it appear twice in the cc command line. -REQUIRES = seccmd dbm - -# DIRS = - -CSRCS = tstclnt.c - -PROGRAM = tstclnt - -ifdef NSS_ENABLE_ECC -DEFINES += -DNSS_ENABLE_ECC -endif - diff --git a/security/nss/cmd/tstclnt/tstclnt.c b/security/nss/cmd/tstclnt/tstclnt.c deleted file mode 100644 index 951d91fdb..000000000 --- a/security/nss/cmd/tstclnt/tstclnt.c +++ /dev/null @@ -1,927 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Portions created by Sun Microsystems, Inc. are Copyright (C) 2003 - * Sun Microsystems, Inc. All Rights Reserved. - * - * Contributor(s): - * Dr Vipul Gupta <vipul.gupta@sun.com>, Sun Microsystems Laboratories - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -/* -** -** Sample client side test program that uses SSL and libsec -** -*/ - -#include "secutil.h" - -#if defined(XP_UNIX) -#include <unistd.h> -#else -#include <ctype.h> /* for isalpha() */ -#endif - -#include <stdio.h> -#include <string.h> -#include <stdlib.h> -#include <errno.h> -#include <fcntl.h> -#include <stdarg.h> - -#include "nspr.h" -#include "prio.h" -#include "prnetdb.h" -#include "nss.h" -#include "ssl.h" -#include "sslproto.h" -#include "pk11func.h" -#include "plgetopt.h" - -#if defined(WIN32) -#include <fcntl.h> -#include <io.h> -#endif - -#define PRINTF if (verbose) printf -#define FPRINTF if (verbose) fprintf - -#define MAX_WAIT_FOR_SERVER 600 -#define WAIT_INTERVAL 100 - -int ssl2CipherSuites[] = { - SSL_EN_RC4_128_WITH_MD5, /* A */ - SSL_EN_RC4_128_EXPORT40_WITH_MD5, /* B */ - SSL_EN_RC2_128_CBC_WITH_MD5, /* C */ - SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5, /* D */ - SSL_EN_DES_64_CBC_WITH_MD5, /* E */ - SSL_EN_DES_192_EDE3_CBC_WITH_MD5, /* F */ -#ifdef NSS_ENABLE_ECC - /* NOTE: Since no new SSL2 ciphersuites are being - * invented, and we've run out of lowercase letters - * for SSL3 ciphers, we use letters G and beyond - * for new SSL3 ciphers. - */ - TLS_ECDH_ECDSA_WITH_NULL_SHA, /* G */ - TLS_ECDH_ECDSA_WITH_RC4_128_SHA, /* H */ - TLS_ECDH_ECDSA_WITH_DES_CBC_SHA, /* I */ - TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, /* J */ - TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, /* K */ - TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, /* L */ - TLS_ECDH_RSA_WITH_NULL_SHA, /* M */ - TLS_ECDH_RSA_WITH_RC4_128_SHA, /* N */ - TLS_ECDH_RSA_WITH_DES_CBC_SHA, /* O */ - TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, /* P */ - TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, /* Q */ - TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, /* R */ - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, /* S */ - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, /* T */ -#endif /* NSS_ENABLE_ECC */ - 0 -}; - -int ssl3CipherSuites[] = { - SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA, /* a */ - SSL_FORTEZZA_DMS_WITH_RC4_128_SHA, /* b */ - SSL_RSA_WITH_RC4_128_MD5, /* c */ - SSL_RSA_WITH_3DES_EDE_CBC_SHA, /* d */ - SSL_RSA_WITH_DES_CBC_SHA, /* e */ - SSL_RSA_EXPORT_WITH_RC4_40_MD5, /* f */ - SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, /* g */ - SSL_FORTEZZA_DMS_WITH_NULL_SHA, /* h */ - SSL_RSA_WITH_NULL_MD5, /* i */ - SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, /* j */ - SSL_RSA_FIPS_WITH_DES_CBC_SHA, /* k */ - TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, /* l */ - TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, /* m */ - SSL_RSA_WITH_RC4_128_SHA, /* n */ - TLS_DHE_DSS_WITH_RC4_128_SHA, /* o */ - SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, /* p */ - SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, /* q */ - SSL_DHE_RSA_WITH_DES_CBC_SHA, /* r */ - SSL_DHE_DSS_WITH_DES_CBC_SHA, /* s */ - TLS_DHE_DSS_WITH_AES_128_CBC_SHA, /* t */ - TLS_DHE_RSA_WITH_AES_128_CBC_SHA, /* u */ - TLS_RSA_WITH_AES_128_CBC_SHA, /* v */ - TLS_DHE_DSS_WITH_AES_256_CBC_SHA, /* w */ - TLS_DHE_RSA_WITH_AES_256_CBC_SHA, /* x */ - TLS_RSA_WITH_AES_256_CBC_SHA, /* y */ - SSL_RSA_WITH_NULL_SHA, /* z */ - 0 -}; - -unsigned long __cmp_umuls; -PRBool verbose; - -static char *progName; - -/* This exists only for the automated test suite. It allows us to - * pass in a password on the command line. - */ - -char *password = NULL; - -char * ownPasswd( PK11SlotInfo *slot, PRBool retry, void *arg) -{ - char *passwd = NULL; - if ( (!retry) && arg ) { - passwd = PL_strdup((char *)arg); - } - return passwd; -} - -void printSecurityInfo(PRFileDesc *fd) -{ - CERTCertificate * cert; - SSL3Statistics * ssl3stats = SSL_GetStatistics(); - SECStatus result; - SSLChannelInfo channel; - SSLCipherSuiteInfo suite; - - result = SSL_GetChannelInfo(fd, &channel, sizeof channel); - if (result == SECSuccess && - channel.length == sizeof channel && - channel.cipherSuite) { - result = SSL_GetCipherSuiteInfo(channel.cipherSuite, - &suite, sizeof suite); - if (result == SECSuccess) { - FPRINTF(stderr, - "tstclnt: SSL version %d.%d using %d-bit %s with %d-bit %s MAC\n", - channel.protocolVersion >> 8, channel.protocolVersion & 0xff, - suite.effectiveKeyBits, suite.symCipherName, - suite.macBits, suite.macAlgorithmName); - FPRINTF(stderr, - "tstclnt: Server Auth: %d-bit %s, Key Exchange: %d-bit %s\n", - channel.authKeyBits, suite.authAlgorithmName, - channel.keaKeyBits, suite.keaTypeName); - } - } - cert = SSL_RevealCert(fd); - if (cert) { - char * ip = CERT_NameToAscii(&cert->issuer); - char * sp = CERT_NameToAscii(&cert->subject); - if (sp) { - fprintf(stderr, "subject DN: %s\n", sp); - PORT_Free(sp); - } - if (ip) { - fprintf(stderr, "issuer DN: %s\n", ip); - PORT_Free(ip); - } - CERT_DestroyCertificate(cert); - cert = NULL; - } - fprintf(stderr, - "%ld cache hits; %ld cache misses, %ld cache not reusable\n", - ssl3stats->hsh_sid_cache_hits, ssl3stats->hsh_sid_cache_misses, - ssl3stats->hsh_sid_cache_not_ok); - -} - -void -handshakeCallback(PRFileDesc *fd, void *client_data) -{ - printSecurityInfo(fd); -} - -static void Usage(const char *progName) -{ - fprintf(stderr, -"Usage: %s -h host [-p port] [-d certdir] [-n nickname] [-23Tfovx] \n" -" [-c ciphers] [-w passwd] [-q]\n", progName); - fprintf(stderr, "%-20s Hostname to connect with\n", "-h host"); - fprintf(stderr, "%-20s Port number for SSL server\n", "-p port"); - fprintf(stderr, - "%-20s Directory with cert database (default is ~/.netscape)\n", - "-d certdir"); - fprintf(stderr, "%-20s Nickname of key and cert for client auth\n", - "-n nickname"); - fprintf(stderr, "%-20s Disable SSL v2.\n", "-2"); - fprintf(stderr, "%-20s Disable SSL v3.\n", "-3"); - fprintf(stderr, "%-20s Disable TLS (SSL v3.1).\n", "-T"); - fprintf(stderr, "%-20s Client speaks first. \n", "-f"); - fprintf(stderr, "%-20s Override bad server cert. Make it OK.\n", "-o"); - fprintf(stderr, "%-20s Verbose progress reporting.\n", "-v"); - fprintf(stderr, "%-20s Use export policy.\n", "-x"); - fprintf(stderr, "%-20s Ping the server and then exit.\n", "-q"); - fprintf(stderr, "%-20s Letter(s) chosen from the following list\n", - "-c ciphers"); - fprintf(stderr, -"A SSL2 RC4 128 WITH MD5\n" -"B SSL2 RC4 128 EXPORT40 WITH MD5\n" -"C SSL2 RC2 128 CBC WITH MD5\n" -"D SSL2 RC2 128 CBC EXPORT40 WITH MD5\n" -"E SSL2 DES 64 CBC WITH MD5\n" -"F SSL2 DES 192 EDE3 CBC WITH MD5\n" -#ifdef NSS_ENABLE_ECC -"G TLS ECDH ECDSA WITH NULL SHA\n" -"H TLS ECDH ECDSA WITH RC4 128 SHA\n" -"I TLS ECDH ECDSA WITH DES CBC SHA\n" -"J TLS ECDH ECDSA WITH 3DES EDE CBC SHA\n" -"K TLS ECDH ECDSA WITH AES 128 CBC SHA\n" -"L TLS ECDH ECDSA WITH AES 256 CBC SHA\n" -"M TLS ECDH RSA WITH NULL SHA\n" -"N TLS ECDH RSA WITH RC4 128 SHA\n" -"O TLS ECDH RSA WITH DES CBC SHA\n" -"P TLS ECDH RSA WITH 3DES EDE CBC SHA\n" -"Q TLS ECDH RSA WITH AES 128 CBC SHA\n" -"R TLS ECDH RSA WITH AES 256 CBC SHA\n" -"S TLS ECDHE ECDSA WITH AES 128 CBC SHA\n" -"T TLS ECDHE RSA WITH AES 128 CBC SHA\n" -#endif /* NSS_ENABLE_ECC */ -"\n" -"a SSL3 FORTEZZA DMS WITH FORTEZZA CBC SHA\n" -"b SSL3 FORTEZZA DMS WITH RC4 128 SHA\n" -"c SSL3 RSA WITH RC4 128 MD5\n" -"d SSL3 RSA WITH 3DES EDE CBC SHA\n" -"e SSL3 RSA WITH DES CBC SHA\n" -"f SSL3 RSA EXPORT WITH RC4 40 MD5\n" -"g SSL3 RSA EXPORT WITH RC2 CBC 40 MD5\n" -"h SSL3 FORTEZZA DMS WITH NULL SHA\n" -"i SSL3 RSA WITH NULL MD5\n" -"j SSL3 RSA FIPS WITH 3DES EDE CBC SHA\n" -"k SSL3 RSA FIPS WITH DES CBC SHA\n" -"l SSL3 RSA EXPORT WITH DES CBC SHA\t(new)\n" -"m SSL3 RSA EXPORT WITH RC4 56 SHA\t(new)\n" -"n SSL3 RSA WITH RC4 128 SHA\n" -"o SSL3 DHE DSS WITH RC4 128 SHA\n" -"p SSL3 DHE RSA WITH 3DES EDE CBC SHA\n" -"q SSL3 DHE DSS WITH 3DES EDE CBC SHA\n" -"r SSL3 DHE RSA WITH DES CBC SHA\n" -"s SSL3 DHE DSS WITH DES CBC SHA\n" -"t SSL3 DHE DSS WITH AES 128 CBC SHA\n" -"u SSL3 DHE RSA WITH AES 128 CBC SHA\n" -"v SSL3 RSA WITH AES 128 CBC SHA\n" -"w SSL3 DHE DSS WITH AES 256 CBC SHA\n" -"x SSL3 DHE RSA WITH AES 256 CBC SHA\n" -"y SSL3 RSA WITH AES 256 CBC SHA\n" -"z SSL3 RSA WITH NULL SHA\n" - ); - exit(1); -} - -void -milliPause(PRUint32 milli) -{ - PRIntervalTime ticks = PR_MillisecondsToInterval(milli); - PR_Sleep(ticks); -} - -void -disableAllSSLCiphers(void) -{ - const PRUint16 *cipherSuites = SSL_ImplementedCiphers; - int i = SSL_NumImplementedCiphers; - SECStatus rv; - - /* disable all the SSL3 cipher suites */ - while (--i >= 0) { - PRUint16 suite = cipherSuites[i]; - rv = SSL_CipherPrefSetDefault(suite, PR_FALSE); - if (rv != SECSuccess) { - PRErrorCode err = PR_GetError(); - fprintf(stderr, - "SSL_CipherPrefSet didn't like value 0x%04x (i = %d): %s\n", - suite, i, SECU_Strerror(err)); - exit(2); - } - } -} - -/* - * Callback is called when incoming certificate is not valid. - * Returns SECSuccess to accept the cert anyway, SECFailure to reject. - */ -static SECStatus -ownBadCertHandler(void * arg, PRFileDesc * socket) -{ - PRErrorCode err = PR_GetError(); - /* can log invalid cert here */ - fprintf(stderr, "Bad server certificate: %d, %s\n", err, - SECU_Strerror(err)); - return SECSuccess; /* override, say it's OK. */ -} - -SECStatus -own_GetClientAuthData(void * arg, - PRFileDesc * socket, - struct CERTDistNamesStr * caNames, - struct CERTCertificateStr ** pRetCert, - struct SECKEYPrivateKeyStr **pRetKey) -{ - if (verbose > 1) { - SECStatus rv; - fprintf(stderr, "Server requested Client Authentication\n"); - if (caNames && caNames->nnames > 0) { - PLArenaPool *arena = caNames->arena; - if (!arena) - arena = PORT_NewArena(2048); - if (arena) { - int i; - for (i = 0; i < caNames->nnames; ++i) { - char *nameString; - CERTName dn; - rv = SEC_QuickDERDecodeItem(arena, - &dn, - SEC_ASN1_GET(CERT_NameTemplate), - caNames->names + i); - if (rv != SECSuccess) - continue; - nameString = CERT_NameToAscii(&dn); - if (!nameString) - continue; - fprintf(stderr, "CA[%d]: %s\n", i + 1, nameString); - PORT_Free(nameString); - } - if (!caNames->arena) { - PORT_FreeArena(arena, PR_FALSE); - } - } - } - rv = NSS_GetClientAuthData(arg, socket, caNames, pRetCert, pRetKey); - if (rv == SECSuccess && *pRetCert) { - char *nameString = CERT_NameToAscii(&((*pRetCert)->subject)); - if (nameString) { - fprintf(stderr, "sent cert: %s\n", nameString); - PORT_Free(nameString); - } - } else { - fprintf(stderr, "send no cert\n"); - } - return rv; - } - return NSS_GetClientAuthData(arg, socket, caNames, pRetCert, pRetKey); -} - -#if defined(WIN32) -void -thread_main(void * arg) -{ - PRFileDesc * ps = (PRFileDesc *)arg; - PRFileDesc * std_in = PR_GetSpecialFD(PR_StandardInput); - int wc, rc; - char buf[256]; - - { - /* Put stdin into O_BINARY mode - ** or else incoming \r\n's will become \n's. - */ - int smrv = _setmode(_fileno(stdin), _O_BINARY); - if (smrv == -1) { - fprintf(stderr, - "%s: Cannot change stdin to binary mode. Use -i option instead.\n", - progName); - /* plow ahead anyway */ - } - } - - do { - rc = PR_Read(std_in, buf, sizeof buf); - if (rc <= 0) - break; - wc = PR_Write(ps, buf, rc); - } while (wc == rc); - PR_Close(ps); -} - -#endif - -static void -printHostNameAndAddr(const char * host, const PRNetAddr * addr) -{ - PRUint16 port = PR_NetAddrInetPort(addr); - char addrBuf[80]; - PRStatus st = PR_NetAddrToString(addr, addrBuf, sizeof addrBuf); - - if (st == PR_SUCCESS) { - port = PR_ntohs(port); - FPRINTF(stderr, "%s: connecting to %s:%hu (address=%s)\n", - progName, host, port, addrBuf); - } -} - -#define SSOCK_FD 0 -#define STDIN_FD 1 - -int main(int argc, char **argv) -{ - PRFileDesc * s; - PRFileDesc * std_out; - CERTCertDBHandle * handle; - char * host = NULL; - char * port = "443"; - char * certDir = NULL; - char * nickname = NULL; - char * cipherString = NULL; - int multiplier = 0; - SECStatus rv; - PRStatus status; - PRInt32 filesReady; - int npds; - int override = 0; - int disableSSL2 = 0; - int disableSSL3 = 0; - int disableTLS = 0; - int useExportPolicy = 0; - PRSocketOptionData opt; - PRNetAddr addr; - PRHostEnt hp; - PRPollDesc pollset[2]; - PRBool useCommandLinePassword = PR_FALSE; - PRBool pingServerFirst = PR_FALSE; - PRBool clientSpeaksFirst = PR_FALSE; - int error = 0; - PLOptState *optstate; - PLOptStatus optstatus; - PRStatus prStatus; - - progName = strrchr(argv[0], '/'); - if (!progName) - progName = strrchr(argv[0], '\\'); - progName = progName ? progName+1 : argv[0]; - - optstate = PL_CreateOptState(argc, argv, "23Tfc:h:p:d:m:n:oqvw:x"); - while ((optstatus = PL_GetNextOpt(optstate)) == PL_OPT_OK) { - switch (optstate->option) { - case '?': - default : Usage(progName); break; - - case '2': disableSSL2 = 1; break; - - case '3': disableSSL3 = 1; break; - - case 'T': disableTLS = 1; break; - - case 'c': cipherString = strdup(optstate->value); break; - - case 'h': host = strdup(optstate->value); break; - - case 'f': clientSpeaksFirst = PR_TRUE; break; - - case 'd': - certDir = strdup(optstate->value); - certDir = SECU_ConfigDirectory(certDir); - break; - - case 'm': - multiplier = atoi(optstate->value); - if (multiplier < 0) - multiplier = 0; - break; - - case 'n': nickname = strdup(optstate->value); break; - - case 'o': override = 1; break; - - case 'p': port = strdup(optstate->value); break; - - case 'q': pingServerFirst = PR_TRUE; break; - - case 'v': verbose++; break; - - case 'w': - password = PORT_Strdup(optstate->value); - useCommandLinePassword = PR_TRUE; - break; - - case 'x': useExportPolicy = 1; break; - } - } - if (optstatus == PL_OPT_BAD) - Usage(progName); - - if (!host || !port) Usage(progName); - - if (!certDir) { - certDir = SECU_DefaultSSLDir(); /* Look in $SSL_DIR */ - certDir = SECU_ConfigDirectory(certDir); /* call even if it's NULL */ - } - - PR_Init( PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1); - - /* set our password function */ - if ( useCommandLinePassword ) { - PK11_SetPasswordFunc(ownPasswd); - } else { - PK11_SetPasswordFunc(SECU_GetModulePassword); - } - - /* open the cert DB, the key DB, and the secmod DB. */ - rv = NSS_Init(certDir); - if (rv != SECSuccess) { - SECU_PrintError(progName, "unable to open cert database"); -#if 0 - rv = CERT_OpenVolatileCertDB(handle); - CERT_SetDefaultCertDB(handle); -#else - return 1; -#endif - } - handle = CERT_GetDefaultCertDB(); - - /* set the policy bits true for all the cipher suites. */ - if (useExportPolicy) - NSS_SetExportPolicy(); - else - NSS_SetDomesticPolicy(); - - /* all the SSL2 and SSL3 cipher suites are enabled by default. */ - if (cipherString) { - /* disable all the ciphers, then enable the ones we want. */ - disableAllSSLCiphers(); - } - - status = PR_StringToNetAddr(host, &addr); - if (status == PR_SUCCESS) { - int portno = atoi(port); - addr.inet.port = PR_htons((PRUint16)portno); - } else { - /* Lookup host */ - char buf[PR_NETDB_BUF_SIZE]; - status = PR_GetIPNodeByName(host, PR_AF_INET6, PR_AI_DEFAULT, - buf, sizeof buf, &hp); - if (status != PR_SUCCESS) { - SECU_PrintError(progName, "error looking up host"); - return 1; - } - if (PR_EnumerateHostEnt(0, &hp, (PRUint16)atoi(port), &addr) == -1) { - SECU_PrintError(progName, "error looking up host address"); - return 1; - } - } - - if (PR_IsNetAddrType(&addr, PR_IpAddrV4Mapped)) { - /* convert to IPv4. */ - addr.inet.family = PR_AF_INET; - memcpy(&addr.inet.ip, &addr.ipv6.ip.pr_s6_addr[12], 4); - memset(&addr.inet.pad[0], 0, sizeof addr.inet.pad); - } - - printHostNameAndAddr(host, &addr); - - if (pingServerFirst) { - int iter = 0; - PRErrorCode err; - do { - s = PR_NewTCPSocket(); - if (s == NULL) { - SECU_PrintError(progName, "Failed to create a TCP socket"); - } - opt.option = PR_SockOpt_Nonblocking; - opt.value.non_blocking = PR_FALSE; - prStatus = PR_SetSocketOption(s, &opt); - if (prStatus != PR_SUCCESS) { - PR_Close(s); - SECU_PrintError(progName, - "Failed to set blocking socket option"); - return 1; - } - prStatus = PR_Connect(s, &addr, PR_INTERVAL_NO_TIMEOUT); - if (prStatus == PR_SUCCESS) { - PR_Shutdown(s, PR_SHUTDOWN_BOTH); - PR_Close(s); - if (NSS_Shutdown() != SECSuccess) { - exit(1); - } - PR_Cleanup(); - return 0; - } - err = PR_GetError(); - if ((err != PR_CONNECT_REFUSED_ERROR) && - (err != PR_CONNECT_RESET_ERROR)) { - SECU_PrintError(progName, "TCP Connection failed"); - return 1; - } - PR_Close(s); - PR_Sleep(PR_MillisecondsToInterval(WAIT_INTERVAL)); - } while (++iter < MAX_WAIT_FOR_SERVER); - SECU_PrintError(progName, - "Client timed out while waiting for connection to server"); - return 1; - } - - /* Create socket */ - s = PR_NewTCPSocket(); - if (s == NULL) { - SECU_PrintError(progName, "error creating socket"); - return 1; - } - - opt.option = PR_SockOpt_Nonblocking; - opt.value.non_blocking = PR_TRUE; - PR_SetSocketOption(s, &opt); - /*PR_SetSocketOption(PR_GetSpecialFD(PR_StandardInput), &opt);*/ - - s = SSL_ImportFD(NULL, s); - if (s == NULL) { - SECU_PrintError(progName, "error importing socket"); - return 1; - } - - rv = SSL_OptionSet(s, SSL_SECURITY, 1); - if (rv != SECSuccess) { - SECU_PrintError(progName, "error enabling socket"); - return 1; - } - - rv = SSL_OptionSet(s, SSL_HANDSHAKE_AS_CLIENT, 1); - if (rv != SECSuccess) { - SECU_PrintError(progName, "error enabling client handshake"); - return 1; - } - - /* all the SSL2 and SSL3 cipher suites are enabled by default. */ - if (cipherString) { - int ndx; - - while (0 != (ndx = *cipherString++)) { - int *cptr; - int cipher; - - if (! isalpha(ndx)) - Usage(progName); - cptr = islower(ndx) ? ssl3CipherSuites : ssl2CipherSuites; - for (ndx &= 0x1f; (cipher = *cptr++) != 0 && --ndx > 0; ) - /* do nothing */; - if (cipher) { - SECStatus status; - status = SSL_CipherPrefSet(s, cipher, SSL_ALLOWED); - if (status != SECSuccess) - SECU_PrintError(progName, "SSL_CipherPrefSet()"); - } - } - } - - rv = SSL_OptionSet(s, SSL_ENABLE_SSL2, !disableSSL2); - if (rv != SECSuccess) { - SECU_PrintError(progName, "error enabling SSLv2 "); - return 1; - } - - rv = SSL_OptionSet(s, SSL_ENABLE_SSL3, !disableSSL3); - if (rv != SECSuccess) { - SECU_PrintError(progName, "error enabling SSLv3 "); - return 1; - } - - rv = SSL_OptionSet(s, SSL_ENABLE_TLS, !disableTLS); - if (rv != SECSuccess) { - SECU_PrintError(progName, "error enabling TLS "); - return 1; - } - - /* disable ssl2 and ssl2-compatible client hellos. */ - rv = SSL_OptionSet(s, SSL_V2_COMPATIBLE_HELLO, !disableSSL2); - if (rv != SECSuccess) { - SECU_PrintError(progName, "error disabling v2 compatibility"); - return 1; - } - - if (useCommandLinePassword) { - SSL_SetPKCS11PinArg(s, password); - } - - SSL_AuthCertificateHook(s, SSL_AuthCertificate, (void *)handle); - if (override) { - SSL_BadCertHook(s, ownBadCertHandler, NULL); - } - SSL_GetClientAuthDataHook(s, own_GetClientAuthData, (void *)nickname); - SSL_HandshakeCallback(s, handshakeCallback, NULL); - SSL_SetURL(s, host); - - /* Try to connect to the server */ - status = PR_Connect(s, &addr, PR_INTERVAL_NO_TIMEOUT); - if (status != PR_SUCCESS) { - if (PR_GetError() == PR_IN_PROGRESS_ERROR) { - if (verbose) - SECU_PrintError(progName, "connect"); - milliPause(50 * multiplier); - pollset[SSOCK_FD].in_flags = PR_POLL_WRITE | PR_POLL_EXCEPT; - pollset[SSOCK_FD].out_flags = 0; - pollset[SSOCK_FD].fd = s; - while(1) { - FPRINTF(stderr, - "%s: about to call PR_Poll for connect completion!\n", - progName); - filesReady = PR_Poll(pollset, 1, PR_INTERVAL_NO_TIMEOUT); - if (filesReady < 0) { - SECU_PrintError(progName, "unable to connect (poll)"); - return 1; - } - FPRINTF(stderr, - "%s: PR_Poll returned 0x%02x for socket out_flags.\n", - progName, pollset[SSOCK_FD].out_flags); - if (filesReady == 0) { /* shouldn't happen! */ - FPRINTF(stderr, "%s: PR_Poll returned zero!\n", progName); - return 1; - } - /* Must milliPause between PR_Poll and PR_GetConnectStatus, - * Or else winsock gets mighty confused. - * Sleep(0); - */ - milliPause(1); - status = PR_GetConnectStatus(pollset); - if (status == PR_SUCCESS) { - break; - } - if (PR_GetError() != PR_IN_PROGRESS_ERROR) { - SECU_PrintError(progName, "unable to connect (poll)"); - return 1; - } - SECU_PrintError(progName, "poll"); - milliPause(50 * multiplier); - } - } else { - SECU_PrintError(progName, "unable to connect"); - return 1; - } - } - - pollset[SSOCK_FD].fd = s; - pollset[SSOCK_FD].in_flags = clientSpeaksFirst ? 0 : PR_POLL_READ; - pollset[STDIN_FD].fd = PR_GetSpecialFD(PR_StandardInput); - pollset[STDIN_FD].in_flags = PR_POLL_READ; - npds = 2; - std_out = PR_GetSpecialFD(PR_StandardOutput); - -#if defined(WIN32) - /* PR_Poll cannot be used with stdin on Windows. (sigh). - ** But use of PR_Poll and non-blocking sockets is a major feature - ** of this program. So, we simulate a pollable stdin with a - ** TCP socket pair and a thread that reads stdin and writes to - ** that socket pair. - */ - { - PRFileDesc * fds[2]; - PRThread * thread; - - int nspr_rv = PR_NewTCPSocketPair(fds); - if (nspr_rv != PR_SUCCESS) { - SECU_PrintError(progName, "PR_NewTCPSocketPair failed"); - error = 1; - goto done; - } - pollset[STDIN_FD].fd = fds[1]; - - thread = PR_CreateThread(PR_USER_THREAD, thread_main, fds[0], - PR_PRIORITY_NORMAL, PR_GLOBAL_THREAD, - PR_UNJOINABLE_THREAD, 0); - if (!thread) { - SECU_PrintError(progName, "PR_CreateThread failed"); - error = 1; - goto done; - } - } -#endif - - /* - ** Select on stdin and on the socket. Write data from stdin to - ** socket, read data from socket and write to stdout. - */ - FPRINTF(stderr, "%s: ready...\n", progName); - - while (pollset[SSOCK_FD].in_flags | pollset[STDIN_FD].in_flags) { - char buf[4000]; /* buffer for stdin */ - int nb; /* num bytes read from stdin. */ - - pollset[SSOCK_FD].out_flags = 0; - pollset[STDIN_FD].out_flags = 0; - - FPRINTF(stderr, "%s: about to call PR_Poll !\n", progName); - filesReady = PR_Poll(pollset, npds, PR_INTERVAL_NO_TIMEOUT); - if (filesReady < 0) { - SECU_PrintError(progName, "select failed"); - error = 1; - goto done; - } - if (filesReady == 0) { /* shouldn't happen! */ - FPRINTF(stderr, "%s: PR_Poll returned zero!\n", progName); - return 1; - } - FPRINTF(stderr, "%s: PR_Poll returned!\n", progName); - if (pollset[STDIN_FD].in_flags) { - FPRINTF(stderr, - "%s: PR_Poll returned 0x%02x for stdin out_flags.\n", - progName, pollset[STDIN_FD].out_flags); - } - if (pollset[SSOCK_FD].in_flags) { - FPRINTF(stderr, - "%s: PR_Poll returned 0x%02x for socket out_flags.\n", - progName, pollset[SSOCK_FD].out_flags); - } - if (pollset[STDIN_FD].out_flags & PR_POLL_READ) { - /* Read from stdin and write to socket */ - nb = PR_Read(pollset[STDIN_FD].fd, buf, sizeof(buf)); - FPRINTF(stderr, "%s: stdin read %d bytes\n", progName, nb); - if (nb < 0) { - if (PR_GetError() != PR_WOULD_BLOCK_ERROR) { - SECU_PrintError(progName, "read from stdin failed"); - error = 1; - break; - } - } else if (nb == 0) { - /* EOF on stdin, stop polling stdin for read. */ - pollset[STDIN_FD].in_flags = 0; - } else { - char * bufp = buf; - FPRINTF(stderr, "%s: Writing %d bytes to server\n", - progName, nb); - do { - PRInt32 cc = PR_Write(s, bufp, nb); - if (cc < 0) { - PRErrorCode err = PR_GetError(); - if (err != PR_WOULD_BLOCK_ERROR) { - SECU_PrintError(progName, - "write to SSL socket failed"); - error = 254; - goto done; - } - cc = 0; - } - bufp += cc; - nb -= cc; - if (nb <= 0) - break; - pollset[SSOCK_FD].in_flags = PR_POLL_WRITE | PR_POLL_EXCEPT; - pollset[SSOCK_FD].out_flags = 0; - FPRINTF(stderr, - "%s: about to call PR_Poll on writable socket !\n", - progName); - cc = PR_Poll(pollset, 1, PR_INTERVAL_NO_TIMEOUT); - FPRINTF(stderr, - "%s: PR_Poll returned with writable socket !\n", - progName); - } while (1); - pollset[SSOCK_FD].in_flags = PR_POLL_READ; - } - } - - if (pollset[SSOCK_FD].in_flags) { - FPRINTF(stderr, - "%s: PR_Poll returned 0x%02x for socket out_flags.\n", - progName, pollset[SSOCK_FD].out_flags); - } - if ( (pollset[SSOCK_FD].out_flags & PR_POLL_READ) - || (pollset[SSOCK_FD].out_flags & PR_POLL_ERR) -#ifdef PR_POLL_HUP - || (pollset[SSOCK_FD].out_flags & PR_POLL_HUP) -#endif - ) { - /* Read from socket and write to stdout */ - nb = PR_Read(pollset[SSOCK_FD].fd, buf, sizeof(buf)); - FPRINTF(stderr, "%s: Read from server %d bytes\n", progName, nb); - if (nb < 0) { - if (PR_GetError() != PR_WOULD_BLOCK_ERROR) { - SECU_PrintError(progName, "read from socket failed"); - error = 1; - goto done; - } - } else if (nb == 0) { - /* EOF from socket... stop polling socket for read */ - pollset[SSOCK_FD].in_flags = 0; - } else { - PR_Write(std_out, buf, nb); - if (verbose) - fputs("\n\n", stderr); - } - } - milliPause(50 * multiplier); - } - - done: - PR_Close(s); - SSL_ClearSessionCache(); - if (NSS_Shutdown() != SECSuccess) { - exit(1); - } - - PR_Cleanup(); - return error; -} diff --git a/security/nss/cmd/ttformat/Makefile b/security/nss/cmd/ttformat/Makefile deleted file mode 100644 index f2a407990..000000000 --- a/security/nss/cmd/ttformat/Makefile +++ /dev/null @@ -1,74 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### -include ../platlibs.mk - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - - -include ../platrules.mk - diff --git a/security/nss/cmd/ttformat/manifest.mn b/security/nss/cmd/ttformat/manifest.mn deleted file mode 100644 index c63d5b052..000000000 --- a/security/nss/cmd/ttformat/manifest.mn +++ /dev/null @@ -1,48 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -CORE_DEPTH = ../../.. - -DEFINES += -DNSPR20 - -# MODULE public and private header directories are implicitly REQUIRED. -MODULE = nss - -CSRCS = ttformat.c - -# The MODULE is always implicitly required. -# Listing it here in REQUIRES makes it appear twice in the cc command line. -REQUIRES = seccmd dbm - -PROGRAM = ttformat - diff --git a/security/nss/cmd/ttformat/nClient b/security/nss/cmd/ttformat/nClient deleted file mode 100755 index aab8402bd..000000000 --- a/security/nss/cmd/ttformat/nClient +++ /dev/null @@ -1,49 +0,0 @@ -# /bin/ksh -# -# nClient -- run the nss test strsclnt for performance testing -# -# syntax: nClient [options] -# -# where: options are: -# any valid command line option for strsclnt -# Note that some options are set by this script! -# -# Description: -# nClient runs the nss test program "strsclnt" for purposes of -# gathering performance data. -# -# some shell variables are set at the top of the script -# you may have to change these, depending on the host you -# are running on and other "stuff". caveat emptor. -# -# You will have to tinker with this script to get it to -# run for you. -# -# See also: nServ -# -# --- begin nClient ------------------------------------------------------- -baseDir=/home/lorenzo/nss-raw/mozilla -# -# shell variables for running strsclnt -# -export HOST=`hostname -s` -export DOMSUF=red.iplanet.com -serverHost=dbldog -nssDB=${baseDir}/tests_results/security/${HOST}.1/client -nssHost=${HOST}.red.iplanet.com -pushd ${baseDir}/security/nss/tests/common -objDir=`gmake objdir_name` -popd -# -# -nssOptions="-p 12944 ${serverHost}.red.iplanet.com" -export LD_LIBRARY_PATH=${baseDir}/dist/${objDir}/lib -clientProg=${baseDir}/security/nss/cmd/strsclnt/${objDir}/strsclnt -# -# do the test -# -nssCommand="${clientProg} -d ${nssDB} ${nssOptions}" -echo $nssCommand $* -${nssCommand} $* & -# -# --- end nClient -------------------------------------------------------- diff --git a/security/nss/cmd/ttformat/nServ b/security/nss/cmd/ttformat/nServ deleted file mode 100755 index ddf51b0e8..000000000 --- a/security/nss/cmd/ttformat/nServ +++ /dev/null @@ -1,49 +0,0 @@ -# /bin/ksh -# -# nServ -- run the nss test selfserv for performance testing -# -# syntax: nServ [options] -# -# where: options are: -# Valid arguments to the selfserv program -# Note that this script sets some options -# -# Description: -# nServ runs the nss test program "selfserv" for purposes of -# gathering performance data. -# -# some shell variables are set at the top of the script -# you may have to change these, depending on the host you -# are running on and other "stuff". caveat emptor. -# -# See also: nClinet -# -# --- begin nServ ------------------------------------------------------- -# -baseDir=/home/lorenzo/nss-server/mozilla -# -# shell variables for running selfserv -# -export HOST=`hostname -s` -export DOMSUF=red.iplanet.com -nssDB=${baseDir}/tests_results/security/${HOST}.1/server -nssHost=${HOST}.red.iplanet.com -nssOptions="-p 12944 -w nss" -pushd ${baseDir}/security/nss/tests/common -objDir=`gmake objdir_name` -popd -export LD_LIBRARY_PATH=${baseDir}/dist/${objDir}/lib -# -# shell variables for capturing instrumentation data -# -export NSPR_LOG_MODULES=TestCase:6 -export NSPR_LOG_FILE=xxxLogfile -# -# do the test -# -nssCommand="${baseDir}/dist/${objDir}/bin/selfserv -d ${nssDB} -n ${nssHost} ${nssOptions}" -echo $nssCommand -${nssCommand} $* & -# xxgdb ${baseDir}/dist/${objDir}/bin/selfserv -# -# --- end nServ ------------------------------------------------------- diff --git a/security/nss/cmd/ttformat/redux.pl b/security/nss/cmd/ttformat/redux.pl deleted file mode 100755 index ccc13c24a..000000000 --- a/security/nss/cmd/ttformat/redux.pl +++ /dev/null @@ -1,77 +0,0 @@ -# -# redux.pl -- general nss trace data extraction -# -# syntax: redux.pl -# -# redux.pl reads a file of formatted trace table records from stdin -# The trace records are formatted by nssilock.c -# redux.pl parses the lines and accumulates data in a hash -# When finished with stdin, redux.pl traverses the hash and emits -# the accumulated data. -# -# Operation: -# read stdin, accumulate in a hash by file, line, type. -# traverse the hash, reporting data. -# -# raw data format: -# thredid op ltype callTime heldTime lock line file -# -# Notes: -# After running redux.pl, sort the report on column 4 in decending sequence -# to see where the lock contention is. -# -# -# ----------------------------------------------------------------------- -use Getopt::Std; - -getopts("h") || die "redux.pl: unrecognized command option"; - - -# ----------------------------------------------------------------------- -# read stdin to exhaustion -while ( <STDIN> ) { - $recordCount++; -# next if ($recordCount < 36000 ); # skip initialization records - chomp; - ($thredid, $op, $ltype, $callTime, $heldTime, $lock, $line, $file) = split; - -# select out un-interesting lines -# next if (( $callTime < $opt_c ) && ( $heldTime < $opt_h )); -# print $_, "\n"; - -# count general stats - $interesting++; - -# format the key - $hashKey = $file ." ". $line ." ". $ltype; - -# Update the data in the hash entry - $theData = $theHash{$hashKey}; # read it if it already exists - ( $hCount, $hcallTime, $hheldTime, $hcallMax, $hheldMax ) = split(/\s+/, $theData ); - $hCount++; - $hcallTime += $callTime; - $hheldTime += $heldTime; - $hcallMax = ( $hcallMax > $callTime )? $hcallMax : $callTime; - $hheldMax = ( $hheldMax > $heldTime )? $hheldMax : $heldTime; - -# Write theData back to the hash - $theData = $hCount." ".$hcallTime." ".$hheldTime." ".$hcallMax." ".$hheldMax; - $theHash{$hashKey} = $theData; -} # end while() - -# ----------------------------------------------------------------------- -# traverse theHash - printf("%-16s %6s %-16s %8s %8s %8s %8s %8s\n", - "File","line","ltype","hits","calltim","heldtim","callmax","heldmax" ); -while (($hashKey,$theData) = each(%theHash)) { - $hashElements++; - ($file, $line, $ltype) = split(/\s+/, $hashKey ); - ( $hCount, $hcallTime, $hheldTime, $hcallMax, $hheldMax ) = split(/\s+/, $theData ); - printf("%-16s %6d %-16s %8d %8d %8d %8d %8d\n", - $file, $line, $ltype, $hCount, $hcallTime, $hheldTime, $hcallMax, $hheldMax ); -} # end while() - -# ----------------------------------------------------------------------- -# dump global statistics -printf ("Record count: %d\n", $recordCount ); -printf("Interesting: %d, HashElements: %d\n", $interesting, $hashElements); diff --git a/security/nss/cmd/ttformat/reduxhwm.pl b/security/nss/cmd/ttformat/reduxhwm.pl deleted file mode 100644 index f442ff4e4..000000000 --- a/security/nss/cmd/ttformat/reduxhwm.pl +++ /dev/null @@ -1,33 +0,0 @@ -# -# reduxhwm.pl -- analyze highwatermark data in xxxLogfile -# -# example interesting line in xxxLogfile -# 1026[8154da0]: selfserv: Launched thread in slot 37, highWaterMark: 63 -# -# -# -while ( <STDIN> ) { - chomp; - ($proc, $who, $launched, $thread, $in, $slotx, $slot, $hwm, $highwatermark) = split; - if ( $launched == "Launched" ) { - next if ( $slot == 0 ); - $notInteresting++; - if ( $hwmMax < $highwatermark ){ - $hwmMax = $highwatermark; - } - $hwmArray[$slot] += 1; - $interesting++; - } -} # end while() - -printf ("Interesteing: %d\n", $interesting ); -printf ("Not Interesting: %d\n", $notInteresting - $interesting ); - -foreach $element (@hwmArray) { - $percent = 100*($element / $interesting); - $percentTotal += $percent; - printf("Slot %2d: %d hits, %2.2f percent, %2.2f total percent\n", $i, $element, $percent, $percentTotal ); - $i++; -} -printf("Sum of percentages: %3.2f\n", $percentTotal ); -# --- end --- diff --git a/security/nss/cmd/ttformat/ttformat.c b/security/nss/cmd/ttformat/ttformat.c deleted file mode 100644 index 7fcf04f86..000000000 --- a/security/nss/cmd/ttformat/ttformat.c +++ /dev/null @@ -1,135 +0,0 @@ -/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape Portable Runtime (NSPR). - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1998-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -/* -** File: ttformat.c -** Description: ttformat.c reads the file "xxxTTLog". xxxTTLog -** contains fixed length binary data written by nssilock. -** ttformat formats the data to a human readable form (printf) -** usable for visual scanning and for processing via a perl script. -** Output is written to stdout -** -*/ - -#include <stdio.h> -#include <stdlib.h> -#include <nssilock.h> - -/* -** struct maps enum nssILockType to character representation -*/ -struct { - nssILockType ltype; - char *name; -} ltypeNameT[] = { - { nssILockArena, "Arena" }, - { nssILockSession, "Session" }, - { nssILockObject, "Object" }, - { nssILockRefLock, "RefLock" }, - { nssILockCert, "Cert", }, - { nssILockCertDB, "CertDB" }, - { nssILockDBM, "DBM" }, - { nssILockCache, "Cache" }, - { nssILockSSL, "SSL" }, - { nssILockList, "List" }, - { nssILockSlot, "Slot" }, - { nssILockFreelist, "Freelist" }, - { nssILockOID, "OID" }, - { nssILockAttribute, "Attribute" }, - { nssILockPK11cxt, "PK11Context" }, - { nssILockRWLock, "RWLock" }, - { nssILockOther, "Other" }, - { nssILockSelfServ, "SelfServ" } -}; /* end ltypeNameT */ - -/* -** struct maps enum nssILockOp to character representation -*/ -struct { - nssILockOp op; - char *name; -} opNameT[] = { - { FlushTT, "FlushTT" }, - { NewLock, "NewLock" }, - { Lock, "Lock" }, - { Unlock, "Unlock" }, - { DestroyLock, "DestroyLock" }, - { NewCondVar, "NewCondVar" }, - { WaitCondVar, "WaitCondVar" }, - { NotifyCondVar, "NotifyCondVar" }, - { NotifyAllCondVar, "NotifyAllCondVar" }, - { DestroyCondVar, "DestroyCondVar" }, - { NewMonitor, "NewMonitor" }, - { EnterMonitor, "EnterMonitor" }, - { ExitMonitor, "ExitMonitor" }, - { Notify, "Notify" }, - { NotifyAll, "NotifyAll" }, - { Wait, "Wait" }, - { DestroyMonitor, "DestroyMonitor" } -}; /* end opNameT */ - - -int main(int argc, char *argv[]) -{ - FILE *filea; - struct pzTrace_s inBuf; - char *opName; - char *ltypeName; - int rCount = 0; - int oCount = 0; - - filea = fopen( "xxxTTLog", "r" ); - if ( NULL == filea ) { - fprintf( stderr, "ttformat: Oh drat! Can't open 'xxxTTLog'\n" ); - exit(1); - } - - while(1 == (fread( &inBuf, sizeof(inBuf), 1 , filea ))) { - ++rCount; - if ( inBuf.op > DestroyMonitor ) continue; - if ( inBuf.op < FlushTT ) continue; - - opName = opNameT[inBuf.op].name; - ltypeName = ltypeNameT[inBuf.ltype].name; - - ++oCount; - printf("%8d %18s %18s %6d %6d %12p %6d %20s\n", - inBuf.threadID, opName, ltypeName, inBuf.callTime, inBuf.heldTime, - inBuf.lock, inBuf.line, inBuf.file ); - } /* end while() */ - - fprintf( stderr, "Read: %d, Wrote: %d\n", rCount, oCount ); - return 0; -} /* main() */ -/* end ttformat.c */ diff --git a/security/nss/cmd/vfychain/Makefile b/security/nss/cmd/vfychain/Makefile deleted file mode 100644 index 8a0332d89..000000000 --- a/security/nss/cmd/vfychain/Makefile +++ /dev/null @@ -1,82 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - -include ../platlibs.mk - -ifeq (,$(filter-out WINNT WIN95 WIN16,$(OS_TARGET))) # omits WINCE -ifndef BUILD_OPT -LDFLAGS += /subsystem:console /profile /debug /machine:I386 /incremental:no -OS_CFLAGS += -D_CONSOLE -endif -endif - - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - -#include ../platlibs.mk - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - -include ../platrules.mk - diff --git a/security/nss/cmd/vfychain/manifest.mn b/security/nss/cmd/vfychain/manifest.mn deleted file mode 100644 index 1cdcc4de8..000000000 --- a/security/nss/cmd/vfychain/manifest.mn +++ /dev/null @@ -1,51 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -CORE_DEPTH = ../../.. - -# MODULE public and private header directories are implicitly REQUIRED. -MODULE = nss - -# This next line is used by .mk files -# and gets translated into $LINCS in manifest.mnw -# The MODULE is always implicitly required. -# Listing it here in REQUIRES makes it appear twice in the cc command line. -REQUIRES = seccmd - -# DIRS = - -CSRCS = vfychain.c -DEFINES += -DDLL_PREFIX=\"$(DLL_PREFIX)\" -DDLL_SUFFIX=\"$(DLL_SUFFIX)\" - -PROGRAM = vfychain - diff --git a/security/nss/cmd/vfychain/vfychain.c b/security/nss/cmd/vfychain/vfychain.c deleted file mode 100644 index 7597aa92e..000000000 --- a/security/nss/cmd/vfychain/vfychain.c +++ /dev/null @@ -1,326 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -/**************************************************************************** - * Read in a cert chain from one or more files, and verify the chain for - * some usage. - * * - * This code was modified from other code also kept in the NSS directory. - ****************************************************************************/ - -#include <stdio.h> -#include <string.h> - -#if defined(XP_UNIX) -#include <unistd.h> -#endif - -#include "prerror.h" - -#include "nssrenam.h" -#include "pk11func.h" -#include "seccomon.h" -#include "secutil.h" -#include "secmod.h" -#include "secitem.h" -#include "cert.h" - - -/* #include <stdlib.h> */ -/* #include <errno.h> */ -/* #include <fcntl.h> */ -/* #include <stdarg.h> */ - -#include "nspr.h" -#include "plgetopt.h" -#include "prio.h" -#include "nss.h" - -/* #include "vfyutil.h" */ - -#define RD_BUF_SIZE (60 * 1024) - -int verbose; - -char *password = NULL; - -/* Function: char * myPasswd() - * - * Purpose: This function is our custom password handler that is called by - * SSL when retreiving private certs and keys from the database. Returns a - * pointer to a string that with a password for the database. Password pointer - * should point to dynamically allocated memory that will be freed later. - */ -char * -myPasswd(PK11SlotInfo *info, PRBool retry, void *arg) -{ - char * passwd = NULL; - - if ( (!retry) && arg ) { - passwd = PORT_Strdup((char *)arg); - } - return passwd; -} - -static void -Usage(const char *progName) -{ - fprintf(stderr, - "Usage: %s [-d dbdir] certfile [certfile ...]\n", - progName); - exit(1); -} - -/************************************************************************** -** -** Error and information routines. -** -**************************************************************************/ - -void -errWarn(char *function) -{ - PRErrorCode errorNumber = PR_GetError(); - const char * errorString = SECU_Strerror(errorNumber); - - fprintf(stderr, "Error in function %s: %d\n - %s\n", - function, errorNumber, errorString); -} - -void -exitErr(char *function) -{ - errWarn(function); - /* Exit gracefully. */ - /* ignoring return value of NSS_Shutdown as code exits with 1 anyway*/ - (void) NSS_Shutdown(); - PR_Cleanup(); - exit(1); -} - -typedef struct certMemStr { - struct certMemStr * next; - CERTCertificate * cert; -} certMem; - -certMem * theCerts; - -void -rememberCert(CERTCertificate * cert) -{ - certMem * newCertMem = PORT_ZNew(certMem); - if (newCertMem) { - newCertMem->next = theCerts; - newCertMem->cert = cert; - theCerts = newCertMem; - } -} - -void -forgetCerts(void) -{ - certMem * oldCertMem; - while (oldCertMem = theCerts) { - theCerts = oldCertMem->next; - CERT_DestroyCertificate(oldCertMem->cert); - PORT_Free(oldCertMem); - } - theCerts = NULL; -} - - -CERTCertificate * -readCertFile(const char * fileName, PRBool isAscii) -{ - unsigned char * pb; - CERTCertificate * cert = NULL; - CERTCertDBHandle *defaultDB = NULL; - PRFileDesc* fd; - PRInt32 cc = -1; - PRInt32 total; - PRInt32 remaining; - SECItem item; - static unsigned char certBuf[RD_BUF_SIZE]; - - fd = PR_Open(fileName, PR_RDONLY, 0777); - if (!fd) { - PRIntn err = PR_GetError(); - fprintf(stderr, "open of %s failed, %d = %s\n", - fileName, err, SECU_Strerror(err)); - return cert; - } - /* read until EOF or buffer is full */ - pb = certBuf; - while (0 < (remaining = (sizeof certBuf) - (pb - certBuf))) { - cc = PR_Read(fd, pb, remaining); - if (cc == 0) - break; - if (cc < 0) { - PRIntn err = PR_GetError(); - fprintf(stderr, "read of %s failed, %d = %s\n", - fileName, err, SECU_Strerror(err)); - break; - } - /* cc > 0 */ - pb += cc; - } - PR_Close(fd); - if (cc < 0) - return cert; - if (!remaining || cc > 0) { /* file was too big. */ - fprintf(stderr, "cert file %s was too big.\n"); - return cert; - } - total = pb - certBuf; - if (!total) { /* file was empty */ - fprintf(stderr, "cert file %s was empty.\n"); - return cert; - } - if (isAscii) { - /* convert from Base64 to binary here ... someday */ - } - item.type = siBuffer; - item.data = certBuf; - item.len = total; - defaultDB = CERT_GetDefaultCertDB(); - cert = CERT_NewTempCertificate(defaultDB, &item, - NULL /* nickname */, - PR_FALSE /* isPerm */, - PR_TRUE /* copyDER */); - if (!cert) { - PRIntn err = PR_GetError(); - fprintf(stderr, "couldn't import %s, %d = %s\n", - fileName, err, SECU_Strerror(err)); - } - return cert; -} - -int -main(int argc, char *argv[], char *envp[]) -{ - char * certDir = NULL; - char * progName = NULL; - char * cipherString = NULL; - CERTCertificate * cert; - CERTCertificate * firstCert = NULL; - CERTCertDBHandle * defaultDB = NULL; - PRBool isAscii = PR_FALSE; - SECStatus secStatus; - SECCertificateUsage certUsage = certificateUsageSSLServer; - PLOptState * optstate; - PLOptStatus status; - - PR_Init( PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1); - - progName = PL_strdup(argv[0]); - - optstate = PL_CreateOptState(argc, argv, "ad:ru:w:v"); - while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) { - switch(optstate->option) { - case 0 : /* positional parameter */ goto breakout; - case 'a' : isAscii = PR_TRUE; break; - case 'd' : certDir = PL_strdup(optstate->value); break; - case 'r' : isAscii = PR_FALSE; break; - case 'u' : certUsage = ((SECCertificateUsage) 1) << PORT_Atoi(optstate->value); break; - case 'w' : password = PL_strdup(optstate->value); break; - case 'v' : verbose++; break; - default : Usage(progName); break; - } - } -breakout: - if (status != PL_OPT_OK) - Usage(progName); - - /* Set our password function callback. */ - PK11_SetPasswordFunc(myPasswd); - - /* Initialize the NSS libraries. */ - if (certDir) { - secStatus = NSS_Init(certDir); - } else { - secStatus = NSS_NoDB_Init(NULL); - - /* load the builtins */ - SECMOD_AddNewModule("Builtins", DLL_PREFIX"nssckbi."DLL_SUFFIX, 0, 0); - } - if (secStatus != SECSuccess) { - exitErr("NSS_Init"); - } - - - while (status == PL_OPT_OK) { - switch(optstate->option) { - default : Usage(progName); break; - case 'a' : isAscii = PR_TRUE; break; - case 'r' : isAscii = PR_FALSE; break; - case 0 : /* positional parameter */ - cert = readCertFile(optstate->value, isAscii); - if (!cert) - goto punt; - rememberCert(cert); - if (!firstCert) - firstCert = cert; - break; - } - status = PL_GetNextOpt(optstate); - } - if (status == PL_OPT_BAD || !firstCert) - Usage(progName); - - /* NOW, verify the cert chain. */ - defaultDB = CERT_GetDefaultCertDB(); - secStatus = CERT_VerifyCertificate(defaultDB, firstCert, - PR_TRUE /* check sig */, - certUsage, - PR_Now(), - NULL, /* wincx */ - NULL, /* error log */ - NULL); /* returned usages */ - - if (secStatus != SECSuccess) { - PRIntn err = PR_GetError(); - fprintf(stderr, "Chain is bad, %d = %s\n", err, SECU_Strerror(err)); - SECU_printCertProblems(stderr, defaultDB, firstCert, - PR_TRUE, certUsage, NULL, verbose); - } else { - fprintf(stderr, "Chain is good!\n"); - } - -punt: - forgetCerts(); - if (NSS_Shutdown() != SECSuccess) { - exit(1); - } - PR_Cleanup(); - return 0; -} diff --git a/security/nss/cmd/vfyserv/Makefile b/security/nss/cmd/vfyserv/Makefile deleted file mode 100644 index b31a4fdc8..000000000 --- a/security/nss/cmd/vfyserv/Makefile +++ /dev/null @@ -1,84 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - -include ../platlibs.mk - -ifeq (,$(filter-out WINNT WIN95 WIN16,$(OS_TARGET))) # omits WINCE -ifndef BUILD_OPT -ifndef NS_USE_GCC -LDFLAGS += /subsystem:console /profile /debug /machine:I386 /incremental:no -endif -OS_CFLAGS += -D_CONSOLE -endif -endif - - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - -#include ../platlibs.mk - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - -include ../platrules.mk - diff --git a/security/nss/cmd/vfyserv/makefile.win b/security/nss/cmd/vfyserv/makefile.win deleted file mode 100644 index 6cf6c12cf..000000000 --- a/security/nss/cmd/vfyserv/makefile.win +++ /dev/null @@ -1,130 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -VERBOSE = 1 -include <manifest.mn> - -#cannot define PROGRAM in manifest compatibly with NT and UNIX -PROGRAM = tstclnt -PROGRAM = ./$(OBJDIR)/$(PROGRAM).exe -include <$(DEPTH)\config\config.mak> - -# let manifest generate C_OBJS, it will prepend ./$(OBJDIR)/ -# rules.mak will append C_OBJS onto OBJS. -# OBJS = $(CSRCS:.c=.obj) - -# include files are looked for in $LINCS and $INCS. -# $LINCS is in manifest.mnw, computed from REQUIRES= -INCS = $(INCS) \ - -I$(DEPTH)/security/lib/cert \ - -I../include \ - $(NULL) - -IGNORE_ME = \ - -I$(DEPTH)/security/lib/key \ - -I$(DEPTH)/security/lib/util \ - $(NULL) - - -WINFE = $(DEPTH)/cmd/winfe/mkfiles$(MOZ_BITS)/x86Dbg - -# these files are the content of libdbm -DBM_LIB = \ - $(WINFE)/DB.obj \ - $(WINFE)/HASH.obj \ - $(WINFE)/H_BIGKEY.obj \ - $(WINFE)/H_PAGE.obj \ - $(WINFE)/H_LOG2.obj \ - $(WINFE)/H_FUNC.obj \ - $(WINFE)/HASH_BUF.obj \ - $(NULL) - -MOZ_LIBS = \ - $(WINFE)/ALLXPSTR.obj \ - $(WINFE)/XP_ERROR.obj \ - $(WINFE)/XPASSERT.obj \ - $(WINFE)/XP_REG.obj \ - $(WINFE)/XP_TRACE.obj \ - $(DBM_LIB) \ - $(WINFE)/XP_STR.obj \ - $(WINFE)/MKTEMP.obj \ - $(NULL) - -SEC_LIBS = \ - $(DIST)/lib/cert$(MOZ_BITS).lib \ - $(DIST)/lib/crypto$(MOZ_BITS).lib \ - $(DIST)/lib/hash$(MOZ_BITS).lib \ - $(DIST)/lib/key$(MOZ_BITS).lib \ - $(DIST)/lib/pkcs7$(MOZ_BITS).lib \ - $(DIST)/lib/secmod$(MOZ_BITS).lib \ - $(DIST)/lib/secutl$(MOZ_BITS).lib \ - $(DIST)/lib/ssl$(MOZ_BITS).lib \ - $(NULL) - -LLFLAGS = $(LLFLAGS) \ - ../lib/$(OBJDIR)/sectool$(MOZ_BITS).lib \ - $(SEC_LIBS) \ - $(MOZ_LIBS) \ - $(DEPTH)/nspr/src/$(OBJDIR)/getopt.obj \ - $(LIBNSPR) \ - $(NULL) - - -include <$(DEPTH)\config\rules.mak> - -INSTALL = $(MAKE_INSTALL) - -objs: $(OBJS) - -$(PROGRAM):: - $(INSTALL) $(DIST)/bin/pr3240.dll ./$(OBJDIR) - -programs: $(PROGRAM) - -install:: $(TARGETS) - $(INSTALL) $(TARGETS) $(DIST)/bin - - -symbols: - @echo "CSRCS = $(CSRCS)" - @echo "INCS = $(INCS)" - @echo "OBJS = $(OBJS)" - @echo "LIBRARY = $(LIBRARY)" - @echo "PROGRAM = $(PROGRAM)" - @echo "TARGETS = $(TARGETS)" - @echo "DIST = $(DIST)" - @echo "VERSION_NUMBER = $(VERSION_NUMBER)" - @echo "WINFE = $(WINFE)" - @echo "DBM_LIB = $(DBM_LIB)" - @echo "INSTALL = $(INSTALL)" - diff --git a/security/nss/cmd/vfyserv/manifest.mn b/security/nss/cmd/vfyserv/manifest.mn deleted file mode 100644 index ccbca1d75..000000000 --- a/security/nss/cmd/vfyserv/manifest.mn +++ /dev/null @@ -1,51 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -CORE_DEPTH = ../../.. - -# MODULE public and private header directories are implicitly REQUIRED. -MODULE = nss - -# This next line is used by .mk files -# and gets translated into $LINCS in manifest.mnw -# The MODULE is always implicitly required. -# Listing it here in REQUIRES makes it appear twice in the cc command line. -REQUIRES = seccmd dbm - -# DIRS = - -CSRCS = vfyserv.c vfyutil.c -DEFINES += -DDLL_PREFIX=\"$(DLL_PREFIX)\" -DDLL_SUFFIX=\"$(DLL_SUFFIX)\" - -PROGRAM = vfyserv - diff --git a/security/nss/cmd/vfyserv/vfyserv.c b/security/nss/cmd/vfyserv/vfyserv.c deleted file mode 100644 index 288319dcd..000000000 --- a/security/nss/cmd/vfyserv/vfyserv.c +++ /dev/null @@ -1,458 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -/**************************************************************************** - * SSL client program that tests a server for proper operation of SSL2, * - * SSL3, and TLS. Test propder certificate installation. * - * * - * This code was modified from the SSLSample code also kept in the NSS * - * directory. * - ****************************************************************************/ - -#include <stdio.h> -#include <string.h> - -#if defined(XP_UNIX) -#include <unistd.h> -#endif - -#include "prerror.h" - -#include "pk11func.h" -#include "secmod.h" -#include "secitem.h" - - -#include <stdlib.h> -#include <errno.h> -#include <fcntl.h> -#include <stdarg.h> - -#include "nspr.h" -#include "plgetopt.h" -#include "prio.h" -#include "prnetdb.h" -#include "nss.h" - -#include "vfyserv.h" - -#define RD_BUF_SIZE (60 * 1024) - -extern int ssl2CipherSuites[]; -extern int ssl3CipherSuites[]; - -GlobalThreadMgr threadMGR; -char *certNickname = NULL; -char *hostName = NULL; -char *password = NULL; -unsigned short port = 0; - -static void -Usage(const char *progName) -{ - fprintf(stderr, - "Usage: %s [-p port] [-c connections] [-C cipher(s)] hostname\n", - progName); - exit(1); -} - -PRFileDesc * -setupSSLSocket(PRNetAddr *addr) -{ - PRFileDesc *tcpSocket; - PRFileDesc *sslSocket; - PRSocketOptionData socketOption; - PRStatus prStatus; - SECStatus secStatus; - - - tcpSocket = PR_NewTCPSocket(); - if (tcpSocket == NULL) { - errWarn("PR_NewTCPSocket"); - } - - /* Make the socket blocking. */ - socketOption.option = PR_SockOpt_Nonblocking; - socketOption.value.non_blocking = PR_FALSE; - - prStatus = PR_SetSocketOption(tcpSocket, &socketOption); - if (prStatus != PR_SUCCESS) { - errWarn("PR_SetSocketOption"); - goto loser; - } - - - /* Import the socket into the SSL layer. */ - sslSocket = SSL_ImportFD(NULL, tcpSocket); - if (!sslSocket) { - errWarn("SSL_ImportFD"); - goto loser; - } - - /* Set configuration options. */ - secStatus = SSL_OptionSet(sslSocket, SSL_SECURITY, PR_TRUE); - if (secStatus != SECSuccess) { - errWarn("SSL_OptionSet:SSL_SECURITY"); - goto loser; - } - - secStatus = SSL_OptionSet(sslSocket, SSL_HANDSHAKE_AS_CLIENT, PR_TRUE); - if (secStatus != SECSuccess) { - errWarn("SSL_OptionSet:SSL_HANDSHAKE_AS_CLIENT"); - goto loser; - } - - /* Set SSL callback routines. */ - secStatus = SSL_GetClientAuthDataHook(sslSocket, - (SSLGetClientAuthData)myGetClientAuthData, - (void *)certNickname); - if (secStatus != SECSuccess) { - errWarn("SSL_GetClientAuthDataHook"); - goto loser; - } - - secStatus = SSL_AuthCertificateHook(sslSocket, - (SSLAuthCertificate)myAuthCertificate, - (void *)CERT_GetDefaultCertDB()); - if (secStatus != SECSuccess) { - errWarn("SSL_AuthCertificateHook"); - goto loser; - } - - secStatus = SSL_BadCertHook(sslSocket, - (SSLBadCertHandler)myBadCertHandler, NULL); - if (secStatus != SECSuccess) { - errWarn("SSL_BadCertHook"); - goto loser; - } - - secStatus = SSL_HandshakeCallback(sslSocket, - (SSLHandshakeCallback)myHandshakeCallback, - NULL); - if (secStatus != SECSuccess) { - errWarn("SSL_HandshakeCallback"); - goto loser; - } - - return sslSocket; - -loser: - - PR_Close(tcpSocket); - return NULL; -} - - -const char requestString[] = {"GET /testfile HTTP/1.0\r\n\r\n" }; - -SECStatus -handle_connection(PRFileDesc *sslSocket, int connection) -{ - int countRead = 0; - PRInt32 numBytes; - char *readBuffer; - - readBuffer = PORT_Alloc(RD_BUF_SIZE); - if (!readBuffer) { - exitErr("PORT_Alloc"); - } - - /* compose the http request here. */ - - numBytes = PR_Write(sslSocket, requestString, strlen(requestString)); - if (numBytes <= 0) { - errWarn("PR_Write"); - PR_Free(readBuffer); - readBuffer = NULL; - return SECFailure; - } - - /* read until EOF */ - while (PR_TRUE) { - numBytes = PR_Read(sslSocket, readBuffer, RD_BUF_SIZE); - if (numBytes == 0) { - break; /* EOF */ - } - if (numBytes < 0) { - errWarn("PR_Read"); - break; - } - countRead += numBytes; - } - - printSecurityInfo(stderr, sslSocket); - - PR_Free(readBuffer); - readBuffer = NULL; - - /* Caller closes the socket. */ - - fprintf(stderr, - "***** Connection %d read %d bytes total.\n", - connection, countRead); - - return SECSuccess; /* success */ -} - -#define BYTE(n,i) (((i)>>((n)*8))&0xff) - -/* one copy of this function is launched in a separate thread for each -** connection to be made. -*/ -SECStatus -do_connects(void *a, int connection) -{ - PRNetAddr *addr = (PRNetAddr *)a; - PRFileDesc *sslSocket; - PRHostEnt hostEntry; - char buffer[PR_NETDB_BUF_SIZE]; - PRStatus prStatus; - PRIntn hostenum; - PRInt32 ip; - SECStatus secStatus; - - /* Set up SSL secure socket. */ - sslSocket = setupSSLSocket(addr); - if (sslSocket == NULL) { - errWarn("setupSSLSocket"); - return SECFailure; - } - - secStatus = SSL_SetPKCS11PinArg(sslSocket, password); - if (secStatus != SECSuccess) { - errWarn("SSL_SetPKCS11PinArg"); - return secStatus; - } - - secStatus = SSL_SetURL(sslSocket, hostName); - if (secStatus != SECSuccess) { - errWarn("SSL_SetURL"); - return secStatus; - } - - /* Prepare and setup network connection. */ - prStatus = PR_GetHostByName(hostName, buffer, sizeof(buffer), &hostEntry); - if (prStatus != PR_SUCCESS) { - errWarn("PR_GetHostByName"); - return SECFailure; - } - - hostenum = PR_EnumerateHostEnt(0, &hostEntry, port, addr); - if (hostenum == -1) { - errWarn("PR_EnumerateHostEnt"); - return SECFailure; - } - - ip = PR_ntohl(addr->inet.ip); - fprintf(stderr, - "Connecting to host %s (addr %d.%d.%d.%d) on port %d\n", - hostName, BYTE(3,ip), BYTE(2,ip), BYTE(1,ip), - BYTE(0,ip), PR_ntohs(addr->inet.port)); - - prStatus = PR_Connect(sslSocket, addr, PR_INTERVAL_NO_TIMEOUT); - if (prStatus != PR_SUCCESS) { - errWarn("PR_Connect"); - return SECFailure; - } - - /* Established SSL connection, ready to send data. */ -#if 0 - secStatus = SSL_ForceHandshake(sslSocket); - if (secStatus != SECSuccess) { - errWarn("SSL_ForceHandshake"); - return secStatus; - } -#endif - - secStatus = SSL_ResetHandshake(sslSocket, /* asServer */ PR_FALSE); - if (secStatus != SECSuccess) { - errWarn("SSL_ResetHandshake"); - prStatus = PR_Close(sslSocket); - if (prStatus != PR_SUCCESS) { - errWarn("PR_Close"); - } - return secStatus; - } - - secStatus = handle_connection(sslSocket, connection); - if (secStatus != SECSuccess) { - /* error already printed out in handle_connection */ - /* errWarn("handle_connection"); */ - prStatus = PR_Close(sslSocket); - if (prStatus != PR_SUCCESS) { - errWarn("PR_Close"); - } - return secStatus; - } - - PR_Close(sslSocket); - return SECSuccess; -} - -void -client_main(unsigned short port, - int connections, - const char * hostName) -{ - int i; - SECStatus secStatus; - PRStatus prStatus; - PRInt32 rv; - PRNetAddr addr; - PRHostEnt hostEntry; - char buffer[256]; - - /* Setup network connection. */ - prStatus = PR_GetHostByName(hostName, buffer, 256, &hostEntry); - if (prStatus != PR_SUCCESS) { - exitErr("PR_GetHostByName"); - } - - rv = PR_EnumerateHostEnt(0, &hostEntry, port, &addr); - if (rv < 0) { - exitErr("PR_EnumerateHostEnt"); - } - - secStatus = launch_thread(&threadMGR, do_connects, &addr, 1); - if (secStatus != SECSuccess) { - exitErr("launch_thread"); - } - - if (connections > 1) { - /* wait for the first connection to terminate, then launch the rest. */ - reap_threads(&threadMGR); - /* Start up the connections */ - for (i = 2; i <= connections; ++i) { - secStatus = launch_thread(&threadMGR, do_connects, &addr, i); - if (secStatus != SECSuccess) { - errWarn("launch_thread"); - } - } - } - - reap_threads(&threadMGR); - destroy_thread_data(&threadMGR); -} - -int -main(int argc, char **argv) -{ - char * certDir = NULL; - char * progName = NULL; - int connections = 1; - char * cipherString = NULL; - SECStatus secStatus; - PLOptState * optstate; - PLOptStatus status; - - /* Call the NSPR initialization routines */ - PR_Init( PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1); - - progName = PORT_Strdup(argv[0]); - - hostName = NULL; - optstate = PL_CreateOptState(argc, argv, "C:c:d:n:p:w:"); - while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) { - switch(optstate->option) { - case 'C' : cipherString = PL_strdup(optstate->value); break; - case 'c' : connections = PORT_Atoi(optstate->value); break; - case 'd' : certDir = PL_strdup(optstate->value); break; - case 'p' : port = PORT_Atoi(optstate->value); break; - case 'w' : password = PL_strdup(optstate->value); break; - case '\0': hostName = PL_strdup(optstate->value); break; - default : Usage(progName); - } - } - - if (port == 0) { - port = 443; - } - - if (port == 0 || hostName == NULL) - Usage(progName); - - /* Set our password function callback. */ - PK11_SetPasswordFunc(myPasswd); - - /* Initialize the NSS libraries. */ - if (certDir) { - secStatus = NSS_Init(certDir); - } else { - secStatus = NSS_NoDB_Init(NULL); - - /* load the builtins */ - SECMOD_AddNewModule("Builtins", - DLL_PREFIX"nssckbi."DLL_SUFFIX, 0, 0); - } - if (secStatus != SECSuccess) { - exitErr("NSS_Init"); - } - - /* All cipher suites except RSA_NULL_MD5 are enabled by - * Domestic Policy. */ - NSS_SetDomesticPolicy(); - SSL_CipherPrefSetDefault(SSL_RSA_WITH_NULL_MD5, PR_TRUE); - - /* all the SSL2 and SSL3 cipher suites are enabled by default. */ - if (cipherString) { - int ndx; - - /* disable all the ciphers, then enable the ones we want. */ - disableAllSSLCiphers(); - - while (0 != (ndx = *cipherString++)) { - int *cptr; - int cipher; - - if (! isalpha(ndx)) - Usage(progName); - cptr = islower(ndx) ? ssl3CipherSuites : ssl2CipherSuites; - for (ndx &= 0x1f; (cipher = *cptr++) != 0 && --ndx > 0; ) - /* do nothing */; - if (cipher) { - SSL_CipherPrefSetDefault(cipher, PR_TRUE); - } - } - } - - client_main(port, connections, hostName); - - if (NSS_Shutdown() != SECSuccess) { - exit(1); - } - - PR_Cleanup(); - PORT_Free(progName); - return 0; -} - diff --git a/security/nss/cmd/vfyserv/vfyserv.h b/security/nss/cmd/vfyserv/vfyserv.h deleted file mode 100644 index 70e1ada78..000000000 --- a/security/nss/cmd/vfyserv/vfyserv.h +++ /dev/null @@ -1,177 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -#ifndef SSLSAMPLE_H -#define SSLSAMPLE_H - -/* Generic header files */ - -#include <stdio.h> -#include <string.h> - -/* NSPR header files */ - -#include "nspr.h" -#include "prerror.h" -#include "prnetdb.h" - -/* NSS header files */ - -#include "pk11func.h" -#include "secitem.h" -#include "ssl.h" -#include "certt.h" -#include "nss.h" -#include "secder.h" -#include "key.h" -#include "sslproto.h" - -/* Custom header files */ - -/* -#include "sslerror.h" -*/ - -#define BUFFER_SIZE 10240 - -/* Declare SSL cipher suites. */ - -extern int cipherSuites[]; -extern int ssl2CipherSuites[]; -extern int ssl3CipherSuites[]; - -/* Data buffer read from a socket. */ -typedef struct DataBufferStr { - char data[BUFFER_SIZE]; - int index; - int remaining; - int dataStart; - int dataEnd; -} DataBuffer; - -/* SSL callback routines. */ - -char * myPasswd(PK11SlotInfo *info, PRBool retry, void *arg); - -SECStatus myAuthCertificate(void *arg, PRFileDesc *socket, - PRBool checksig, PRBool isServer); - -SECStatus myBadCertHandler(void *arg, PRFileDesc *socket); - -SECStatus myHandshakeCallback(PRFileDesc *socket, void *arg); - -SECStatus myGetClientAuthData(void *arg, PRFileDesc *socket, - struct CERTDistNamesStr *caNames, - struct CERTCertificateStr **pRetCert, - struct SECKEYPrivateKeyStr **pRetKey); - -/* Disable all v2/v3 SSL ciphers. */ - -void disableAllSSLCiphers(void); - - -/* Error and information utilities. */ - -void errWarn(char *function); - -void exitErr(char *function); - -void printSecurityInfo(FILE *outfile, PRFileDesc *fd); - -/* Some simple thread management routines. */ - -#define MAX_THREADS 32 - -typedef SECStatus startFn(void *a, int b); - -typedef enum { rs_idle = 0, rs_running = 1, rs_zombie = 2 } runState; - -typedef struct perThreadStr { - PRFileDesc *a; - int b; - int rv; - startFn *startFunc; - PRThread *prThread; - PRBool inUse; - runState running; -} perThread; - -typedef struct GlobalThreadMgrStr { - PRLock *threadLock; - PRCondVar *threadStartQ; - PRCondVar *threadEndQ; - perThread threads[MAX_THREADS]; - int index; - int numUsed; - int numRunning; -} GlobalThreadMgr; - -void thread_wrapper(void * arg); - -SECStatus launch_thread(GlobalThreadMgr *threadMGR, - startFn *startFunc, void *a, int b); - -SECStatus reap_threads(GlobalThreadMgr *threadMGR); - -void destroy_thread_data(GlobalThreadMgr *threadMGR); - -/* Management of locked variables. */ - -struct lockedVarsStr { - PRLock * lock; - int count; - int waiters; - PRCondVar * condVar; -}; - -typedef struct lockedVarsStr lockedVars; - -void lockedVars_Init(lockedVars *lv); - -void lockedVars_Destroy(lockedVars *lv); - -void lockedVars_WaitForDone(lockedVars *lv); - -int lockedVars_AddToCount(lockedVars *lv, int addend); - -/* Buffer stuff. */ - -static const char stopCmd[] = { "GET /stop " }; -static const char defaultHeader[] = { - "HTTP/1.0 200 OK\r\n" - "Server: SSL sample server\r\n" - "Content-type: text/plain\r\n" - "\r\n" -}; - -#endif diff --git a/security/nss/cmd/vfyserv/vfyutil.c b/security/nss/cmd/vfyserv/vfyutil.c deleted file mode 100644 index 6f3d1e55f..000000000 --- a/security/nss/cmd/vfyserv/vfyutil.c +++ /dev/null @@ -1,615 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -#include "vfyserv.h" -#include "secerr.h" -#include "sslerr.h" -#include "nspr.h" -#include "secutil.h" - -/* Declare SSL cipher suites. */ - -int ssl2CipherSuites[] = { - SSL_EN_RC4_128_WITH_MD5, /* A */ - SSL_EN_RC4_128_EXPORT40_WITH_MD5, /* B */ - SSL_EN_RC2_128_CBC_WITH_MD5, /* C */ - SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5, /* D */ - SSL_EN_DES_64_CBC_WITH_MD5, /* E */ - SSL_EN_DES_192_EDE3_CBC_WITH_MD5, /* F */ - 0 -}; - -int ssl3CipherSuites[] = { - SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA, /* a */ - SSL_FORTEZZA_DMS_WITH_RC4_128_SHA, /* b */ - SSL_RSA_WITH_RC4_128_MD5, /* c */ - SSL_RSA_WITH_3DES_EDE_CBC_SHA, /* d */ - SSL_RSA_WITH_DES_CBC_SHA, /* e */ - SSL_RSA_EXPORT_WITH_RC4_40_MD5, /* f */ - SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, /* g */ - SSL_FORTEZZA_DMS_WITH_NULL_SHA, /* h */ - SSL_RSA_WITH_NULL_MD5, /* i */ - SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, /* j */ - SSL_RSA_FIPS_WITH_DES_CBC_SHA, /* k */ - TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, /* l */ - TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, /* m */ - SSL_RSA_WITH_RC4_128_SHA, /* n */ - TLS_DHE_DSS_WITH_RC4_128_SHA, /* o */ - SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, /* p */ - SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, /* q */ - SSL_DHE_RSA_WITH_DES_CBC_SHA, /* r */ - SSL_DHE_DSS_WITH_DES_CBC_SHA, /* s */ - TLS_DHE_DSS_WITH_AES_128_CBC_SHA, /* t */ - TLS_DHE_RSA_WITH_AES_128_CBC_SHA, /* u */ - TLS_RSA_WITH_AES_128_CBC_SHA, /* v */ - TLS_DHE_DSS_WITH_AES_256_CBC_SHA, /* w */ - TLS_DHE_RSA_WITH_AES_256_CBC_SHA, /* x */ - TLS_RSA_WITH_AES_256_CBC_SHA, /* y */ - SSL_RSA_WITH_NULL_SHA, /* z */ - 0 -}; - -/************************************************************************** -** -** SSL callback routines. -** -**************************************************************************/ - -/* Function: char * myPasswd() - * - * Purpose: This function is our custom password handler that is called by - * SSL when retreiving private certs and keys from the database. Returns a - * pointer to a string that with a password for the database. Password pointer - * should point to dynamically allocated memory that will be freed later. - */ -char * -myPasswd(PK11SlotInfo *info, PRBool retry, void *arg) -{ - char * passwd = NULL; - - if ( (!retry) && arg ) { - passwd = PORT_Strdup((char *)arg); - } - return passwd; -} - -/* Function: SECStatus myAuthCertificate() - * - * Purpose: This function is our custom certificate authentication handler. - * - * Note: This implementation is essentially the same as the default - * SSL_AuthCertificate(). - */ -SECStatus -myAuthCertificate(void *arg, PRFileDesc *socket, - PRBool checksig, PRBool isServer) -{ - - SECCertificateUsage certUsage; - CERTCertificate * cert; - void * pinArg; - char * hostName; - SECStatus secStatus; - - if (!arg || !socket) { - errWarn("myAuthCertificate"); - return SECFailure; - } - - /* Define how the cert is being used based upon the isServer flag. */ - - certUsage = isServer ? certificateUsageSSLClient : certificateUsageSSLServer; - - cert = SSL_PeerCertificate(socket); - - pinArg = SSL_RevealPinArg(socket); - - secStatus = CERT_VerifyCertificateNow((CERTCertDBHandle *)arg, - cert, - checksig, - certUsage, - pinArg, - NULL); - - /* If this is a server, we're finished. */ - if (isServer || secStatus != SECSuccess) { - SECU_printCertProblems(stderr, (CERTCertDBHandle *)arg, cert, - checksig, certUsage, pinArg, PR_FALSE); - CERT_DestroyCertificate(cert); - return secStatus; - } - - /* Certificate is OK. Since this is the client side of an SSL - * connection, we need to verify that the name field in the cert - * matches the desired hostname. This is our defense against - * man-in-the-middle attacks. - */ - - /* SSL_RevealURL returns a hostName, not an URL. */ - hostName = SSL_RevealURL(socket); - - if (hostName && hostName[0]) { - secStatus = CERT_VerifyCertName(cert, hostName); - } else { - PR_SetError(SSL_ERROR_BAD_CERT_DOMAIN, 0); - secStatus = SECFailure; - } - - if (hostName) - PR_Free(hostName); - - CERT_DestroyCertificate(cert); - return secStatus; -} - -/* Function: SECStatus myBadCertHandler() - * - * Purpose: This callback is called when the incoming certificate is not - * valid. We define a certain set of parameters that still cause the - * certificate to be "valid" for this session, and return SECSuccess to cause - * the server to continue processing the request when any of these conditions - * are met. Otherwise, SECFailure is return and the server rejects the - * request. - */ -SECStatus -myBadCertHandler(void *arg, PRFileDesc *socket) -{ - - SECStatus secStatus = SECFailure; - PRErrorCode err; - - /* log invalid cert here */ - - if (!arg) { - return secStatus; - } - - *(PRErrorCode *)arg = err = PORT_GetError(); - - /* If any of the cases in the switch are met, then we will proceed */ - /* with the processing of the request anyway. Otherwise, the default */ - /* case will be reached and we will reject the request. */ - - switch (err) { - case SEC_ERROR_INVALID_AVA: - case SEC_ERROR_INVALID_TIME: - case SEC_ERROR_BAD_SIGNATURE: - case SEC_ERROR_EXPIRED_CERTIFICATE: - case SEC_ERROR_UNKNOWN_ISSUER: - case SEC_ERROR_UNTRUSTED_CERT: - case SEC_ERROR_CERT_VALID: - case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE: - case SEC_ERROR_CRL_EXPIRED: - case SEC_ERROR_CRL_BAD_SIGNATURE: - case SEC_ERROR_EXTENSION_VALUE_INVALID: - case SEC_ERROR_CA_CERT_INVALID: - case SEC_ERROR_CERT_USAGES_INVALID: - case SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION: - secStatus = SECSuccess; - break; - default: - secStatus = SECFailure; - break; - } - - fprintf(stderr, "Bad certificate: %d, %s\n", err, SECU_Strerror(err)); - - return secStatus; -} - -/* Function: SECStatus ownGetClientAuthData() - * - * Purpose: This callback is used by SSL to pull client certificate - * information upon server request. - */ -SECStatus -myGetClientAuthData(void *arg, - PRFileDesc *socket, - struct CERTDistNamesStr *caNames, - struct CERTCertificateStr **pRetCert, - struct SECKEYPrivateKeyStr **pRetKey) -{ - - CERTCertificate * cert; - SECKEYPrivateKey * privKey; - char * chosenNickName = (char *)arg; - void * proto_win = NULL; - SECStatus secStatus = SECFailure; - - proto_win = SSL_RevealPinArg(socket); - - if (chosenNickName) { - cert = PK11_FindCertFromNickname(chosenNickName, proto_win); - if (cert) { - privKey = PK11_FindKeyByAnyCert(cert, proto_win); - if (privKey) { - secStatus = SECSuccess; - } else { - CERT_DestroyCertificate(cert); - } - } - } else { /* no nickname given, automatically find the right cert */ - CERTCertNicknames *names; - int i; - - names = CERT_GetCertNicknames(CERT_GetDefaultCertDB(), - SEC_CERT_NICKNAMES_USER, proto_win); - - if (names != NULL) { - for(i = 0; i < names->numnicknames; i++ ) { - - cert = PK11_FindCertFromNickname(names->nicknames[i], - proto_win); - if (!cert) { - continue; - } - - /* Only check unexpired certs */ - if (CERT_CheckCertValidTimes(cert, PR_Now(), PR_FALSE) - != secCertTimeValid ) { - CERT_DestroyCertificate(cert); - continue; - } - - secStatus = NSS_CmpCertChainWCANames(cert, caNames); - if (secStatus == SECSuccess) { - privKey = PK11_FindKeyByAnyCert(cert, proto_win); - if (privKey) { - break; - } - secStatus = SECFailure; - break; - } - CERT_FreeNicknames(names); - } /* for loop */ - } - } - - if (secStatus == SECSuccess) { - *pRetCert = cert; - *pRetKey = privKey; - } - - return secStatus; -} - -/* Function: SECStatus myHandshakeCallback() - * - * Purpose: Called by SSL to inform application that the handshake is - * complete. This function is mostly used on the server side of an SSL - * connection, although it is provided for a client as well. - * Useful when a non-blocking SSL_ReHandshake or SSL_ResetHandshake - * is used to initiate a handshake. - * - * A typical scenario would be: - * - * 1. Server accepts an SSL connection from the client without client auth. - * 2. Client sends a request. - * 3. Server determines that to service request it needs to authenticate the - * client and initiates another handshake requesting client auth. - * 4. While handshake is in progress, server can do other work or spin waiting - * for the handshake to complete. - * 5. Server is notified that handshake has been successfully completed by - * the custom handshake callback function and it can service the client's - * request. - * - * Note: This function is not implemented in this sample, as we are using - * blocking sockets. - */ -SECStatus -myHandshakeCallback(PRFileDesc *socket, void *arg) -{ - fprintf(stderr,"Handshake Complete: SERVER CONFIGURED CORRECTLY\n"); - return SECSuccess; -} - - -/************************************************************************** -** -** Routines for disabling SSL ciphers. -** -**************************************************************************/ - -void -disableAllSSLCiphers(void) -{ - const PRUint16 *cipherSuites = SSL_ImplementedCiphers; - int i = SSL_NumImplementedCiphers; - SECStatus rv; - - /* disable all the SSL3 cipher suites */ - while (--i >= 0) { - PRUint16 suite = cipherSuites[i]; - rv = SSL_CipherPrefSetDefault(suite, PR_FALSE); - if (rv != SECSuccess) { - fprintf(stderr, - "SSL_CipherPrefSetDefault didn't like value 0x%04x (i = %d)\n", - suite, i); - errWarn("SSL_CipherPrefSetDefault"); - exit(2); - } - } -} - -/************************************************************************** -** -** Error and information routines. -** -**************************************************************************/ - -void -errWarn(char *function) -{ - PRErrorCode errorNumber = PR_GetError(); - const char * errorString = SECU_Strerror(errorNumber); - - fprintf(stderr, "Error in function %s: %d\n - %s\n", - function, errorNumber, errorString); -} - -void -exitErr(char *function) -{ - errWarn(function); - /* Exit gracefully. */ - /* ignoring return value of NSS_Shutdown as code exits with 1 anyway*/ - (void) NSS_Shutdown(); - PR_Cleanup(); - exit(1); -} - -void -printSecurityInfo(FILE *outfile, PRFileDesc *fd) -{ - char * cp; /* bulk cipher name */ - char * ip; /* cert issuer DN */ - char * sp; /* cert subject DN */ - int op; /* High, Low, Off */ - int kp0; /* total key bits */ - int kp1; /* secret key bits */ - int result; - SSL3Statistics * ssl3stats = SSL_GetStatistics(); - - if (!outfile) { - outfile = stdout; - } - - result = SSL_SecurityStatus(fd, &op, &cp, &kp0, &kp1, &ip, &sp); - if (result != SECSuccess) - return; - fprintf(outfile, - " bulk cipher %s, %d secret key bits, %d key bits, status: %d\n" - " subject DN:\n %s\n" - " issuer DN:\n %s\n", cp, kp1, kp0, op, sp, ip); - PR_Free(cp); - PR_Free(ip); - PR_Free(sp); - - fprintf(outfile, - " %ld cache hits; %ld cache misses, %ld cache not reusable\n", - ssl3stats->hch_sid_cache_hits, ssl3stats->hch_sid_cache_misses, - ssl3stats->hch_sid_cache_not_ok); - -} - - -/************************************************************************** -** Begin thread management routines and data. -**************************************************************************/ - -void -thread_wrapper(void * arg) -{ - GlobalThreadMgr *threadMGR = (GlobalThreadMgr *)arg; - perThread *slot = &threadMGR->threads[threadMGR->index]; - - /* wait for parent to finish launching us before proceeding. */ - PR_Lock(threadMGR->threadLock); - PR_Unlock(threadMGR->threadLock); - - slot->rv = (* slot->startFunc)(slot->a, slot->b); - - PR_Lock(threadMGR->threadLock); - slot->running = rs_zombie; - - /* notify the thread exit handler. */ - PR_NotifyCondVar(threadMGR->threadEndQ); - - PR_Unlock(threadMGR->threadLock); -} - -SECStatus -launch_thread(GlobalThreadMgr *threadMGR, - startFn *startFunc, - void *a, - int b) -{ - perThread *slot; - int i; - - if (!threadMGR->threadStartQ) { - threadMGR->threadLock = PR_NewLock(); - threadMGR->threadStartQ = PR_NewCondVar(threadMGR->threadLock); - threadMGR->threadEndQ = PR_NewCondVar(threadMGR->threadLock); - } - PR_Lock(threadMGR->threadLock); - while (threadMGR->numRunning >= MAX_THREADS) { - PR_WaitCondVar(threadMGR->threadStartQ, PR_INTERVAL_NO_TIMEOUT); - } - for (i = 0; i < threadMGR->numUsed; ++i) { - slot = &threadMGR->threads[i]; - if (slot->running == rs_idle) - break; - } - if (i >= threadMGR->numUsed) { - if (i >= MAX_THREADS) { - /* something's really wrong here. */ - PORT_Assert(i < MAX_THREADS); - PR_Unlock(threadMGR->threadLock); - return SECFailure; - } - ++(threadMGR->numUsed); - PORT_Assert(threadMGR->numUsed == i + 1); - slot = &threadMGR->threads[i]; - } - - slot->a = a; - slot->b = b; - slot->startFunc = startFunc; - - threadMGR->index = i; - - slot->prThread = PR_CreateThread(PR_USER_THREAD, - thread_wrapper, threadMGR, - PR_PRIORITY_NORMAL, PR_GLOBAL_THREAD, - PR_JOINABLE_THREAD, 0); - - if (slot->prThread == NULL) { - PR_Unlock(threadMGR->threadLock); - printf("Failed to launch thread!\n"); - return SECFailure; - } - - slot->inUse = 1; - slot->running = 1; - ++(threadMGR->numRunning); - PR_Unlock(threadMGR->threadLock); - - return SECSuccess; -} - -SECStatus -reap_threads(GlobalThreadMgr *threadMGR) -{ - perThread * slot; - int i; - - if (!threadMGR->threadLock) - return SECSuccess; - PR_Lock(threadMGR->threadLock); - while (threadMGR->numRunning > 0) { - PR_WaitCondVar(threadMGR->threadEndQ, PR_INTERVAL_NO_TIMEOUT); - for (i = 0; i < threadMGR->numUsed; ++i) { - slot = &threadMGR->threads[i]; - if (slot->running == rs_zombie) { - /* Handle cleanup of thread here. */ - - /* Now make sure the thread has ended OK. */ - PR_JoinThread(slot->prThread); - slot->running = rs_idle; - --threadMGR->numRunning; - - /* notify the thread launcher. */ - PR_NotifyCondVar(threadMGR->threadStartQ); - } - } - } - - /* Safety Sam sez: make sure count is right. */ - for (i = 0; i < threadMGR->numUsed; ++i) { - slot = &threadMGR->threads[i]; - if (slot->running != rs_idle) { - fprintf(stderr, "Thread in slot %d is in state %d!\n", - i, slot->running); - } - } - PR_Unlock(threadMGR->threadLock); - return SECSuccess; -} - -void -destroy_thread_data(GlobalThreadMgr *threadMGR) -{ - PORT_Memset(threadMGR->threads, 0, sizeof(threadMGR->threads)); - - if (threadMGR->threadEndQ) { - PR_DestroyCondVar(threadMGR->threadEndQ); - threadMGR->threadEndQ = NULL; - } - if (threadMGR->threadStartQ) { - PR_DestroyCondVar(threadMGR->threadStartQ); - threadMGR->threadStartQ = NULL; - } - if (threadMGR->threadLock) { - PR_DestroyLock(threadMGR->threadLock); - threadMGR->threadLock = NULL; - } -} - -/************************************************************************** -** End thread management routines. -**************************************************************************/ - -void -lockedVars_Init( lockedVars * lv) -{ - lv->count = 0; - lv->waiters = 0; - lv->lock = PR_NewLock(); - lv->condVar = PR_NewCondVar(lv->lock); -} - -void -lockedVars_Destroy( lockedVars * lv) -{ - PR_DestroyCondVar(lv->condVar); - lv->condVar = NULL; - - PR_DestroyLock(lv->lock); - lv->lock = NULL; -} - -void -lockedVars_WaitForDone(lockedVars * lv) -{ - PR_Lock(lv->lock); - while (lv->count > 0) { - PR_WaitCondVar(lv->condVar, PR_INTERVAL_NO_TIMEOUT); - } - PR_Unlock(lv->lock); -} - -int /* returns count */ -lockedVars_AddToCount(lockedVars * lv, int addend) -{ - int rv; - - PR_Lock(lv->lock); - rv = lv->count += addend; - if (rv <= 0) { - PR_NotifyCondVar(lv->condVar); - } - PR_Unlock(lv->lock); - return rv; -} - diff --git a/security/nss/cmd/zlib/Makefile b/security/nss/cmd/zlib/Makefile deleted file mode 100644 index fa46e6763..000000000 --- a/security/nss/cmd/zlib/Makefile +++ /dev/null @@ -1,75 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - -include config.mk - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - - - diff --git a/security/nss/cmd/zlib/README b/security/nss/cmd/zlib/README deleted file mode 100644 index 28adc90b2..000000000 --- a/security/nss/cmd/zlib/README +++ /dev/null @@ -1,99 +0,0 @@ -zlib 1.0.4 is a general purpose data compression library. All the code -is reentrant (thread safe). The data format used by the zlib library -is described by RFCs (Request for Comments) 1950 to 1952 in the files -ftp://ds.internic.net/rfc/rfc1950.txt (zlib format), rfc1951.txt (deflate -format) and rfc1952.txt (gzip format). These documents are also available in -other formats from ftp://ftp.uu.net/graphics/png/documents/zlib/zdoc-index.html - -All functions of the compression library are documented in the file -zlib.h. A usage example of the library is given in the file example.c -which also tests that the library is working correctly. Another -example is given in the file minigzip.c. The compression library itself -is composed of all source files except example.c and minigzip.c. - -To compile all files and run the test program, follow the instructions -given at the top of Makefile. In short "make test; make install" -should work for most machines. For MSDOS, use one of the special -makefiles such as Makefile.msc; for VMS, use Make_vms.com or descrip.mms. - -Questions about zlib should be sent to <zlib@quest.jpl.nasa.gov> or, -if this fails, to the addresses given below in the Copyright section. -The zlib home page is http://quest.jpl.nasa.gov/zlib/ - -The changes made in version 1.0.4 are documented in the file ChangeLog. -The main changes since 1.0.3 are: - -- In very rare conditions, deflate(s, Z_FINISH) could fail to produce an EOF - bit, so the decompressor could decompress all the correct data but went - on to attempt decompressing extra garbage data. This affected minigzip too. -- zlibVersion and gzerror return const char* (needed for DLL) -- port to RISCOS (no fdopen, no multiple dots, no unlink, no fileno) - - -A Perl interface to zlib written by Paul Marquess <pmarquess@bfsec.bt.co.uk> -is in the CPAN (Comprehensive Perl Archive Network) sites, such as: -ftp://ftp.cis.ufl.edu/pub/perl/CPAN/modules/by-module/Compress/Compress-Zlib* - - -Notes for some targets: - -- For Turbo C the small model is supported only with reduced performance to - avoid any far allocation; it was tested with -DMAX_WBITS=11 -DMAX_MEM_LEVEL=3 - -- For 64-bit Iris, deflate.c must be compiled without any optimization. - With -O, one libpng test fails. The test works in 32 bit mode (with - the -32 compiler flag). The compiler bug has been reported to SGI. - -- zlib doesn't work with gcc 2.6.3 on a DEC 3000/300LX under OSF/1 2.1 - it works when compiled with cc. - -- zlib doesn't work on HP-UX 9.05 with one cc compiler (the one not - accepting the -O option). It works with the other cc compiler. - -- To build a Windows DLL version, include in a DLL project zlib.def, zlib.rc - and all .c files except example.c and minigzip.c; compile with -DZLIB_DLL - For help on building a zlib DLL, contact Alessandro Iacopetti - <iaco@email.alessandria.alpcom.it> http://lisa.unial.it/iaco , - or contact Brad Clarke <bclarke@cyberus.ca>. - -- gzdopen is not supported on RISCOS - - -Acknowledgments: - - The deflate format used by zlib was defined by Phil Katz. The deflate - and zlib specifications were written by Peter Deutsch. Thanks to all the - people who reported problems and suggested various improvements in zlib; - they are too numerous to cite here. - -Copyright notice: - - (C) 1995-1996 Jean-loup Gailly and Mark Adler - - This software is provided 'as-is', without any express or implied - warranty. In no event will the authors be held liable for any damages - arising from the use of this software. - - Permission is granted to anyone to use this software for any purpose, - including commercial applications, and to alter it and redistribute it - freely, subject to the following restrictions: - - 1. The origin of this software must not be misrepresented; you must not - claim that you wrote the original software. If you use this software - in a product, an acknowledgment in the product documentation would be - appreciated but is not required. - 2. Altered source versions must be plainly marked as such, and must not be - misrepresented as being the original software. - 3. This notice may not be removed or altered from any source distribution. - - Jean-loup Gailly Mark Adler - gzip@prep.ai.mit.edu madler@alumni.caltech.edu - -If you use the zlib library in a product, we would appreciate *not* -receiving lengthy legal documents to sign. The sources are provided -for free but without warranty of any kind. The library has been -entirely written by Jean-loup Gailly and Mark Adler; it does not -include third-party code. - -If you redistribute modified sources, we would appreciate that you include -in the file ChangeLog history information documenting your changes. diff --git a/security/nss/cmd/zlib/adler32.c b/security/nss/cmd/zlib/adler32.c deleted file mode 100644 index 9f4afd63c..000000000 --- a/security/nss/cmd/zlib/adler32.c +++ /dev/null @@ -1,48 +0,0 @@ -/* adler32.c -- compute the Adler-32 checksum of a data stream - * Copyright (C) 1995-1996 Mark Adler - * For conditions of distribution and use, see copyright notice in zlib.h - */ -/* This file was modified since it was taken from the zlib distribution */ -/* $Id$ */ - -#include "zlib.h" - -#define BASE 65521L /* largest prime smaller than 65536 */ -#define NMAX 5552 -/* NMAX is the largest n such that 255n(n+1)/2 + (n+1)(BASE-1) <= 2^32-1 */ - -#define DO1(buf,i) {s1 += buf[i]; s2 += s1;} -#define DO2(buf,i) DO1(buf,i); DO1(buf,i+1); -#define DO4(buf,i) DO2(buf,i); DO2(buf,i+2); -#define DO8(buf,i) DO4(buf,i); DO4(buf,i+4); -#define DO16(buf) DO8(buf,0); DO8(buf,8); - -/* ========================================================================= */ -PR_PUBLIC_API(uLong) adler32(adler, buf, len) - uLong adler; - const Bytef *buf; - uInt len; -{ - unsigned long s1 = adler & 0xffff; - unsigned long s2 = (adler >> 16) & 0xffff; - int k; - - if (buf == Z_NULL) return 1L; - - while (len > 0) { - k = len < NMAX ? len : NMAX; - len -= k; - while (k >= 16) { - DO16(buf); - buf += 16; - k -= 16; - } - if (k != 0) do { - s1 += *buf++; - s2 += s1; - } while (--k); - s1 %= BASE; - s2 %= BASE; - } - return (s2 << 16) | s1; -} diff --git a/security/nss/cmd/zlib/compress.c b/security/nss/cmd/zlib/compress.c deleted file mode 100644 index 3e1cc7c09..000000000 --- a/security/nss/cmd/zlib/compress.c +++ /dev/null @@ -1,57 +0,0 @@ -/* compress.c -- compress a memory buffer - * Copyright (C) 1995-1996 Jean-loup Gailly. - * For conditions of distribution and use, see copyright notice in zlib.h - */ -/* This file was modified since it was taken from the zlib distribution */ -/* $Id$ */ - -#include "zlib.h" - -/* =========================================================================== - Compresses the source buffer into the destination buffer. sourceLen is - the byte length of the source buffer. Upon entry, destLen is the total - size of the destination buffer, which must be at least 0.1% larger than - sourceLen plus 8 bytes. Upon exit, destLen is the actual size of the - compressed buffer. - This function can be used to compress a whole file at once if the - input file is mmap'ed. - compress returns Z_OK if success, Z_MEM_ERROR if there was not - enough memory, Z_BUF_ERROR if there was not enough room in the output - buffer. -*/ -PR_PUBLIC_API(int) compress (dest, destLen, source, sourceLen) - Bytef *dest; - uLongf *destLen; - const Bytef *source; - uLong sourceLen; -{ - z_stream stream; - int err; - - stream.next_in = (Bytef*)source; - stream.avail_in = (uInt)sourceLen; -#ifdef MAXSEG_64K - /* Check for source > 64K on 16-bit machine: */ - if ((uLong)stream.avail_in != sourceLen) return Z_BUF_ERROR; -#endif - stream.next_out = dest; - stream.avail_out = (uInt)*destLen; - if ((uLong)stream.avail_out != *destLen) return Z_BUF_ERROR; - - stream.zalloc = (alloc_func)0; - stream.zfree = (free_func)0; - stream.opaque = (voidpf)0; - - err = deflateInit(&stream, Z_DEFAULT_COMPRESSION); - if (err != Z_OK) return err; - - err = deflate(&stream, Z_FINISH); - if (err != Z_STREAM_END) { - deflateEnd(&stream); - return err == Z_OK ? Z_BUF_ERROR : err; - } - *destLen = stream.total_out; - - err = deflateEnd(&stream); - return err; -} diff --git a/security/nss/cmd/zlib/config.mk b/security/nss/cmd/zlib/config.mk deleted file mode 100644 index a1c67fdb4..000000000 --- a/security/nss/cmd/zlib/config.mk +++ /dev/null @@ -1,70 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -# -# Currently, override TARGETS variable so that only static libraries -# are specifed as dependencies within rules.mk. -# - -TARGETS = $(LIBRARY) -SHARED_LIBRARY = -IMPORT_LIBRARY = -PROGRAM = - -####################################################################### -# Set the LDFLAGS value to encompass all normal link options, all # -# library names, and all special system linking options # -####################################################################### - -SECTOOLS_LIBS = $(LDOPTS) $(LIBSSL) $(LIBPKCS7) $(LIBCERT) $(LIBKEY) \ - $(LIBSECMOD) $(LIBCRYPTO) $(LIBSECUTIL) $(LIBSECMOD) $(LIBSSL) \ - $(LIBPKCS7) $(LIBCERT) $(LIBKEY) $(LIBCRYPTO) $(LIBSECUTIL) \ - $(LIBHASH) $(LIBDBM) $(DLLPLC) $(DLLPLDS) $(DLLPR) $(DLLSYSTEM) - -ifeq ($(OS_TARGET),AIX) - OS_LIBS += $(SECTOOLS_LIBS) -endif - -ifeq ($(OS_TARGET),NCR) - OS_LIBS += $(SECTOOLS_LIBS) -endif - -ifeq ($(OS_TARGET),SCO_SV) - OS_LIBS += $(SECTOOLS_LIBS) -endif - -LDFLAGS += $(SECTOOLS_LIBS) - - - - diff --git a/security/nss/cmd/zlib/crc32.c b/security/nss/cmd/zlib/crc32.c deleted file mode 100644 index 398871cf8..000000000 --- a/security/nss/cmd/zlib/crc32.c +++ /dev/null @@ -1,162 +0,0 @@ -/* crc32.c -- compute the CRC-32 of a data stream - * Copyright (C) 1995-1996 Mark Adler - * For conditions of distribution and use, see copyright notice in zlib.h - */ -/* This file was modified since it was taken from the zlib distribution */ -/* $Id$ */ - -#include "zlib.h" - -#define local static - -#ifdef DYNAMIC_CRC_TABLE - -local int crc_table_empty = 1; -local uLongf crc_table[256]; -local void make_crc_table OF((void)); - -/* - Generate a table for a byte-wise 32-bit CRC calculation on the polynomial: - x^32+x^26+x^23+x^22+x^16+x^12+x^11+x^10+x^8+x^7+x^5+x^4+x^2+x+1. - - Polynomials over GF(2) are represented in binary, one bit per coefficient, - with the lowest powers in the most significant bit. Then adding polynomials - is just exclusive-or, and multiplying a polynomial by x is a right shift by - one. If we call the above polynomial p, and represent a byte as the - polynomial q, also with the lowest power in the most significant bit (so the - byte 0xb1 is the polynomial x^7+x^3+x+1), then the CRC is (q*x^32) mod p, - where a mod b means the remainder after dividing a by b. - - This calculation is done using the shift-register method of multiplying and - taking the remainder. The register is initialized to zero, and for each - incoming bit, x^32 is added mod p to the register if the bit is a one (where - x^32 mod p is p+x^32 = x^26+...+1), and the register is multiplied mod p by - x (which is shifting right by one and adding x^32 mod p if the bit shifted - out is a one). We start with the highest power (least significant bit) of - q and repeat for all eight bits of q. - - The table is simply the CRC of all possible eight bit values. This is all - the information needed to generate CRC's on data a byte at a time for all - combinations of CRC register values and incoming bytes. -*/ -local void make_crc_table() -{ - uLong c; - int n, k; - uLong poly; /* polynomial exclusive-or pattern */ - /* terms of polynomial defining this crc (except x^32): */ - static Byte p[] = {0,1,2,4,5,7,8,10,11,12,16,22,23,26}; - - /* make exclusive-or pattern from polynomial (0xedb88320L) */ - poly = 0L; - for (n = 0; n < sizeof(p)/sizeof(Byte); n++) - poly |= 1L << (31 - p[n]); - - for (n = 0; n < 256; n++) - { - c = (uLong)n; - for (k = 0; k < 8; k++) - c = c & 1 ? poly ^ (c >> 1) : c >> 1; - crc_table[n] = c; - } - crc_table_empty = 0; -} -#else -/* ======================================================================== - * Table of CRC-32's of all single-byte values (made by make_crc_table) - */ -local uLongf crc_table[256] = { - 0x00000000UL, 0x77073096UL, 0xee0e612cUL, 0x990951baUL, 0x076dc419UL, - 0x706af48fUL, 0xe963a535UL, 0x9e6495a3UL, 0x0edb8832UL, 0x79dcb8a4UL, - 0xe0d5e91eUL, 0x97d2d988UL, 0x09b64c2bUL, 0x7eb17cbdUL, 0xe7b82d07UL, - 0x90bf1d91UL, 0x1db71064UL, 0x6ab020f2UL, 0xf3b97148UL, 0x84be41deUL, - 0x1adad47dUL, 0x6ddde4ebUL, 0xf4d4b551UL, 0x83d385c7UL, 0x136c9856UL, - 0x646ba8c0UL, 0xfd62f97aUL, 0x8a65c9ecUL, 0x14015c4fUL, 0x63066cd9UL, - 0xfa0f3d63UL, 0x8d080df5UL, 0x3b6e20c8UL, 0x4c69105eUL, 0xd56041e4UL, - 0xa2677172UL, 0x3c03e4d1UL, 0x4b04d447UL, 0xd20d85fdUL, 0xa50ab56bUL, - 0x35b5a8faUL, 0x42b2986cUL, 0xdbbbc9d6UL, 0xacbcf940UL, 0x32d86ce3UL, - 0x45df5c75UL, 0xdcd60dcfUL, 0xabd13d59UL, 0x26d930acUL, 0x51de003aUL, - 0xc8d75180UL, 0xbfd06116UL, 0x21b4f4b5UL, 0x56b3c423UL, 0xcfba9599UL, - 0xb8bda50fUL, 0x2802b89eUL, 0x5f058808UL, 0xc60cd9b2UL, 0xb10be924UL, - 0x2f6f7c87UL, 0x58684c11UL, 0xc1611dabUL, 0xb6662d3dUL, 0x76dc4190UL, - 0x01db7106UL, 0x98d220bcUL, 0xefd5102aUL, 0x71b18589UL, 0x06b6b51fUL, - 0x9fbfe4a5UL, 0xe8b8d433UL, 0x7807c9a2UL, 0x0f00f934UL, 0x9609a88eUL, - 0xe10e9818UL, 0x7f6a0dbbUL, 0x086d3d2dUL, 0x91646c97UL, 0xe6635c01UL, - 0x6b6b51f4UL, 0x1c6c6162UL, 0x856530d8UL, 0xf262004eUL, 0x6c0695edUL, - 0x1b01a57bUL, 0x8208f4c1UL, 0xf50fc457UL, 0x65b0d9c6UL, 0x12b7e950UL, - 0x8bbeb8eaUL, 0xfcb9887cUL, 0x62dd1ddfUL, 0x15da2d49UL, 0x8cd37cf3UL, - 0xfbd44c65UL, 0x4db26158UL, 0x3ab551ceUL, 0xa3bc0074UL, 0xd4bb30e2UL, - 0x4adfa541UL, 0x3dd895d7UL, 0xa4d1c46dUL, 0xd3d6f4fbUL, 0x4369e96aUL, - 0x346ed9fcUL, 0xad678846UL, 0xda60b8d0UL, 0x44042d73UL, 0x33031de5UL, - 0xaa0a4c5fUL, 0xdd0d7cc9UL, 0x5005713cUL, 0x270241aaUL, 0xbe0b1010UL, - 0xc90c2086UL, 0x5768b525UL, 0x206f85b3UL, 0xb966d409UL, 0xce61e49fUL, - 0x5edef90eUL, 0x29d9c998UL, 0xb0d09822UL, 0xc7d7a8b4UL, 0x59b33d17UL, - 0x2eb40d81UL, 0xb7bd5c3bUL, 0xc0ba6cadUL, 0xedb88320UL, 0x9abfb3b6UL, - 0x03b6e20cUL, 0x74b1d29aUL, 0xead54739UL, 0x9dd277afUL, 0x04db2615UL, - 0x73dc1683UL, 0xe3630b12UL, 0x94643b84UL, 0x0d6d6a3eUL, 0x7a6a5aa8UL, - 0xe40ecf0bUL, 0x9309ff9dUL, 0x0a00ae27UL, 0x7d079eb1UL, 0xf00f9344UL, - 0x8708a3d2UL, 0x1e01f268UL, 0x6906c2feUL, 0xf762575dUL, 0x806567cbUL, - 0x196c3671UL, 0x6e6b06e7UL, 0xfed41b76UL, 0x89d32be0UL, 0x10da7a5aUL, - 0x67dd4accUL, 0xf9b9df6fUL, 0x8ebeeff9UL, 0x17b7be43UL, 0x60b08ed5UL, - 0xd6d6a3e8UL, 0xa1d1937eUL, 0x38d8c2c4UL, 0x4fdff252UL, 0xd1bb67f1UL, - 0xa6bc5767UL, 0x3fb506ddUL, 0x48b2364bUL, 0xd80d2bdaUL, 0xaf0a1b4cUL, - 0x36034af6UL, 0x41047a60UL, 0xdf60efc3UL, 0xa867df55UL, 0x316e8eefUL, - 0x4669be79UL, 0xcb61b38cUL, 0xbc66831aUL, 0x256fd2a0UL, 0x5268e236UL, - 0xcc0c7795UL, 0xbb0b4703UL, 0x220216b9UL, 0x5505262fUL, 0xc5ba3bbeUL, - 0xb2bd0b28UL, 0x2bb45a92UL, 0x5cb36a04UL, 0xc2d7ffa7UL, 0xb5d0cf31UL, - 0x2cd99e8bUL, 0x5bdeae1dUL, 0x9b64c2b0UL, 0xec63f226UL, 0x756aa39cUL, - 0x026d930aUL, 0x9c0906a9UL, 0xeb0e363fUL, 0x72076785UL, 0x05005713UL, - 0x95bf4a82UL, 0xe2b87a14UL, 0x7bb12baeUL, 0x0cb61b38UL, 0x92d28e9bUL, - 0xe5d5be0dUL, 0x7cdcefb7UL, 0x0bdbdf21UL, 0x86d3d2d4UL, 0xf1d4e242UL, - 0x68ddb3f8UL, 0x1fda836eUL, 0x81be16cdUL, 0xf6b9265bUL, 0x6fb077e1UL, - 0x18b74777UL, 0x88085ae6UL, 0xff0f6a70UL, 0x66063bcaUL, 0x11010b5cUL, - 0x8f659effUL, 0xf862ae69UL, 0x616bffd3UL, 0x166ccf45UL, 0xa00ae278UL, - 0xd70dd2eeUL, 0x4e048354UL, 0x3903b3c2UL, 0xa7672661UL, 0xd06016f7UL, - 0x4969474dUL, 0x3e6e77dbUL, 0xaed16a4aUL, 0xd9d65adcUL, 0x40df0b66UL, - 0x37d83bf0UL, 0xa9bcae53UL, 0xdebb9ec5UL, 0x47b2cf7fUL, 0x30b5ffe9UL, - 0xbdbdf21cUL, 0xcabac28aUL, 0x53b39330UL, 0x24b4a3a6UL, 0xbad03605UL, - 0xcdd70693UL, 0x54de5729UL, 0x23d967bfUL, 0xb3667a2eUL, 0xc4614ab8UL, - 0x5d681b02UL, 0x2a6f2b94UL, 0xb40bbe37UL, 0xc30c8ea1UL, 0x5a05df1bUL, - 0x2d02ef8dL -}; -#endif - -/* ========================================================================= - * This function can be used by asm versions of crc32() - */ -uLongf *get_crc_table() -{ -#ifdef DYNAMIC_CRC_TABLE - if (crc_table_empty) make_crc_table(); -#endif - return (uLongf *)crc_table; -} - -/* ========================================================================= */ -#define DO1(buf) crc = crc_table[((int)crc ^ (*buf++)) & 0xff] ^ (crc >> 8); -#define DO2(buf) DO1(buf); DO1(buf); -#define DO4(buf) DO2(buf); DO2(buf); -#define DO8(buf) DO4(buf); DO4(buf); - -/* ========================================================================= */ -PR_PUBLIC_API(uLong) crc32(crc, buf, len) - uLong crc; - const Bytef *buf; - uInt len; -{ - if (buf == Z_NULL) return 0L; -#ifdef DYNAMIC_CRC_TABLE - if (crc_table_empty) - make_crc_table(); -#endif - crc = crc ^ 0xffffffffUL; - while (len >= 8) - { - DO8(buf); - len -= 8; - } - if (len) do { - DO1(buf); - } while (--len); - return crc ^ 0xffffffffUL; -} diff --git a/security/nss/cmd/zlib/deflate.c b/security/nss/cmd/zlib/deflate.c deleted file mode 100644 index f748ce156..000000000 --- a/security/nss/cmd/zlib/deflate.c +++ /dev/null @@ -1,1209 +0,0 @@ -/* deflate.c -- compress data using the deflation algorithm - * Copyright (C) 1995-1996 Jean-loup Gailly. - * For conditions of distribution and use, see copyright notice in zlib.h - */ -/* This file was modified since it was taken from the zlib distribution */ -/* - * ALGORITHM - * - * The "deflation" process depends on being able to identify portions - * of the input text which are identical to earlier input (within a - * sliding window trailing behind the input currently being processed). - * - * The most straightforward technique turns out to be the fastest for - * most input files: try all possible matches and select the longest. - * The key feature of this algorithm is that insertions into the string - * dictionary are very simple and thus fast, and deletions are avoided - * completely. Insertions are performed at each input character, whereas - * string matches are performed only when the previous match ends. So it - * is preferable to spend more time in matches to allow very fast string - * insertions and avoid deletions. The matching algorithm for small - * strings is inspired from that of Rabin & Karp. A brute force approach - * is used to find longer strings when a small match has been found. - * A similar algorithm is used in comic (by Jan-Mark Wams) and freeze - * (by Leonid Broukhis). - * A previous version of this file used a more sophisticated algorithm - * (by Fiala and Greene) which is guaranteed to run in linear amortized - * time, but has a larger average cost, uses more memory and is patented. - * However the F&G algorithm may be faster for some highly redundant - * files if the parameter max_chain_length (described below) is too large. - * - * ACKNOWLEDGEMENTS - * - * The idea of lazy evaluation of matches is due to Jan-Mark Wams, and - * I found it in 'freeze' written by Leonid Broukhis. - * Thanks to many people for bug reports and testing. - * - * REFERENCES - * - * Deutsch, L.P.,"'Deflate' Compressed Data Format Specification". - * Available in ftp.uu.net:/pub/archiving/zip/doc/deflate-1.1.doc - * - * A description of the Rabin and Karp algorithm is given in the book - * "Algorithms" by R. Sedgewick, Addison-Wesley, p252. - * - * Fiala,E.R., and Greene,D.H. - * Data Compression with Finite Windows, Comm.ACM, 32,4 (1989) 490-595 - * - */ - -/* $Id$ */ - -#include "deflate.h" - -char deflate_copyright[] = " deflate 1.0.4 Copyright 1995-1996 Jean-loup Gailly "; -/* - If you use the zlib library in a product, an acknowledgment is welcome - in the documentation of your product. If for some reason you cannot - include such an acknowledgment, I would appreciate that you keep this - copyright string in the executable of your product. - */ - -/* =========================================================================== - * Function prototypes. - */ -typedef enum { - need_more, /* block not completed, need more input or more output */ - block_done, /* block flush performed */ - finish_started, /* finish started, need only more output at next deflate */ - finish_done /* finish done, accept no more input or output */ -} block_state; - -typedef block_state (*compress_func) OF((deflate_state *s, int flush)); -/* Compression function. Returns the block state after the call. */ - -local void fill_window OF((deflate_state *s)); -local block_state deflate_stored OF((deflate_state *s, int flush)); -local block_state deflate_fast OF((deflate_state *s, int flush)); -local block_state deflate_slow OF((deflate_state *s, int flush)); -local void lm_init OF((deflate_state *s)); -local uInt longest_match OF((deflate_state *s, IPos cur_match)); -local void putShortMSB OF((deflate_state *s, uInt b)); -local void flush_pending OF((z_streamp strm)); -local int read_buf OF((z_streamp strm, charf *buf, unsigned size)); -#ifdef ASMV - void match_init OF((void)); /* asm code initialization */ -#endif - -#ifdef DEBUG_NEVER -local void check_match OF((deflate_state *s, IPos start, IPos match, - int length)); -#endif - -/* =========================================================================== - * Local data - */ - -#define NIL 0 -/* Tail of hash chains */ - -#ifndef TOO_FAR -# define TOO_FAR 4096 -#endif -/* Matches of length 3 are discarded if their distance exceeds TOO_FAR */ - -#define MIN_LOOKAHEAD (MAX_MATCH+MIN_MATCH+1) -/* Minimum amount of lookahead, except at the end of the input file. - * See deflate.c for comments about the MIN_MATCH+1. - */ - -/* Values for max_lazy_match, good_match and max_chain_length, depending on - * the desired pack level (0..9). The values given below have been tuned to - * exclude worst case performance for pathological files. Better values may be - * found for specific files. - */ -typedef struct config_s { - ush good_length; /* reduce lazy search above this match length */ - ush max_lazy; /* do not perform lazy search above this match length */ - ush nice_length; /* quit search above this match length */ - ush max_chain; - compress_func func; -} config; - -local config configuration_table[10] = { -/* good lazy nice chain */ -/* 0 */ {0, 0, 0, 0, deflate_stored}, /* store only */ -/* 1 */ {4, 4, 8, 4, deflate_fast}, /* maximum speed, no lazy matches */ -/* 2 */ {4, 5, 16, 8, deflate_fast}, -/* 3 */ {4, 6, 32, 32, deflate_fast}, - -/* 4 */ {4, 4, 16, 16, deflate_slow}, /* lazy matches */ -/* 5 */ {8, 16, 32, 32, deflate_slow}, -/* 6 */ {8, 16, 128, 128, deflate_slow}, -/* 7 */ {8, 32, 128, 256, deflate_slow}, -/* 8 */ {32, 128, 258, 1024, deflate_slow}, -/* 9 */ {32, 258, 258, 4096, deflate_slow}}; /* maximum compression */ - -/* Note: the deflate() code requires max_lazy >= MIN_MATCH and max_chain >= 4 - * For deflate_fast() (levels <= 3) good is ignored and lazy has a different - * meaning. - */ - -#define EQUAL 0 -/* result of memcmp for equal strings */ - -struct static_tree_desc_s {int dummy;}; /* for buggy compilers */ - -/* =========================================================================== - * Update a hash value with the given input byte - * IN assertion: all calls to to UPDATE_HASH are made with consecutive - * input characters, so that a running hash key can be computed from the - * previous key instead of complete recalculation each time. - */ -#define UPDATE_HASH(s,h,c) (h = (((h)<<s->hash_shift) ^ (c)) & s->hash_mask) - - -/* =========================================================================== - * Insert string str in the dictionary and set match_head to the previous head - * of the hash chain (the most recent string with same hash key). Return - * the previous length of the hash chain. - * IN assertion: all calls to to INSERT_STRING are made with consecutive - * input characters and the first MIN_MATCH bytes of str are valid - * (except for the last MIN_MATCH-1 bytes of the input file). - */ -#define INSERT_STRING(s, str, match_head) \ - (UPDATE_HASH(s, s->ins_h, s->window[(str) + (MIN_MATCH-1)]), \ - s->prev[(str) & s->w_mask] = match_head = s->head[s->ins_h], \ - s->head[s->ins_h] = (Pos)(str)) - -/* =========================================================================== - * Initialize the hash table (avoiding 64K overflow for 16 bit systems). - * prev[] will be initialized on the fly. - */ -#define CLEAR_HASH(s) \ - s->head[s->hash_size-1] = NIL; \ - zmemzero((charf *)s->head, (unsigned)(s->hash_size-1)*sizeof(*s->head)); - -/* ========================================================================= */ -PR_PUBLIC_API(int) deflateInit_(strm, level, version, stream_size) - z_streamp strm; - int level; - const char *version; - int stream_size; -{ - return deflateInit2_(strm, level, Z_DEFLATED, MAX_WBITS, DEF_MEM_LEVEL, - Z_DEFAULT_STRATEGY, version, stream_size); - /* To do: ignore strm->next_in if we use it as window */ -} - -/* ========================================================================= */ -PR_PUBLIC_API(int) deflateInit2_(strm, level, method, windowBits, memLevel, strategy, - version, stream_size) - z_streamp strm; - int level; - int method; - int windowBits; - int memLevel; - int strategy; - const char *version; - int stream_size; -{ - deflate_state *s; - int noheader = 0; - - ushf *overlay; - /* We overlay pending_buf and d_buf+l_buf. This works since the average - * output size for (length,distance) codes is <= 24 bits. - */ - - if (version == Z_NULL || version[0] != ZLIB_VERSION[0] || - stream_size != sizeof(z_stream)) { - return Z_VERSION_ERROR; - } - if (strm == Z_NULL) return Z_STREAM_ERROR; - - strm->msg = Z_NULL; - if (strm->zalloc == Z_NULL) { - strm->zalloc = zcalloc; - strm->opaque = (voidpf)0; - } - if (strm->zfree == Z_NULL) strm->zfree = zcfree; - - if (level == Z_DEFAULT_COMPRESSION) level = 6; - - if (windowBits < 0) { /* undocumented feature: suppress zlib header */ - noheader = 1; - windowBits = -windowBits; - } - if (memLevel < 1 || memLevel > MAX_MEM_LEVEL || method != Z_DEFLATED || - windowBits < 8 || windowBits > 15 || level < 0 || level > 9 || - strategy < 0 || strategy > Z_HUFFMAN_ONLY) { - return Z_STREAM_ERROR; - } - s = (deflate_state *) ZALLOC(strm, 1, sizeof(deflate_state)); - if (s == Z_NULL) return Z_MEM_ERROR; - strm->state = (struct internal_state FAR *)s; - s->strm = strm; - - s->noheader = noheader; - s->w_bits = windowBits; - s->w_size = 1 << s->w_bits; - s->w_mask = s->w_size - 1; - - s->hash_bits = memLevel + 7; - s->hash_size = 1 << s->hash_bits; - s->hash_mask = s->hash_size - 1; - s->hash_shift = ((s->hash_bits+MIN_MATCH-1)/MIN_MATCH); - - s->window = (Bytef *) ZALLOC(strm, s->w_size, 2*sizeof(Byte)); - s->prev = (Posf *) ZALLOC(strm, s->w_size, sizeof(Pos)); - s->head = (Posf *) ZALLOC(strm, s->hash_size, sizeof(Pos)); - - s->lit_bufsize = 1 << (memLevel + 6); /* 16K elements by default */ - - overlay = (ushf *) ZALLOC(strm, s->lit_bufsize, sizeof(ush)+2); - s->pending_buf = (uchf *) overlay; - - if (s->window == Z_NULL || s->prev == Z_NULL || s->head == Z_NULL || - s->pending_buf == Z_NULL) { - strm->msg = (char*)ERR_MSG(Z_MEM_ERROR); - deflateEnd (strm); - return Z_MEM_ERROR; - } - s->d_buf = overlay + s->lit_bufsize/sizeof(ush); - s->l_buf = s->pending_buf + (1+sizeof(ush))*s->lit_bufsize; - - s->level = level; - s->strategy = strategy; - s->method = (Byte)method; - - return deflateReset(strm); -} - -/* ========================================================================= */ -PR_PUBLIC_API(int) deflateSetDictionary (strm, dictionary, dictLength) - z_streamp strm; - const Bytef *dictionary; - uInt dictLength; -{ - deflate_state *s; - uInt length = dictLength; - uInt n; - IPos hash_head = 0; - - if (strm == Z_NULL || strm->state == Z_NULL || dictionary == Z_NULL || - strm->state->status != INIT_STATE) return Z_STREAM_ERROR; - - s = strm->state; - strm->adler = adler32(strm->adler, dictionary, dictLength); - - if (length < MIN_MATCH) return Z_OK; - if (length > MAX_DIST(s)) { - length = MAX_DIST(s); - dictionary += dictLength - length; - } - zmemcpy((charf *)s->window, dictionary, length); - s->strstart = length; - s->block_start = (long)length; - - /* Insert all strings in the hash table (except for the last two bytes). - * s->lookahead stays null, so s->ins_h will be recomputed at the next - * call of fill_window. - */ - s->ins_h = s->window[0]; - UPDATE_HASH(s, s->ins_h, s->window[1]); - for (n = 0; n <= length - MIN_MATCH; n++) { - INSERT_STRING(s, n, hash_head); - } - if (hash_head) hash_head = 0; /* to make compiler happy */ - return Z_OK; -} - -/* ========================================================================= */ -PR_PUBLIC_API(int) deflateReset (strm) - z_streamp strm; -{ - deflate_state *s; - - if (strm == Z_NULL || strm->state == Z_NULL || - strm->zalloc == Z_NULL || strm->zfree == Z_NULL) return Z_STREAM_ERROR; - - strm->total_in = strm->total_out = 0; - strm->msg = Z_NULL; /* use zfree if we ever allocate msg dynamically */ - strm->data_type = Z_UNKNOWN; - - s = (deflate_state *)strm->state; - s->pending = 0; - s->pending_out = s->pending_buf; - - if (s->noheader < 0) { - s->noheader = 0; /* was set to -1 by deflate(..., Z_FINISH); */ - } - s->status = s->noheader ? BUSY_STATE : INIT_STATE; - strm->adler = 1; - s->last_flush = Z_NO_FLUSH; - - _tr_init(s); - lm_init(s); - - return Z_OK; -} - -/* ========================================================================= */ -PR_PUBLIC_API(int) deflateParams(strm, level, strategy) - z_streamp strm; - int level; - int strategy; -{ - deflate_state *s; - compress_func func; - int err = Z_OK; - - if (strm == Z_NULL || strm->state == Z_NULL) return Z_STREAM_ERROR; - s = strm->state; - - if (level == Z_DEFAULT_COMPRESSION) { - level = 6; - } - if (level < 0 || level > 9 || strategy < 0 || strategy > Z_HUFFMAN_ONLY) { - return Z_STREAM_ERROR; - } - func = configuration_table[s->level].func; - - if (func != configuration_table[level].func && strm->total_in != 0) { - /* Flush the last buffer: */ - err = deflate(strm, Z_PARTIAL_FLUSH); - } - if (s->level != level) { - s->level = level; - s->max_lazy_match = configuration_table[level].max_lazy; - s->good_match = configuration_table[level].good_length; - s->nice_match = configuration_table[level].nice_length; - s->max_chain_length = configuration_table[level].max_chain; - } - s->strategy = strategy; - return err; -} - -/* ========================================================================= - * Put a short in the pending buffer. The 16-bit value is put in MSB order. - * IN assertion: the stream state is correct and there is enough room in - * pending_buf. - */ -local void putShortMSB (s, b) - deflate_state *s; - uInt b; -{ - put_byte(s, (Byte)(b >> 8)); - put_byte(s, (Byte)(b & 0xff)); -} - -/* ========================================================================= - * Flush as much pending output as possible. All deflate() output goes - * through this function so some applications may wish to modify it - * to avoid allocating a large strm->next_out buffer and copying into it. - * (See also read_buf()). - */ -local void flush_pending(strm) - z_streamp strm; -{ - unsigned len = strm->state->pending; - - if (len > strm->avail_out) len = strm->avail_out; - if (len == 0) return; - - zmemcpy(strm->next_out, strm->state->pending_out, len); - strm->next_out += len; - strm->state->pending_out += len; - strm->total_out += len; - strm->avail_out -= len; - strm->state->pending -= len; - if (strm->state->pending == 0) { - strm->state->pending_out = strm->state->pending_buf; - } -} - -/* ========================================================================= */ -PR_PUBLIC_API(int) deflate (strm, flush) - z_streamp strm; - int flush; -{ - int old_flush; /* value of flush param for previous deflate call */ - deflate_state *s; - - if (strm == Z_NULL || strm->state == Z_NULL || - flush > Z_FINISH || flush < 0) { - return Z_STREAM_ERROR; - } - s = strm->state; - - if (strm->next_out == Z_NULL || - (strm->next_in == Z_NULL && strm->avail_in != 0) || - (s->status == FINISH_STATE && flush != Z_FINISH)) { - ERR_RETURN(strm, Z_STREAM_ERROR); - } - if (strm->avail_out == 0) ERR_RETURN(strm, Z_BUF_ERROR); - - s->strm = strm; /* just in case */ - old_flush = s->last_flush; - s->last_flush = flush; - - /* Write the zlib header */ - if (s->status == INIT_STATE) { - - uInt header = (Z_DEFLATED + ((s->w_bits-8)<<4)) << 8; - uInt level_flags = (s->level-1) >> 1; - - if (level_flags > 3) level_flags = 3; - header |= (level_flags << 6); - if (s->strstart != 0) header |= PRESET_DICT; - header += 31 - (header % 31); - - s->status = BUSY_STATE; - putShortMSB(s, header); - - /* Save the adler32 of the preset dictionary: */ - if (s->strstart != 0) { - putShortMSB(s, (uInt)(strm->adler >> 16)); - putShortMSB(s, (uInt)(strm->adler & 0xffff)); - } - strm->adler = 1L; - } - - /* Flush as much pending output as possible */ - if (s->pending != 0) { - flush_pending(strm); - if (strm->avail_out == 0) { - /* Since avail_out is 0, deflate will be called again with - * more output space, but possibly with both pending and - * avail_in equal to zero. There won't be anything to do, - * but this is not an error situation so make sure we - * return OK instead of BUF_ERROR at next call of deflate: - */ - s->last_flush = -1; - return Z_OK; - } - - /* Make sure there is something to do and avoid duplicate consecutive - * flushes. For repeated and useless calls with Z_FINISH, we keep - * returning Z_STREAM_END instead of Z_BUFF_ERROR. - */ - } else if (strm->avail_in == 0 && flush <= old_flush && - flush != Z_FINISH) { - ERR_RETURN(strm, Z_BUF_ERROR); - } - - /* User must not provide more input after the first FINISH: */ - if (s->status == FINISH_STATE && strm->avail_in != 0) { - ERR_RETURN(strm, Z_BUF_ERROR); - } - - /* Start a new block or continue the current one. - */ - if (strm->avail_in != 0 || s->lookahead != 0 || - (flush != Z_NO_FLUSH && s->status != FINISH_STATE)) { - block_state bstate; - - bstate = (*(configuration_table[s->level].func))(s, flush); - - if (bstate == finish_started || bstate == finish_done) { - s->status = FINISH_STATE; - } - if (bstate == need_more || bstate == finish_started) { - if (strm->avail_out == 0) { - s->last_flush = -1; /* avoid BUF_ERROR next call, see above */ - } - return Z_OK; - /* If flush != Z_NO_FLUSH && avail_out == 0, the next call - * of deflate should use the same flush parameter to make sure - * that the flush is complete. So we don't have to output an - * empty block here, this will be done at next call. This also - * ensures that for a very small output buffer, we emit at most - * one empty block. - */ - } - if (bstate == block_done) { - if (flush == Z_PARTIAL_FLUSH) { - _tr_align(s); - } else { /* FULL_FLUSH or SYNC_FLUSH */ - _tr_stored_block(s, (char*)0, 0L, 0); - /* For a full flush, this empty block will be recognized - * as a special marker by inflate_sync(). - */ - if (flush == Z_FULL_FLUSH) { - CLEAR_HASH(s); /* forget history */ - } - } - flush_pending(strm); - if (strm->avail_out == 0) { - s->last_flush = -1; /* avoid BUF_ERROR at next call, see above */ - return Z_OK; - } - } - } - Assert(strm->avail_out > 0, "bug2"); - - if (flush != Z_FINISH) return Z_OK; - if (s->noheader) return Z_STREAM_END; - - /* Write the zlib trailer (adler32) */ - putShortMSB(s, (uInt)(strm->adler >> 16)); - putShortMSB(s, (uInt)(strm->adler & 0xffff)); - flush_pending(strm); - /* If avail_out is zero, the application will call deflate again - * to flush the rest. - */ - s->noheader = -1; /* write the trailer only once! */ - return s->pending != 0 ? Z_OK : Z_STREAM_END; -} - -/* ========================================================================= */ -PR_PUBLIC_API(int) deflateEnd (strm) - z_streamp strm; -{ - int status; - - if (strm == Z_NULL || strm->state == Z_NULL) return Z_STREAM_ERROR; - - /* Deallocate in reverse order of allocations: */ - TRY_FREE(strm, strm->state->pending_buf); - TRY_FREE(strm, strm->state->head); - TRY_FREE(strm, strm->state->prev); - TRY_FREE(strm, strm->state->window); - - status = strm->state->status; - ZFREE(strm, strm->state); - strm->state = Z_NULL; - - return status == BUSY_STATE ? Z_DATA_ERROR : Z_OK; -} - -/* ========================================================================= */ -PR_PUBLIC_API(int) deflateCopy (dest, source) - z_streamp dest; - z_streamp source; -{ - if (source == Z_NULL || dest == Z_NULL || source->state == Z_NULL) { - return Z_STREAM_ERROR; - } - *dest = *source; - return Z_STREAM_ERROR; /* to be implemented */ -#if 0 - dest->state = (struct internal_state FAR *) - (*dest->zalloc)(1, sizeof(deflate_state)); - if (dest->state == Z_NULL) return Z_MEM_ERROR; - - *(dest->state) = *(source->state); - return Z_OK; -#endif -} - -/* =========================================================================== - * Read a new buffer from the current input stream, update the adler32 - * and total number of bytes read. All deflate() input goes through - * this function so some applications may wish to modify it to avoid - * allocating a large strm->next_in buffer and copying from it. - * (See also flush_pending()). - */ -local int read_buf(strm, buf, size) - z_streamp strm; - charf *buf; - unsigned size; -{ - unsigned len = strm->avail_in; - - if (len > size) len = size; - if (len == 0) return 0; - - strm->avail_in -= len; - - if (!strm->state->noheader) { - strm->adler = adler32(strm->adler, strm->next_in, len); - } - zmemcpy(buf, strm->next_in, len); - strm->next_in += len; - strm->total_in += len; - - return (int)len; -} - -/* =========================================================================== - * Initialize the "longest match" routines for a new zlib stream - */ -local void lm_init (s) - deflate_state *s; -{ - s->window_size = (ulg)2L*s->w_size; - - CLEAR_HASH(s); - - /* Set the default configuration parameters: - */ - s->max_lazy_match = configuration_table[s->level].max_lazy; - s->good_match = configuration_table[s->level].good_length; - s->nice_match = configuration_table[s->level].nice_length; - s->max_chain_length = configuration_table[s->level].max_chain; - - s->strstart = 0; - s->block_start = 0L; - s->lookahead = 0; - s->match_length = s->prev_length = MIN_MATCH-1; - s->match_available = 0; - s->ins_h = 0; -#ifdef ASMV - match_init(); /* initialize the asm code */ -#endif -} - -/* =========================================================================== - * Set match_start to the longest match starting at the given string and - * return its length. Matches shorter or equal to prev_length are discarded, - * in which case the result is equal to prev_length and match_start is - * garbage. - * IN assertions: cur_match is the head of the hash chain for the current - * string (strstart) and its distance is <= MAX_DIST, and prev_length >= 1 - * OUT assertion: the match length is not greater than s->lookahead. - */ -#ifndef ASMV -/* For 80x86 and 680x0, an optimized version will be provided in match.asm or - * match.S. The code will be functionally equivalent. - */ -local uInt longest_match(s, cur_match) - deflate_state *s; - IPos cur_match; /* current match */ -{ - unsigned chain_length = s->max_chain_length;/* max hash chain length */ - register Bytef *scan = s->window + s->strstart; /* current string */ - register Bytef *match; /* matched string */ - register int len; /* length of current match */ - int best_len = s->prev_length; /* best match length so far */ - int nice_match = s->nice_match; /* stop if match long enough */ - IPos limit = s->strstart > (IPos)MAX_DIST(s) ? - s->strstart - (IPos)MAX_DIST(s) : NIL; - /* Stop when cur_match becomes <= limit. To simplify the code, - * we prevent matches with the string of window index 0. - */ - Posf *prev = s->prev; - uInt wmask = s->w_mask; - -#ifdef UNALIGNED_OK - /* Compare two bytes at a time. Note: this is not always beneficial. - * Try with and without -DUNALIGNED_OK to check. - */ - register Bytef *strend = s->window + s->strstart + MAX_MATCH - 1; - register ush scan_start = *(ushf*)scan; - register ush scan_end = *(ushf*)(scan+best_len-1); -#else - register Bytef *strend = s->window + s->strstart + MAX_MATCH; - register Byte scan_end1 = scan[best_len-1]; - register Byte scan_end = scan[best_len]; -#endif - - /* The code is optimized for HASH_BITS >= 8 and MAX_MATCH-2 multiple of 16. - * It is easy to get rid of this optimization if necessary. - */ - Assert(s->hash_bits >= 8 && MAX_MATCH == 258, "Code too clever"); - - /* Do not waste too much time if we already have a good match: */ - if (s->prev_length >= s->good_match) { - chain_length >>= 2; - } - /* Do not look for matches beyond the end of the input. This is necessary - * to make deflate deterministic. - */ - if ((uInt)nice_match > s->lookahead) nice_match = s->lookahead; - - Assert((ulg)s->strstart <= s->window_size-MIN_LOOKAHEAD, "need lookahead"); - - do { - Assert(cur_match < s->strstart, "no future"); - match = s->window + cur_match; - - /* Skip to next match if the match length cannot increase - * or if the match length is less than 2: - */ -#if (defined(UNALIGNED_OK) && MAX_MATCH == 258) - /* This code assumes sizeof(unsigned short) == 2. Do not use - * UNALIGNED_OK if your compiler uses a different size. - */ - if (*(ushf*)(match+best_len-1) != scan_end || - *(ushf*)match != scan_start) continue; - - /* It is not necessary to compare scan[2] and match[2] since they are - * always equal when the other bytes match, given that the hash keys - * are equal and that HASH_BITS >= 8. Compare 2 bytes at a time at - * strstart+3, +5, ... up to strstart+257. We check for insufficient - * lookahead only every 4th comparison; the 128th check will be made - * at strstart+257. If MAX_MATCH-2 is not a multiple of 8, it is - * necessary to put more guard bytes at the end of the window, or - * to check more often for insufficient lookahead. - */ - Assert(scan[2] == match[2], "scan[2]?"); - scan++, match++; - do { - } while (*(ushf*)(scan+=2) == *(ushf*)(match+=2) && - *(ushf*)(scan+=2) == *(ushf*)(match+=2) && - *(ushf*)(scan+=2) == *(ushf*)(match+=2) && - *(ushf*)(scan+=2) == *(ushf*)(match+=2) && - scan < strend); - /* The funny "do {}" generates better code on most compilers */ - - /* Here, scan <= window+strstart+257 */ - Assert(scan <= s->window+(unsigned)(s->window_size-1), "wild scan"); - if (*scan == *match) scan++; - - len = (MAX_MATCH - 1) - (int)(strend-scan); - scan = strend - (MAX_MATCH-1); - -#else /* UNALIGNED_OK */ - - if (match[best_len] != scan_end || - match[best_len-1] != scan_end1 || - *match != *scan || - *++match != scan[1]) continue; - - /* The check at best_len-1 can be removed because it will be made - * again later. (This heuristic is not always a win.) - * It is not necessary to compare scan[2] and match[2] since they - * are always equal when the other bytes match, given that - * the hash keys are equal and that HASH_BITS >= 8. - */ - scan += 2, match++; - Assert(*scan == *match, "match[2]?"); - - /* We check for insufficient lookahead only every 8th comparison; - * the 256th check will be made at strstart+258. - */ - do { - } while (*++scan == *++match && *++scan == *++match && - *++scan == *++match && *++scan == *++match && - *++scan == *++match && *++scan == *++match && - *++scan == *++match && *++scan == *++match && - scan < strend); - - Assert(scan <= s->window+(unsigned)(s->window_size-1), "wild scan"); - - len = MAX_MATCH - (int)(strend - scan); - scan = strend - MAX_MATCH; - -#endif /* UNALIGNED_OK */ - - if (len > best_len) { - s->match_start = cur_match; - best_len = len; - if (len >= nice_match) break; -#ifdef UNALIGNED_OK - scan_end = *(ushf*)(scan+best_len-1); -#else - scan_end1 = scan[best_len-1]; - scan_end = scan[best_len]; -#endif - } - } while ((cur_match = prev[cur_match & wmask]) > limit - && --chain_length != 0); - - if ((uInt)best_len <= s->lookahead) return best_len; - return s->lookahead; -} -#endif /* ASMV */ - -#ifdef DEBUG_NEVER -/* =========================================================================== - * Check that the match at match_start is indeed a match. - */ -local void check_match(s, start, match, length) - deflate_state *s; - IPos start, match; - int length; -{ - /* check that the match is indeed a match */ - if (zmemcmp((charf *)s->window + match, - (charf *)s->window + start, length) != EQUAL) { -#if 0 - fprintf(stderr, " start %u, match %u, length %d\n", - start, match, length); -#endif - do { - fprintf(stderr, "%c%c", s->window[match++], s->window[start++]); - } while (--length != 0); - z_error("invalid match"); - } - if (verbose > 1) { - fprintf(stderr,"\\[%d,%d]", start-match, length); - do { putc(s->window[start++], stderr); } while (--length != 0); - } -} -#else -# define check_match(s, start, match, length) -#endif - -/* =========================================================================== - * Fill the window when the lookahead becomes insufficient. - * Updates strstart and lookahead. - * - * IN assertion: lookahead < MIN_LOOKAHEAD - * OUT assertions: strstart <= window_size-MIN_LOOKAHEAD - * At least one byte has been read, or avail_in == 0; reads are - * performed for at least two bytes (required for the zip translate_eol - * option -- not supported here). - */ -local void fill_window(s) - deflate_state *s; -{ - register unsigned n, m; - register Posf *p; - unsigned more; /* Amount of free space at the end of the window. */ - uInt wsize = s->w_size; - - do { - more = (unsigned)(s->window_size -(ulg)s->lookahead -(ulg)s->strstart); - - /* Deal with !@#$% 64K limit: */ - if (more == 0 && s->strstart == 0 && s->lookahead == 0) { - more = wsize; - - } else if (more == (unsigned)(-1)) { - /* Very unlikely, but possible on 16 bit machine if strstart == 0 - * and lookahead == 1 (input done one byte at time) - */ - more--; - - /* If the window is almost full and there is insufficient lookahead, - * move the upper half to the lower one to make room in the upper half. - */ - } else if (s->strstart >= wsize+MAX_DIST(s)) { - - zmemcpy((charf *)s->window, (charf *)s->window+wsize, - (unsigned)wsize); - s->match_start -= wsize; - s->strstart -= wsize; /* we now have strstart >= MAX_DIST */ - - s->block_start -= (long) wsize; - - /* Slide the hash table (could be avoided with 32 bit values - at the expense of memory usage): - */ - n = s->hash_size; - p = &s->head[n]; - do { - m = *--p; - *p = (Pos)(m >= wsize ? m-wsize : NIL); - } while (--n); - - n = wsize; - p = &s->prev[n]; - do { - m = *--p; - *p = (Pos)(m >= wsize ? m-wsize : NIL); - /* If n is not on any hash chain, prev[n] is garbage but - * its value will never be used. - */ - } while (--n); - - more += wsize; - } - if (s->strm->avail_in == 0) return; - - /* If there was no sliding: - * strstart <= WSIZE+MAX_DIST-1 && lookahead <= MIN_LOOKAHEAD - 1 && - * more == window_size - lookahead - strstart - * => more >= window_size - (MIN_LOOKAHEAD-1 + WSIZE + MAX_DIST-1) - * => more >= window_size - 2*WSIZE + 2 - * In the BIG_MEM or MMAP case (not yet supported), - * window_size == input_size + MIN_LOOKAHEAD && - * strstart + s->lookahead <= input_size => more >= MIN_LOOKAHEAD. - * Otherwise, window_size == 2*WSIZE so more >= 2. - * If there was sliding, more >= WSIZE. So in all cases, more >= 2. - */ - Assert(more >= 2, "more < 2"); - - n = read_buf(s->strm, (charf *)s->window + s->strstart + s->lookahead, - more); - s->lookahead += n; - - /* Initialize the hash value now that we have some input: */ - if (s->lookahead >= MIN_MATCH) { - s->ins_h = s->window[s->strstart]; - UPDATE_HASH(s, s->ins_h, s->window[s->strstart+1]); -#if MIN_MATCH != 3 - Call UPDATE_HASH() MIN_MATCH-3 more times -#endif - } - /* If the whole input has less than MIN_MATCH bytes, ins_h is garbage, - * but this is not important since only literal bytes will be emitted. - */ - - } while (s->lookahead < MIN_LOOKAHEAD && s->strm->avail_in != 0); -} - -/* =========================================================================== - * Flush the current block, with given end-of-file flag. - * IN assertion: strstart is set to the end of the current match. - */ -#define FLUSH_BLOCK_ONLY(s, eof) { \ - _tr_flush_block(s, (s->block_start >= 0L ? \ - (charf *)&s->window[(unsigned)s->block_start] : \ - (charf *)Z_NULL), \ - (ulg)((long)s->strstart - s->block_start), \ - (eof)); \ - s->block_start = s->strstart; \ - flush_pending(s->strm); \ - Tracev((stderr,"[FLUSH]")); \ -} - -/* Same but force premature exit if necessary. */ -#define FLUSH_BLOCK(s, eof) { \ - FLUSH_BLOCK_ONLY(s, eof); \ - if (s->strm->avail_out == 0) return (eof) ? finish_started : need_more; \ -} - -/* =========================================================================== - * Copy without compression as much as possible from the input stream, return - * the current block state. - * This function does not insert new strings in the dictionary since - * uncompressible data is probably not useful. This function is used - * only for the level=0 compression option. - * NOTE: this function should be optimized to avoid extra copying. - */ -local block_state deflate_stored(s, flush) - deflate_state *s; - int flush; -{ - for (;;) { - /* Fill the window as much as possible: */ - if (s->lookahead <= 1) { - - Assert(s->strstart < s->w_size+MAX_DIST(s) || - s->block_start >= (long)s->w_size, "slide too late"); - - fill_window(s); - if (s->lookahead == 0 && flush == Z_NO_FLUSH) return need_more; - - if (s->lookahead == 0) break; /* flush the current block */ - } - Assert(s->block_start >= 0L, "block gone"); - - s->strstart += s->lookahead; - s->lookahead = 0; - - /* Stored blocks are limited to 0xffff bytes: */ - if (s->strstart == 0 || s->strstart > 0xfffe) { - /* strstart == 0 is possible when wraparound on 16-bit machine */ - s->lookahead = s->strstart - 0xffff; - s->strstart = 0xffff; - } - - /* Emit a stored block if it is large enough: */ - if (s->strstart - (uInt)s->block_start >= MAX_DIST(s)) { - FLUSH_BLOCK(s, 0); - } - } - FLUSH_BLOCK(s, flush == Z_FINISH); - return flush == Z_FINISH ? finish_done : block_done; -} - -/* =========================================================================== - * Compress as much as possible from the input stream, return the current - * block state. - * This function does not perform lazy evaluation of matches and inserts - * new strings in the dictionary only for unmatched strings or for short - * matches. It is used only for the fast compression options. - */ -local block_state deflate_fast(s, flush) - deflate_state *s; - int flush; -{ - IPos hash_head = NIL; /* head of the hash chain */ - int bflush; /* set if current block must be flushed */ - - for (;;) { - /* Make sure that we always have enough lookahead, except - * at the end of the input file. We need MAX_MATCH bytes - * for the next match, plus MIN_MATCH bytes to insert the - * string following the next match. - */ - if (s->lookahead < MIN_LOOKAHEAD) { - fill_window(s); - if (s->lookahead < MIN_LOOKAHEAD && flush == Z_NO_FLUSH) { - return need_more; - } - if (s->lookahead == 0) break; /* flush the current block */ - } - - /* Insert the string window[strstart .. strstart+2] in the - * dictionary, and set hash_head to the head of the hash chain: - */ - if (s->lookahead >= MIN_MATCH) { - INSERT_STRING(s, s->strstart, hash_head); - } - - /* Find the longest match, discarding those <= prev_length. - * At this point we have always match_length < MIN_MATCH - */ - if (hash_head != NIL && s->strstart - hash_head <= MAX_DIST(s)) { - /* To simplify the code, we prevent matches with the string - * of window index 0 (in particular we have to avoid a match - * of the string with itself at the start of the input file). - */ - if (s->strategy != Z_HUFFMAN_ONLY) { - s->match_length = longest_match (s, hash_head); - } - /* longest_match() sets match_start */ - } - if (s->match_length >= MIN_MATCH) { - check_match(s, s->strstart, s->match_start, s->match_length); - - bflush = _tr_tally(s, s->strstart - s->match_start, - s->match_length - MIN_MATCH); - - s->lookahead -= s->match_length; - - /* Insert new strings in the hash table only if the match length - * is not too large. This saves time but degrades compression. - */ - if (s->match_length <= s->max_insert_length && - s->lookahead >= MIN_MATCH) { - s->match_length--; /* string at strstart already in hash table */ - do { - s->strstart++; - INSERT_STRING(s, s->strstart, hash_head); - /* strstart never exceeds WSIZE-MAX_MATCH, so there are - * always MIN_MATCH bytes ahead. - */ - } while (--s->match_length != 0); - s->strstart++; - } else { - s->strstart += s->match_length; - s->match_length = 0; - s->ins_h = s->window[s->strstart]; - UPDATE_HASH(s, s->ins_h, s->window[s->strstart+1]); -#if MIN_MATCH != 3 - Call UPDATE_HASH() MIN_MATCH-3 more times -#endif - /* If lookahead < MIN_MATCH, ins_h is garbage, but it does not - * matter since it will be recomputed at next deflate call. - */ - } - } else { - /* No match, output a literal byte */ - Tracevv((stderr,"%c", s->window[s->strstart])); - bflush = _tr_tally (s, 0, s->window[s->strstart]); - s->lookahead--; - s->strstart++; - } - if (bflush) FLUSH_BLOCK(s, 0); - } - FLUSH_BLOCK(s, flush == Z_FINISH); - return flush == Z_FINISH ? finish_done : block_done; -} - -/* =========================================================================== - * Same as above, but achieves better compression. We use a lazy - * evaluation for matches: a match is finally adopted only if there is - * no better match at the next window position. - */ -local block_state deflate_slow(s, flush) - deflate_state *s; - int flush; -{ - IPos hash_head = NIL; /* head of hash chain */ - int bflush; /* set if current block must be flushed */ - - /* Process the input block. */ - for (;;) { - /* Make sure that we always have enough lookahead, except - * at the end of the input file. We need MAX_MATCH bytes - * for the next match, plus MIN_MATCH bytes to insert the - * string following the next match. - */ - if (s->lookahead < MIN_LOOKAHEAD) { - fill_window(s); - if (s->lookahead < MIN_LOOKAHEAD && flush == Z_NO_FLUSH) { - return need_more; - } - if (s->lookahead == 0) break; /* flush the current block */ - } - - /* Insert the string window[strstart .. strstart+2] in the - * dictionary, and set hash_head to the head of the hash chain: - */ - if (s->lookahead >= MIN_MATCH) { - INSERT_STRING(s, s->strstart, hash_head); - } - - /* Find the longest match, discarding those <= prev_length. - */ - s->prev_length = s->match_length, s->prev_match = s->match_start; - s->match_length = MIN_MATCH-1; - - if (hash_head != NIL && s->prev_length < s->max_lazy_match && - s->strstart - hash_head <= MAX_DIST(s)) { - /* To simplify the code, we prevent matches with the string - * of window index 0 (in particular we have to avoid a match - * of the string with itself at the start of the input file). - */ - if (s->strategy != Z_HUFFMAN_ONLY) { - s->match_length = longest_match (s, hash_head); - } - /* longest_match() sets match_start */ - - if (s->match_length <= 5 && (s->strategy == Z_FILTERED || - (s->match_length == MIN_MATCH && - s->strstart - s->match_start > TOO_FAR))) { - - /* If prev_match is also MIN_MATCH, match_start is garbage - * but we will ignore the current match anyway. - */ - s->match_length = MIN_MATCH-1; - } - } - /* If there was a match at the previous step and the current - * match is not better, output the previous match: - */ - if (s->prev_length >= MIN_MATCH && s->match_length <= s->prev_length) { - uInt max_insert = s->strstart + s->lookahead - MIN_MATCH; - /* Do not insert strings in hash table beyond this. */ - - check_match(s, s->strstart-1, s->prev_match, s->prev_length); - - bflush = _tr_tally(s, s->strstart -1 - s->prev_match, - s->prev_length - MIN_MATCH); - - /* Insert in hash table all strings up to the end of the match. - * strstart-1 and strstart are already inserted. If there is not - * enough lookahead, the last two strings are not inserted in - * the hash table. - */ - s->lookahead -= s->prev_length-1; - s->prev_length -= 2; - do { - if (++s->strstart <= max_insert) { - INSERT_STRING(s, s->strstart, hash_head); - } - } while (--s->prev_length != 0); - s->match_available = 0; - s->match_length = MIN_MATCH-1; - s->strstart++; - - if (bflush) FLUSH_BLOCK(s, 0); - - } else if (s->match_available) { - /* If there was no match at the previous position, output a - * single literal. If there was a match but the current match - * is longer, truncate the previous match to a single literal. - */ - Tracevv((stderr,"%c", s->window[s->strstart-1])); - if (_tr_tally (s, 0, s->window[s->strstart-1])) { - FLUSH_BLOCK_ONLY(s, 0); - } - s->strstart++; - s->lookahead--; - if (s->strm->avail_out == 0) return need_more; - } else { - /* There is no previous match to compare with, wait for - * the next step to decide. - */ - s->match_available = 1; - s->strstart++; - s->lookahead--; - } - } - Assert (flush != Z_NO_FLUSH, "no flush?"); - if (s->match_available) { - Tracevv((stderr,"%c", s->window[s->strstart-1])); - _tr_tally (s, 0, s->window[s->strstart-1]); - s->match_available = 0; - } - FLUSH_BLOCK(s, flush == Z_FINISH); - return flush == Z_FINISH ? finish_done : block_done; -} diff --git a/security/nss/cmd/zlib/deflate.h b/security/nss/cmd/zlib/deflate.h deleted file mode 100644 index 410b21984..000000000 --- a/security/nss/cmd/zlib/deflate.h +++ /dev/null @@ -1,275 +0,0 @@ -/* deflate.h -- internal compression state - * Copyright (C) 1995-1996 Jean-loup Gailly - * For conditions of distribution and use, see copyright notice in zlib.h - */ - -/* WARNING: this file should *not* be used by applications. It is - part of the implementation of the compression library and is - subject to change. Applications should only use zlib.h. - */ - -/* $Id$ */ - -#ifndef _DEFLATE_H -#define _DEFLATE_H - -#include "zutil.h" - -/* =========================================================================== - * Internal compression state. - */ - -#define LENGTH_CODES 29 -/* number of length codes, not counting the special END_BLOCK code */ - -#define LITERALS 256 -/* number of literal bytes 0..255 */ - -#define L_CODES (LITERALS+1+LENGTH_CODES) -/* number of Literal or Length codes, including the END_BLOCK code */ - -#define D_CODES 30 -/* number of distance codes */ - -#define BL_CODES 19 -/* number of codes used to transfer the bit lengths */ - -#define HEAP_SIZE (2*L_CODES+1) -/* maximum heap size */ - -#define MAX_BITS 15 -/* All codes must not exceed MAX_BITS bits */ - -#define INIT_STATE 42 -#define BUSY_STATE 113 -#define FINISH_STATE 666 -/* Stream status */ - - -/* Data structure describing a single value and its code string. */ -typedef struct ct_data_s { - union { - ush freq; /* frequency count */ - ush code; /* bit string */ - } fc; - union { - ush dad; /* father node in Huffman tree */ - ush len; /* length of bit string */ - } dl; -} FAR ct_data; - -#define Freq fc.freq -#define Code fc.code -#define Dad dl.dad -#define Len dl.len - -typedef struct static_tree_desc_s static_tree_desc; - -typedef struct tree_desc_s { - ct_data *dyn_tree; /* the dynamic tree */ - int max_code; /* largest code with non zero frequency */ - static_tree_desc *stat_desc; /* the corresponding static tree */ -} FAR tree_desc; - -typedef ush Pos; -typedef Pos FAR Posf; -typedef unsigned IPos; - -/* A Pos is an index in the character window. We use short instead of int to - * save space in the various tables. IPos is used only for parameter passing. - */ - -typedef struct internal_state { - z_streamp strm; /* pointer back to this zlib stream */ - int status; /* as the name implies */ - Bytef *pending_buf; /* output still pending */ - Bytef *pending_out; /* next pending byte to output to the stream */ - int pending; /* nb of bytes in the pending buffer */ - int noheader; /* suppress zlib header and adler32 */ - Byte data_type; /* UNKNOWN, BINARY or ASCII */ - Byte method; /* STORED (for zip only) or DEFLATED */ - int last_flush; /* value of flush param for previous deflate call */ - - /* used by deflate.c: */ - - uInt w_size; /* LZ77 window size (32K by default) */ - uInt w_bits; /* log2(w_size) (8..16) */ - uInt w_mask; /* w_size - 1 */ - - Bytef *window; - /* Sliding window. Input bytes are read into the second half of the window, - * and move to the first half later to keep a dictionary of at least wSize - * bytes. With this organization, matches are limited to a distance of - * wSize-MAX_MATCH bytes, but this ensures that IO is always - * performed with a length multiple of the block size. Also, it limits - * the window size to 64K, which is quite useful on MSDOS. - * To do: use the user input buffer as sliding window. - */ - - ulg window_size; - /* Actual size of window: 2*wSize, except when the user input buffer - * is directly used as sliding window. - */ - - Posf *prev; - /* Link to older string with same hash index. To limit the size of this - * array to 64K, this link is maintained only for the last 32K strings. - * An index in this array is thus a window index modulo 32K. - */ - - Posf *head; /* Heads of the hash chains or NIL. */ - - uInt ins_h; /* hash index of string to be inserted */ - uInt hash_size; /* number of elements in hash table */ - uInt hash_bits; /* log2(hash_size) */ - uInt hash_mask; /* hash_size-1 */ - - uInt hash_shift; - /* Number of bits by which ins_h must be shifted at each input - * step. It must be such that after MIN_MATCH steps, the oldest - * byte no longer takes part in the hash key, that is: - * hash_shift * MIN_MATCH >= hash_bits - */ - - long block_start; - /* Window position at the beginning of the current output block. Gets - * negative when the window is moved backwards. - */ - - uInt match_length; /* length of best match */ - IPos prev_match; /* previous match */ - int match_available; /* set if previous match exists */ - uInt strstart; /* start of string to insert */ - uInt match_start; /* start of matching string */ - uInt lookahead; /* number of valid bytes ahead in window */ - - uInt prev_length; - /* Length of the best match at previous step. Matches not greater than this - * are discarded. This is used in the lazy match evaluation. - */ - - uInt max_chain_length; - /* To speed up deflation, hash chains are never searched beyond this - * length. A higher limit improves compression ratio but degrades the - * speed. - */ - - uInt max_lazy_match; - /* Attempt to find a better match only when the current match is strictly - * smaller than this value. This mechanism is used only for compression - * levels >= 4. - */ -# define max_insert_length max_lazy_match - /* Insert new strings in the hash table only if the match length is not - * greater than this length. This saves time but degrades compression. - * max_insert_length is used only for compression levels <= 3. - */ - - int level; /* compression level (1..9) */ - int strategy; /* favor or force Huffman coding*/ - - uInt good_match; - /* Use a faster search when the previous match is longer than this */ - - int nice_match; /* Stop searching when current match exceeds this */ - - /* used by trees.c: */ - /* Didn't use ct_data typedef below to supress compiler warning */ - struct ct_data_s dyn_ltree[HEAP_SIZE]; /* literal and length tree */ - struct ct_data_s dyn_dtree[2*D_CODES+1]; /* distance tree */ - struct ct_data_s bl_tree[2*BL_CODES+1]; /* Huffman tree for bit lengths */ - - struct tree_desc_s l_desc; /* desc. for literal tree */ - struct tree_desc_s d_desc; /* desc. for distance tree */ - struct tree_desc_s bl_desc; /* desc. for bit length tree */ - - ush bl_count[MAX_BITS+1]; - /* number of codes at each bit length for an optimal tree */ - - int heap[2*L_CODES+1]; /* heap used to build the Huffman trees */ - int heap_len; /* number of elements in the heap */ - int heap_max; /* element of largest frequency */ - /* The sons of heap[n] are heap[2*n] and heap[2*n+1]. heap[0] is not used. - * The same heap array is used to build all trees. - */ - - uch depth[2*L_CODES+1]; - /* Depth of each subtree used as tie breaker for trees of equal frequency - */ - - uchf *l_buf; /* buffer for literals or lengths */ - - uInt lit_bufsize; - /* Size of match buffer for literals/lengths. There are 4 reasons for - * limiting lit_bufsize to 64K: - * - frequencies can be kept in 16 bit counters - * - if compression is not successful for the first block, all input - * data is still in the window so we can still emit a stored block even - * when input comes from standard input. (This can also be done for - * all blocks if lit_bufsize is not greater than 32K.) - * - if compression is not successful for a file smaller than 64K, we can - * even emit a stored file instead of a stored block (saving 5 bytes). - * This is applicable only for zip (not gzip or zlib). - * - creating new Huffman trees less frequently may not provide fast - * adaptation to changes in the input data statistics. (Take for - * example a binary file with poorly compressible code followed by - * a highly compressible string table.) Smaller buffer sizes give - * fast adaptation but have of course the overhead of transmitting - * trees more frequently. - * - I can't count above 4 - */ - - uInt last_lit; /* running index in l_buf */ - - ushf *d_buf; - /* Buffer for distances. To simplify the code, d_buf and l_buf have - * the same number of elements. To use different lengths, an extra flag - * array would be necessary. - */ - - ulg opt_len; /* bit length of current block with optimal trees */ - ulg static_len; /* bit length of current block with static trees */ - ulg compressed_len; /* total bit length of compressed file */ - uInt matches; /* number of string matches in current block */ - int last_eob_len; /* bit length of EOB code for last block */ - -#ifdef DEBUG - ulg bits_sent; /* bit length of the compressed data */ -#endif - - ush bi_buf; - /* Output buffer. bits are inserted starting at the bottom (least - * significant bits). - */ - int bi_valid; - /* Number of valid bits in bi_buf. All bits above the last valid bit - * are always zero. - */ - -} FAR deflate_state; - -/* Output a byte on the stream. - * IN assertion: there is enough room in pending_buf. - */ -#define put_byte(s, c) {s->pending_buf[s->pending++] = (c);} - - -#define MIN_LOOKAHEAD (MAX_MATCH+MIN_MATCH+1) -/* Minimum amount of lookahead, except at the end of the input file. - * See deflate.c for comments about the MIN_MATCH+1. - */ - -#define MAX_DIST(s) ((s)->w_size-MIN_LOOKAHEAD) -/* In order to simplify the code, particularly on 16 bit machines, match - * distances are limited to MAX_DIST instead of WSIZE. - */ - - /* in trees.c */ -void _tr_init OF((deflate_state *s)); -int _tr_tally OF((deflate_state *s, unsigned dist, unsigned lc)); -ulg _tr_flush_block OF((deflate_state *s, charf *buf, ulg stored_len, - int eof)); -void _tr_align OF((deflate_state *s)); -void _tr_stored_block OF((deflate_state *s, charf *buf, ulg stored_len, - int eof)); -#endif diff --git a/security/nss/cmd/zlib/example.c b/security/nss/cmd/zlib/example.c deleted file mode 100644 index 7c9176094..000000000 --- a/security/nss/cmd/zlib/example.c +++ /dev/null @@ -1,503 +0,0 @@ -/* example.c -- usage example of the zlib compression library - * Copyright (C) 1995-1996 Jean-loup Gailly. - * For conditions of distribution and use, see copyright notice in zlib.h - */ - -/* $Id$ */ - -#include <stdio.h> -#include "zlib.h" - -#ifdef STDC -# include <string.h> -# include <stdlib.h> -#else - extern void exit OF((int)); -#endif - -#define CHECK_ERR(err, msg) { \ - if (err != Z_OK) { \ - fprintf(stderr, "%s error: %d\n", msg, err); \ - exit(1); \ - } \ -} - -const char hello[] = "hello, hello!"; -/* "hello world" would be more standard, but the repeated "hello" - * stresses the compression code better, sorry... - */ - -const char dictionary[] = "hello"; -uLong dictId; /* Adler32 value of the dictionary */ - -void test_compress OF((Byte *compr, uLong comprLen, - Byte *uncompr, uLong uncomprLen)); -void test_gzio OF((const char *out, const char *in, - Byte *uncompr, int uncomprLen)); -void test_deflate OF((Byte *compr, uLong comprLen)); -void test_inflate OF((Byte *compr, uLong comprLen, - Byte *uncompr, uLong uncomprLen)); -void test_large_deflate OF((Byte *compr, uLong comprLen, - Byte *uncompr, uLong uncomprLen)); -void test_large_inflate OF((Byte *compr, uLong comprLen, - Byte *uncompr, uLong uncomprLen)); -void test_flush OF((Byte *compr, uLong comprLen)); -void test_sync OF((Byte *compr, uLong comprLen, - Byte *uncompr, uLong uncomprLen)); -void test_dict_deflate OF((Byte *compr, uLong comprLen)); -void test_dict_inflate OF((Byte *compr, uLong comprLen, - Byte *uncompr, uLong uncomprLen)); -int main OF((int argc, char *argv[])); - -/* =========================================================================== - * Test compress() and uncompress() - */ -void test_compress(compr, comprLen, uncompr, uncomprLen) - Byte *compr, *uncompr; - uLong comprLen, uncomprLen; -{ - int err; - uLong len = strlen(hello)+1; - - err = compress(compr, &comprLen, (const Bytef*)hello, len); - CHECK_ERR(err, "compress"); - - strcpy((char*)uncompr, "garbage"); - - err = uncompress(uncompr, &uncomprLen, compr, comprLen); - CHECK_ERR(err, "uncompress"); - - if (strcmp((char*)uncompr, hello)) { - fprintf(stderr, "bad uncompress\n"); - } else { - printf("uncompress(): %s\n", uncompr); - } -} - -/* =========================================================================== - * Test read/write of .gz files - */ -void test_gzio(out, in, uncompr, uncomprLen) - const char *out; /* output file */ - const char *in; /* input file */ - Byte *uncompr; - int uncomprLen; -{ - int err; - int len = strlen(hello)+1; - gzFile file; - - file = gzopen(out, "wb"); - if (file == NULL) { - fprintf(stderr, "gzopen error\n"); - exit(1); - } - - if (gzwrite(file, (const voidp)hello, (unsigned)len) != len) { - fprintf(stderr, "gzwrite err: %s\n", gzerror(file, &err)); - } - gzclose(file); - - file = gzopen(in, "rb"); - if (file == NULL) { - fprintf(stderr, "gzopen error\n"); - } - strcpy((char*)uncompr, "garbage"); - - uncomprLen = gzread(file, uncompr, (unsigned)uncomprLen); - if (uncomprLen != len) { - fprintf(stderr, "gzread err: %s\n", gzerror(file, &err)); - } - gzclose(file); - - if (strcmp((char*)uncompr, hello)) { - fprintf(stderr, "bad gzread\n"); - } else { - printf("gzread(): %s\n", uncompr); - } -} - -/* =========================================================================== - * Test deflate() with small buffers - */ -void test_deflate(compr, comprLen) - Byte *compr; - uLong comprLen; -{ - z_stream c_stream; /* compression stream */ - int err; - int len = strlen(hello)+1; - - c_stream.zalloc = (alloc_func)0; - c_stream.zfree = (free_func)0; - c_stream.opaque = (voidpf)0; - - err = deflateInit(&c_stream, Z_DEFAULT_COMPRESSION); - CHECK_ERR(err, "deflateInit"); - - c_stream.next_in = (Bytef*)hello; - c_stream.next_out = compr; - - while (c_stream.total_in != (uLong)len && c_stream.total_out < comprLen) { - c_stream.avail_in = c_stream.avail_out = 1; /* force small buffers */ - err = deflate(&c_stream, Z_NO_FLUSH); - CHECK_ERR(err, "deflate"); - } - /* Finish the stream, still forcing small buffers: */ - for (;;) { - c_stream.avail_out = 1; - err = deflate(&c_stream, Z_FINISH); - if (err == Z_STREAM_END) break; - CHECK_ERR(err, "deflate"); - } - - err = deflateEnd(&c_stream); - CHECK_ERR(err, "deflateEnd"); -} - -/* =========================================================================== - * Test inflate() with small buffers - */ -void test_inflate(compr, comprLen, uncompr, uncomprLen) - Byte *compr, *uncompr; - uLong comprLen, uncomprLen; -{ - int err; - z_stream d_stream; /* decompression stream */ - - strcpy((char*)uncompr, "garbage"); - - d_stream.zalloc = (alloc_func)0; - d_stream.zfree = (free_func)0; - d_stream.opaque = (voidpf)0; - - err = inflateInit(&d_stream); - CHECK_ERR(err, "inflateInit"); - - d_stream.next_in = compr; - d_stream.next_out = uncompr; - - while (d_stream.total_out < uncomprLen && d_stream.total_in < comprLen) { - d_stream.avail_in = d_stream.avail_out = 1; /* force small buffers */ - err = inflate(&d_stream, Z_NO_FLUSH); - if (err == Z_STREAM_END) break; - CHECK_ERR(err, "inflate"); - } - - err = inflateEnd(&d_stream); - CHECK_ERR(err, "inflateEnd"); - - if (strcmp((char*)uncompr, hello)) { - fprintf(stderr, "bad inflate\n"); - } else { - printf("inflate(): %s\n", uncompr); - } -} - -/* =========================================================================== - * Test deflate() with large buffers and dynamic change of compression level - */ -void test_large_deflate(compr, comprLen, uncompr, uncomprLen) - Byte *compr, *uncompr; - uLong comprLen, uncomprLen; -{ - z_stream c_stream; /* compression stream */ - int err; - - c_stream.zalloc = (alloc_func)0; - c_stream.zfree = (free_func)0; - c_stream.opaque = (voidpf)0; - - err = deflateInit(&c_stream, Z_BEST_SPEED); - CHECK_ERR(err, "deflateInit"); - - c_stream.next_out = compr; - c_stream.avail_out = (uInt)comprLen; - - /* At this point, uncompr is still mostly zeroes, so it should compress - * very well: - */ - c_stream.next_in = uncompr; - c_stream.avail_in = (uInt)uncomprLen; - err = deflate(&c_stream, Z_NO_FLUSH); - CHECK_ERR(err, "deflate"); - if (c_stream.avail_in != 0) { - fprintf(stderr, "deflate not greedy\n"); - } - - /* Feed in already compressed data and switch to no compression: */ - deflateParams(&c_stream, Z_NO_COMPRESSION, Z_DEFAULT_STRATEGY); - c_stream.next_in = compr; - c_stream.avail_in = (uInt)comprLen/2; - err = deflate(&c_stream, Z_NO_FLUSH); - CHECK_ERR(err, "deflate"); - - /* Switch back to compressing mode: */ - deflateParams(&c_stream, Z_BEST_COMPRESSION, Z_FILTERED); - c_stream.next_in = uncompr; - c_stream.avail_in = (uInt)uncomprLen; - err = deflate(&c_stream, Z_NO_FLUSH); - CHECK_ERR(err, "deflate"); - - err = deflate(&c_stream, Z_FINISH); - if (err != Z_STREAM_END) { - fprintf(stderr, "deflate should report Z_STREAM_END\n"); - } - err = deflateEnd(&c_stream); - CHECK_ERR(err, "deflateEnd"); -} - -/* =========================================================================== - * Test inflate() with large buffers - */ -void test_large_inflate(compr, comprLen, uncompr, uncomprLen) - Byte *compr, *uncompr; - uLong comprLen, uncomprLen; -{ - int err; - z_stream d_stream; /* decompression stream */ - - strcpy((char*)uncompr, "garbage"); - - d_stream.zalloc = (alloc_func)0; - d_stream.zfree = (free_func)0; - d_stream.opaque = (voidpf)0; - - err = inflateInit(&d_stream); - CHECK_ERR(err, "inflateInit"); - - d_stream.next_in = compr; - d_stream.avail_in = (uInt)comprLen; - - for (;;) { - d_stream.next_out = uncompr; /* discard the output */ - d_stream.avail_out = (uInt)uncomprLen; - err = inflate(&d_stream, Z_NO_FLUSH); - if (err == Z_STREAM_END) break; - CHECK_ERR(err, "large inflate"); - } - - err = inflateEnd(&d_stream); - CHECK_ERR(err, "inflateEnd"); - - if (d_stream.total_out != 2*uncomprLen + comprLen/2) { - fprintf(stderr, "bad large inflate: %ld\n", d_stream.total_out); - } else { - printf("large_inflate(): OK\n"); - } -} - -/* =========================================================================== - * Test deflate() with full flush - */ -void test_flush(compr, comprLen) - Byte *compr; - uLong comprLen; -{ - z_stream c_stream; /* compression stream */ - int err; - int len = strlen(hello)+1; - - c_stream.zalloc = (alloc_func)0; - c_stream.zfree = (free_func)0; - c_stream.opaque = (voidpf)0; - - err = deflateInit(&c_stream, Z_DEFAULT_COMPRESSION); - CHECK_ERR(err, "deflateInit"); - - c_stream.next_in = (Bytef*)hello; - c_stream.next_out = compr; - c_stream.avail_in = 3; - c_stream.avail_out = (uInt)comprLen; - err = deflate(&c_stream, Z_FULL_FLUSH); - CHECK_ERR(err, "deflate"); - - compr[3]++; /* force an error in first compressed block */ - c_stream.avail_in = len - 3; - - err = deflate(&c_stream, Z_FINISH); - if (err != Z_STREAM_END) { - CHECK_ERR(err, "deflate"); - } - err = deflateEnd(&c_stream); - CHECK_ERR(err, "deflateEnd"); -} - -/* =========================================================================== - * Test inflateSync() - */ -void test_sync(compr, comprLen, uncompr, uncomprLen) - Byte *compr, *uncompr; - uLong comprLen, uncomprLen; -{ - int err; - z_stream d_stream; /* decompression stream */ - - strcpy((char*)uncompr, "garbage"); - - d_stream.zalloc = (alloc_func)0; - d_stream.zfree = (free_func)0; - d_stream.opaque = (voidpf)0; - - err = inflateInit(&d_stream); - CHECK_ERR(err, "inflateInit"); - - d_stream.next_in = compr; - d_stream.next_out = uncompr; - d_stream.avail_in = 2; /* just read the zlib header */ - d_stream.avail_out = (uInt)uncomprLen; - - inflate(&d_stream, Z_NO_FLUSH); - CHECK_ERR(err, "inflate"); - - d_stream.avail_in = (uInt)comprLen-2; /* read all compressed data */ - err = inflateSync(&d_stream); /* but skip the damaged part */ - CHECK_ERR(err, "inflateSync"); - - err = inflate(&d_stream, Z_FINISH); - if (err != Z_DATA_ERROR) { - fprintf(stderr, "inflate should report DATA_ERROR\n"); - /* Because of incorrect adler32 */ - } - err = inflateEnd(&d_stream); - CHECK_ERR(err, "inflateEnd"); - - printf("after inflateSync(): hel%s\n", uncompr); -} - -/* =========================================================================== - * Test deflate() with preset dictionary - */ -void test_dict_deflate(compr, comprLen) - Byte *compr; - uLong comprLen; -{ - z_stream c_stream; /* compression stream */ - int err; - - c_stream.zalloc = (alloc_func)0; - c_stream.zfree = (free_func)0; - c_stream.opaque = (voidpf)0; - - err = deflateInit(&c_stream, Z_BEST_COMPRESSION); - CHECK_ERR(err, "deflateInit"); - - err = deflateSetDictionary(&c_stream, - (const Bytef*)dictionary, sizeof(dictionary)); - CHECK_ERR(err, "deflateSetDictionary"); - - dictId = c_stream.adler; - c_stream.next_out = compr; - c_stream.avail_out = (uInt)comprLen; - - c_stream.next_in = (Bytef*)hello; - c_stream.avail_in = (uInt)strlen(hello)+1; - - err = deflate(&c_stream, Z_FINISH); - if (err != Z_STREAM_END) { - fprintf(stderr, "deflate should report Z_STREAM_END\n"); - } - err = deflateEnd(&c_stream); - CHECK_ERR(err, "deflateEnd"); -} - -/* =========================================================================== - * Test inflate() with a preset dictionary - */ -void test_dict_inflate(compr, comprLen, uncompr, uncomprLen) - Byte *compr, *uncompr; - uLong comprLen, uncomprLen; -{ - int err; - z_stream d_stream; /* decompression stream */ - - strcpy((char*)uncompr, "garbage"); - - d_stream.zalloc = (alloc_func)0; - d_stream.zfree = (free_func)0; - d_stream.opaque = (voidpf)0; - - err = inflateInit(&d_stream); - CHECK_ERR(err, "inflateInit"); - - d_stream.next_in = compr; - d_stream.avail_in = (uInt)comprLen; - - d_stream.next_out = uncompr; - d_stream.avail_out = (uInt)uncomprLen; - - for (;;) { - err = inflate(&d_stream, Z_NO_FLUSH); - if (err == Z_STREAM_END) break; - if (err == Z_NEED_DICT) { - if (d_stream.adler != dictId) { - fprintf(stderr, "unexpected dictionary"); - exit(1); - } - err = inflateSetDictionary(&d_stream, (const Bytef*)dictionary, - sizeof(dictionary)); - } - CHECK_ERR(err, "inflate with dict"); - } - - err = inflateEnd(&d_stream); - CHECK_ERR(err, "inflateEnd"); - - if (strcmp((char*)uncompr, hello)) { - fprintf(stderr, "bad inflate with dict\n"); - } else { - printf("inflate with dictionary: %s\n", uncompr); - } -} - -/* =========================================================================== - * Usage: example [output.gz [input.gz]] - */ - -int main(argc, argv) - int argc; - char *argv[]; -{ - Byte *compr, *uncompr; - uLong comprLen = 10000*sizeof(int); /* don't overflow on MSDOS */ - uLong uncomprLen = comprLen; - - if (zlibVersion()[0] != ZLIB_VERSION[0]) { - fprintf(stderr, "incompatible zlib version\n"); - exit(1); - - } else if (strcmp(zlibVersion(), ZLIB_VERSION) != 0) { - fprintf(stderr, "warning: different zlib version\n"); - } - - compr = (Byte*)calloc((uInt)comprLen, 1); - uncompr = (Byte*)calloc((uInt)uncomprLen, 1); - /* compr and uncompr are cleared to avoid reading uninitialized - * data and to ensure that uncompr compresses well. - */ - if (compr == Z_NULL || uncompr == Z_NULL) { - printf("out of memory\n"); - exit(1); - } - - test_compress(compr, comprLen, uncompr, uncomprLen); - - test_gzio((argc > 1 ? argv[1] : "foo.gz"), - (argc > 2 ? argv[2] : "foo.gz"), - uncompr, (int)uncomprLen); - - test_deflate(compr, comprLen); - test_inflate(compr, comprLen, uncompr, uncomprLen); - - test_large_deflate(compr, comprLen, uncompr, uncomprLen); - test_large_inflate(compr, comprLen, uncompr, uncomprLen); - - test_flush(compr, comprLen); - test_sync(compr, comprLen, uncompr, uncomprLen); - - test_dict_deflate(compr, comprLen); - test_dict_inflate(compr, comprLen, uncompr, uncomprLen); - - exit(0); - return 0; /* to avoid warning */ -} diff --git a/security/nss/cmd/zlib/gzio.c b/security/nss/cmd/zlib/gzio.c deleted file mode 100644 index c52d30d30..000000000 --- a/security/nss/cmd/zlib/gzio.c +++ /dev/null @@ -1,537 +0,0 @@ -/* gzio.c -- IO on .gz files - * Copyright (C) 1995-1996 Jean-loup Gailly. - * For conditions of distribution and use, see copyright notice in zlib.h - */ -/* This file was modified since it was taken from the zlib distribution */ - -/* $Id$ */ - -#include <stdio.h> - -#include "zutil.h" - -struct internal_state {int dummy;}; /* for buggy compilers */ - -#define Z_BUFSIZE 4096 - -#define ALLOC(size) malloc(size) -#define TRYFREE(p) {if (p) free(p);} - -static int gz_magic[2] = {0x1f, 0x8b}; /* gzip magic header */ - -/* gzip flag byte */ -#define ASCII_FLAG 0x01 /* bit 0 set: file probably ascii text */ -#define HEAD_CRC 0x02 /* bit 1 set: header CRC present */ -#define EXTRA_FIELD 0x04 /* bit 2 set: extra field present */ -#define ORIG_NAME 0x08 /* bit 3 set: original file name present */ -#define COMMENT 0x10 /* bit 4 set: file comment present */ -#define RESERVED 0xE0 /* bits 5..7: reserved */ - -typedef struct gz_stream { - z_stream stream; - int z_err; /* error code for last stream operation */ - int z_eof; /* set if end of input file */ - FILE *file; /* .gz file */ - Byte *inbuf; /* input buffer */ - Byte *outbuf; /* output buffer */ - uLong crc; /* crc32 of uncompressed data */ - char *msg; /* error message */ - char *path; /* path name for debugging only */ - int transparent; /* 1 if input file is not a .gz file */ - char mode; /* 'w' or 'r' */ -} gz_stream; - - -local gzFile gz_open OF((const char *path, const char *mode, int fd)); -local int get_byte OF((gz_stream *s)); -local void check_header OF((gz_stream *s)); -local int destroy OF((gz_stream *s)); -local void putLong OF((FILE *file, uLong x)); -local uLong getLong OF((gz_stream *s)); - -/* =========================================================================== - Opens a gzip (.gz) file for reading or writing. The mode parameter - is as in fopen ("rb" or "wb"). The file is given either by file descriptor - or path name (if fd == -1). - gz_open return NULL if the file could not be opened or if there was - insufficient memory to allocate the (de)compression state; errno - can be checked to distinguish the two cases (if errno is zero, the - zlib error is Z_MEM_ERROR). -*/ -local gzFile gz_open (path, mode, fd) - const char *path; - const char *mode; - int fd; -{ - int err; - int level = Z_DEFAULT_COMPRESSION; /* compression level */ - char *p = (char*)mode; - gz_stream *s; - char fmode[80]; /* copy of mode, without the compression level */ - char *m = fmode; - - if (!path || !mode) return Z_NULL; - - s = (gz_stream *)ALLOC(sizeof(gz_stream)); - if (!s) return Z_NULL; - - s->stream.zalloc = (alloc_func)0; - s->stream.zfree = (free_func)0; - s->stream.opaque = (voidpf)0; - s->stream.next_in = s->inbuf = Z_NULL; - s->stream.next_out = s->outbuf = Z_NULL; - s->stream.avail_in = s->stream.avail_out = 0; - s->file = NULL; - s->z_err = Z_OK; - s->z_eof = 0; - s->crc = crc32(0L, Z_NULL, 0); - s->msg = NULL; - s->transparent = 0; - - s->path = (char*)ALLOC(strlen(path)+1); - if (s->path == NULL) { - return destroy(s), (gzFile)Z_NULL; - } - strcpy(s->path, path); /* do this early for debugging */ - - s->mode = '\0'; - do { - if (*p == 'r') s->mode = 'r'; - if (*p == 'w' || *p == 'a') s->mode = 'w'; - if (*p >= '0' && *p <= '9') { - level = *p - '0'; - } else { - *m++ = *p; /* copy the mode */ - } - } while (*p++ && m != fmode + sizeof(fmode)); - if (s->mode == '\0') return destroy(s), (gzFile)Z_NULL; - - if (s->mode == 'w') { - err = deflateInit2(&(s->stream), level, - Z_DEFLATED, -MAX_WBITS, DEF_MEM_LEVEL, 0); - /* windowBits is passed < 0 to suppress zlib header */ - - s->stream.next_out = s->outbuf = (Byte*)ALLOC(Z_BUFSIZE); - - if (err != Z_OK || s->outbuf == Z_NULL) { - return destroy(s), (gzFile)Z_NULL; - } - } else { - err = inflateInit2(&(s->stream), -MAX_WBITS); - s->stream.next_in = s->inbuf = (Byte*)ALLOC(Z_BUFSIZE); - - if (err != Z_OK || s->inbuf == Z_NULL) { - return destroy(s), (gzFile)Z_NULL; - } - } - s->stream.avail_out = Z_BUFSIZE; - - errno = 0; - s->file = fd < 0 ? FOPEN(path, fmode) : (FILE*)fdopen(fd, fmode); - - if (s->file == NULL) { - return destroy(s), (gzFile)Z_NULL; - } - if (s->mode == 'w') { - /* Write a very simple .gz header: - */ - fprintf(s->file, "%c%c%c%c%c%c%c%c%c%c", gz_magic[0], gz_magic[1], - Z_DEFLATED, 0 /*flags*/, 0,0,0,0 /*time*/, 0 /*xflags*/, OS_CODE); - } else { - check_header(s); /* skip the .gz header */ - } - return (gzFile)s; -} - -/* =========================================================================== - Opens a gzip (.gz) file for reading or writing. -*/ -#ifdef MOZILLA_CLIENT -PR_PUBLIC_API(extern gzFile) gzopen (const char *path, const char *mode) -#else -extern gzFile EXPORT gzopen OF((const char *path, const char *mode)) -#endif -{ - return gz_open (path, mode, -1); -} - -/* =========================================================================== - Associate a gzFile with the file descriptor fd. fd is not dup'ed here - to mimic the behavio(u)r of fdopen. -*/ -#ifdef MOZILLA_CLIENT -PR_PUBLIC_API(extern gzFile) gzdopen (int fd, const char *mode) -#else -extern gzFile EXPORT gzdopen OF((int fd, const char *mode)) -#endif -{ - char name[20]; - - if (fd < 0) return (gzFile)Z_NULL; - sprintf(name, "<fd:%d>", fd); /* for debugging */ - - return gz_open (name, mode, fd); -} - -/* =========================================================================== - Read a byte from a gz_stream; update next_in and avail_in. Return EOF - for end of file. - IN assertion: the stream s has been sucessfully opened for reading. -*/ -local int get_byte(s) - gz_stream *s; -{ - if (s->z_eof) return EOF; - if (s->stream.avail_in == 0) { - errno = 0; - s->stream.avail_in = fread(s->inbuf, 1, Z_BUFSIZE, s->file); - if (s->stream.avail_in == 0) { - s->z_eof = 1; - if (ferror(s->file)) s->z_err = Z_ERRNO; - return EOF; - } - s->stream.next_in = s->inbuf; - } - s->stream.avail_in--; - return *(s->stream.next_in)++; -} - -/* =========================================================================== - Check the gzip header of a gz_stream opened for reading. Set the stream - mode to transparent if the gzip magic header is not present; set s->err - to Z_DATA_ERROR if the magic header is present but the rest of the header - is incorrect. - IN assertion: the stream s has already been created sucessfully; - s->stream.avail_in is zero for the first time, but may be non-zero - for concatenated .gz files. -*/ -local void check_header(s) - gz_stream *s; -{ - int method; /* method byte */ - int flags; /* flags byte */ - uInt len; - int c; - - /* Check the gzip magic header */ - for (len = 0; len < 2; len++) { - c = get_byte(s); - if (c != gz_magic[len]) { - s->transparent = 1; - if (c != EOF) s->stream.avail_in++, s->stream.next_in--; - s->z_err = s->stream.avail_in != 0 ? Z_OK : Z_STREAM_END; - return; - } - } - method = get_byte(s); - flags = get_byte(s); - if (method != Z_DEFLATED || (flags & RESERVED) != 0) { - s->z_err = Z_DATA_ERROR; - return; - } - - /* Discard time, xflags and OS code: */ - for (len = 0; len < 6; len++) (void)get_byte(s); - - if ((flags & EXTRA_FIELD) != 0) { /* skip the extra field */ - len = (uInt)get_byte(s); - len += ((uInt)get_byte(s))<<8; - /* len is garbage if EOF but the loop below will quit anyway */ - while (len-- != 0 && get_byte(s) != EOF) ; - } - if ((flags & ORIG_NAME) != 0) { /* skip the original file name */ - while ((c = get_byte(s)) != 0 && c != EOF) ; - } - if ((flags & COMMENT) != 0) { /* skip the .gz file comment */ - while ((c = get_byte(s)) != 0 && c != EOF) ; - } - if ((flags & HEAD_CRC) != 0) { /* skip the header crc */ - for (len = 0; len < 2; len++) (void)get_byte(s); - } - s->z_err = s->z_eof ? Z_DATA_ERROR : Z_OK; -} - - /* =========================================================================== - * Cleanup then free the given gz_stream. Return a zlib error code. - Try freeing in the reverse order of allocations. - */ -local int destroy (s) - gz_stream *s; -{ - int err = Z_OK; - - if (!s) return Z_STREAM_ERROR; - - TRYFREE(s->msg); - - if (s->stream.state != NULL) { - if (s->mode == 'w') { - err = deflateEnd(&(s->stream)); - } else if (s->mode == 'r') { - err = inflateEnd(&(s->stream)); - } - } - if (s->file != NULL && fclose(s->file)) { - err = Z_ERRNO; - } - if (s->z_err < 0) err = s->z_err; - - TRYFREE(s->inbuf); - TRYFREE(s->outbuf); - TRYFREE(s->path); - TRYFREE(s); - return err; -} - -/* =========================================================================== - Reads the given number of uncompressed bytes from the compressed file. - gzread returns the number of bytes actually read (0 for end of file). -*/ -#ifdef MOZILLA_CLIENT -PR_PUBLIC_API(extern int) gzread (gzFile file, voidp buf, unsigned len) -#else -extern int EXPORT gzread OF((gzFile file, voidp buf, unsigned len)) -#endif -{ - gz_stream *s = (gz_stream*)file; - Bytef *start = buf; /* starting point for crc computation */ - Byte *next_out; /* == stream.next_out but not forced far (for MSDOS) */ - - if (s == NULL || s->mode != 'r') return Z_STREAM_ERROR; - - if (s->z_err == Z_DATA_ERROR || s->z_err == Z_ERRNO) return -1; - if (s->z_err == Z_STREAM_END) return 0; /* EOF */ - - s->stream.next_out = next_out = buf; - s->stream.avail_out = len; - - while (s->stream.avail_out != 0) { - - if (s->transparent) { - /* Copy first the lookahead bytes: */ - uInt n = s->stream.avail_in; - if (n > s->stream.avail_out) n = s->stream.avail_out; - if (n > 0) { - zmemcpy(s->stream.next_out, s->stream.next_in, n); - next_out += n; - s->stream.next_out = next_out; - s->stream.next_in += n; - s->stream.avail_out -= n; - s->stream.avail_in -= n; - } - if (s->stream.avail_out > 0) { - s->stream.avail_out -= fread(next_out, 1, s->stream.avail_out, - s->file); - } - return (int)(len - s->stream.avail_out); - } - if (s->stream.avail_in == 0 && !s->z_eof) { - - errno = 0; - s->stream.avail_in = fread(s->inbuf, 1, Z_BUFSIZE, s->file); - if (s->stream.avail_in == 0) { - s->z_eof = 1; - if (ferror(s->file)) { - s->z_err = Z_ERRNO; - break; - } - } - s->stream.next_in = s->inbuf; - } - s->z_err = inflate(&(s->stream), Z_NO_FLUSH); - - if (s->z_err == Z_STREAM_END) { - /* Check CRC and original size */ - s->crc = crc32(s->crc, start, (uInt)(s->stream.next_out - start)); - start = s->stream.next_out; - - if (getLong(s) != s->crc || getLong(s) != s->stream.total_out) { - s->z_err = Z_DATA_ERROR; - } else { - /* Check for concatenated .gz files: */ - check_header(s); - if (s->z_err == Z_OK) { - inflateReset(&(s->stream)); - s->crc = crc32(0L, Z_NULL, 0); - } - } - } - if (s->z_err != Z_OK || s->z_eof) break; - } - s->crc = crc32(s->crc, start, (uInt)(s->stream.next_out - start)); - - return (int)(len - s->stream.avail_out); -} - -/* =========================================================================== - Writes the given number of uncompressed bytes into the compressed file. - gzwrite returns the number of bytes actually written (0 in case of error). -*/ -#ifdef MOZILLA_CLIENT -PR_PUBLIC_API(extern int) gzwrite (gzFile file, const voidp buf, unsigned len) -#else -extern int EXPORT gzwrite OF((gzFile file, const voidp buf, unsigned len)) -#endif -{ - gz_stream *s = (gz_stream*)file; - - if (s == NULL || s->mode != 'w') return Z_STREAM_ERROR; - - s->stream.next_in = buf; - s->stream.avail_in = len; - - while (s->stream.avail_in != 0) { - - if (s->stream.avail_out == 0) { - - s->stream.next_out = s->outbuf; - if (fwrite(s->outbuf, 1, Z_BUFSIZE, s->file) != Z_BUFSIZE) { - s->z_err = Z_ERRNO; - break; - } - s->stream.avail_out = Z_BUFSIZE; - } - s->z_err = deflate(&(s->stream), Z_NO_FLUSH); - if (s->z_err != Z_OK) break; - } - s->crc = crc32(s->crc, buf, len); - - return (int)(len - s->stream.avail_in); -} - -/* =========================================================================== - Flushes all pending output into the compressed file. The parameter - flush is as in the deflate() function. - gzflush should be called only when strictly necessary because it can - degrade compression. -*/ -#ifdef MOZILLA_CLIENT -PR_PUBLIC_API(extern int) gzflush (gzFile file, int flush) -#else -extern int EXPORT gzflush OF((gzFile file, int flush)) -#endif -{ - uInt len; - int done = 0; - gz_stream *s = (gz_stream*)file; - - if (s == NULL || s->mode != 'w') return Z_STREAM_ERROR; - - s->stream.avail_in = 0; /* should be zero already anyway */ - - for (;;) { - len = Z_BUFSIZE - s->stream.avail_out; - - if (len != 0) { - if ((uInt)fwrite(s->outbuf, 1, len, s->file) != len) { - s->z_err = Z_ERRNO; - return Z_ERRNO; - } - s->stream.next_out = s->outbuf; - s->stream.avail_out = Z_BUFSIZE; - } - if (done) break; - s->z_err = deflate(&(s->stream), flush); - - /* deflate has finished flushing only when it hasn't used up - * all the available space in the output buffer: - */ - done = (s->stream.avail_out != 0 || s->z_err == Z_STREAM_END); - - if (s->z_err != Z_OK && s->z_err != Z_STREAM_END) break; - } - fflush(s->file); - return s->z_err == Z_STREAM_END ? Z_OK : s->z_err; -} - -/* =========================================================================== - Outputs a long in LSB order to the given file -*/ -local void putLong (file, x) - FILE *file; - uLong x; -{ - int n; - for (n = 0; n < 4; n++) { - fputc((int)(x & 0xff), file); - x >>= 8; - } -} - -/* =========================================================================== - Reads a long in LSB order from the given gz_stream. Sets -*/ -local uLong getLong (s) - gz_stream *s; -{ - uLong x = (uLong)get_byte(s); - int c; - - x += ((uLong)get_byte(s))<<8; - x += ((uLong)get_byte(s))<<16; - c = get_byte(s); - if (c == EOF) s->z_err = Z_DATA_ERROR; - x += ((uLong)c)<<24; - return x; -} - -/* =========================================================================== - Flushes all pending output if necessary, closes the compressed file - and deallocates all the (de)compression state. -*/ -#ifdef MOZILLA_CLIENT -PR_PUBLIC_API(extern int) gzclose (gzFile file) -#else -extern int EXPORT gzclose OF((gzFile file)) -#endif -{ - int err; - gz_stream *s = (gz_stream*)file; - - if (s == NULL) return Z_STREAM_ERROR; - - if (s->mode == 'w') { - err = gzflush (file, Z_FINISH); - if (err != Z_OK) return destroy(file); - - putLong (s->file, s->crc); - putLong (s->file, s->stream.total_in); - - } - return destroy(file); -} - -/* =========================================================================== - Returns the error message for the last error which occured on the - given compressed file. errnum is set to zlib error number. If an - error occured in the file system and not in the compression library, - errnum is set to Z_ERRNO and the application may consult errno - to get the exact error code. -*/ -#ifdef MOZILLA_CLIENT -PR_PUBLIC_API(extern const char *) gzerror (gzFile file, int *errnum) -#else -extern const char * EXPORT gzerror OF((gzFile file, int *errnum)) -#endif -{ - char *m; - gz_stream *s = (gz_stream*)file; - - if (s == NULL) { - *errnum = Z_STREAM_ERROR; - return (const char*)ERR_MSG(Z_STREAM_ERROR); - } - *errnum = s->z_err; - if (*errnum == Z_OK) return (const char*)""; - - m = (char*)(*errnum == Z_ERRNO ? zstrerror(errno) : s->stream.msg); - - if (m == NULL || *m == '\0') m = (char*)ERR_MSG(s->z_err); - - TRYFREE(s->msg); - s->msg = (char*)ALLOC(strlen(s->path) + strlen(m) + 3); - strcpy(s->msg, s->path); - strcat(s->msg, ": "); - strcat(s->msg, m); - return (const char*)s->msg; -} diff --git a/security/nss/cmd/zlib/infblock.c b/security/nss/cmd/zlib/infblock.c deleted file mode 100644 index 8eddbafed..000000000 --- a/security/nss/cmd/zlib/infblock.c +++ /dev/null @@ -1,406 +0,0 @@ -/* infblock.c -- interpret and process block types to last block - * Copyright (C) 1995-1996 Mark Adler - * For conditions of distribution and use, see copyright notice in zlib.h - */ -/* This file was modified since it was taken from the zlib distribution */ - -#include "zutil.h" -#include "infblock.h" -#include "inftrees.h" -#include "infcodes.h" -#include "infutil.h" - -struct inflate_codes_state {int dummy;}; /* for buggy compilers */ - -/* Table for deflate from PKZIP's appnote.txt. */ -local uInt border[] = { /* Order of the bit length code lengths */ - 16, 17, 18, 0, 8, 7, 9, 6, 10, 5, 11, 4, 12, 3, 13, 2, 14, 1, 15}; - -/* - Notes beyond the 1.93a appnote.txt: - - 1. Distance pointers never point before the beginning of the output - stream. - 2. Distance pointers can point back across blocks, up to 32k away. - 3. There is an implied maximum of 7 bits for the bit length table and - 15 bits for the actual data. - 4. If only one code exists, then it is encoded using one bit. (Zero - would be more efficient, but perhaps a little confusing.) If two - codes exist, they are coded using one bit each (0 and 1). - 5. There is no way of sending zero distance codes--a dummy must be - sent if there are none. (History: a pre 2.0 version of PKZIP would - store blocks with no distance codes, but this was discovered to be - too harsh a criterion.) Valid only for 1.93a. 2.04c does allow - zero distance codes, which is sent as one code of zero bits in - length. - 6. There are up to 286 literal/length codes. Code 256 represents the - end-of-block. Note however that the static length tree defines - 288 codes just to fill out the Huffman codes. Codes 286 and 287 - cannot be used though, since there is no length base or extra bits - defined for them. Similarily, there are up to 30 distance codes. - However, static trees define 32 codes (all 5 bits) to fill out the - Huffman codes, but the last two had better not show up in the data. - 7. Unzip can check dynamic Huffman blocks for complete code sets. - The exception is that a single code would not be complete (see #4). - 8. The five bits following the block type is really the number of - literal codes sent minus 257. - 9. Length codes 8,16,16 are interpreted as 13 length codes of 8 bits - (1+6+6). Therefore, to output three times the length, you output - three codes (1+1+1), whereas to output four times the same length, - you only need two codes (1+3). Hmm. - 10. In the tree reconstruction algorithm, Code = Code + Increment - only if BitLength(i) is not zero. (Pretty obvious.) - 11. Correction: 4 Bits: # of Bit Length codes - 4 (4 - 19) - 12. Note: length code 284 can represent 227-258, but length code 285 - really is 258. The last length deserves its own, short code - since it gets used a lot in very redundant files. The length - 258 is special since 258 - 3 (the min match length) is 255. - 13. The literal/length and distance code bit lengths are read as a - single stream of lengths. It is possible (and advantageous) for - a repeat code (16, 17, or 18) to go across the boundary between - the two sets of lengths. - */ - - -void inflate_blocks_reset(s, z, c) -inflate_blocks_statef *s; -z_streamp z; -uLongf *c; -{ - if (s->checkfn != Z_NULL) - *c = s->check; - if (s->mode == BTREE || s->mode == DTREE) - ZFREE(z, s->sub.trees.blens); - if (s->mode == CODES) - { - inflate_codes_free(s->sub.decode.codes, z); - inflate_trees_free(s->sub.decode.td, z); - inflate_trees_free(s->sub.decode.tl, z); - } - s->mode = TYPE; - s->bitk = 0; - s->bitb = 0; - s->read = s->write = s->window; - if (s->checkfn != Z_NULL) - z->adler = s->check = (*s->checkfn)(0L, Z_NULL, 0); - Trace((stderr, "inflate: blocks reset\n")); -} - - -inflate_blocks_statef *inflate_blocks_new(z, c, w) -z_streamp z; -check_func c; -uInt w; -{ - inflate_blocks_statef *s; - - if ((s = (inflate_blocks_statef *)ZALLOC - (z,1,sizeof(struct inflate_blocks_state))) == Z_NULL) - return s; - if ((s->window = (Bytef *)ZALLOC(z, 1, w)) == Z_NULL) - { - ZFREE(z, s); - return Z_NULL; - } - s->end = s->window + w; - s->checkfn = c; - s->mode = TYPE; - Trace((stderr, "inflate: blocks allocated\n")); - inflate_blocks_reset(s, z, &s->check); - return s; -} - - -#ifdef DEBUG - extern uInt inflate_hufts; -#endif -int inflate_blocks(s, z, r) -inflate_blocks_statef *s; -z_streamp z; -int r; -{ - uInt t; /* temporary storage */ - uLong b; /* bit buffer */ - uInt k; /* bits in bit buffer */ - Bytef *p; /* input data pointer */ - uInt n; /* bytes available there */ - Bytef *q; /* output window write pointer */ - uInt m; /* bytes to end of window or read pointer */ - - /* copy input/output information to locals (UPDATE macro restores) */ - LOAD - - /* process input based on current state */ - while (1) switch (s->mode) - { - case TYPE: - NEEDBITS(3) - t = (uInt)b & 7; - s->last = t & 1; - switch (t >> 1) - { - case 0: /* stored */ - Trace((stderr, "inflate: stored block%s\n", - s->last ? " (last)" : "")); - DUMPBITS(3) - t = k & 7; /* go to byte boundary */ - DUMPBITS(t) - s->mode = LENS; /* get length of stored block */ - break; - case 1: /* fixed */ - Trace((stderr, "inflate: fixed codes block%s\n", - s->last ? " (last)" : "")); - { - uInt bl, bd; - inflate_huft *tl, *td; - - inflate_trees_fixed(&bl, &bd, &tl, &td); - s->sub.decode.codes = inflate_codes_new(bl, bd, tl, td, z); - if (s->sub.decode.codes == Z_NULL) - { - r = Z_MEM_ERROR; - LEAVE - } - s->sub.decode.tl = Z_NULL; /* don't try to free these */ - s->sub.decode.td = Z_NULL; - } - DUMPBITS(3) - s->mode = CODES; - break; - case 2: /* dynamic */ - Trace((stderr, "inflate: dynamic codes block%s\n", - s->last ? " (last)" : "")); - DUMPBITS(3) - s->mode = TABLE; - break; - case 3: /* illegal */ - DUMPBITS(3) - s->mode = BAD; - z->msg = (char*)"invalid block type"; - r = Z_DATA_ERROR; - LEAVE - } - break; - case LENS: - NEEDBITS(32) - if ((((~b) >> 16) & 0xffff) != (b & 0xffff)) - { - s->mode = BAD; - z->msg = (char*)"invalid stored block lengths"; - r = Z_DATA_ERROR; - LEAVE - } - s->sub.left = (uInt)b & 0xffff; - b = k = 0; /* dump bits */ - Tracev((stderr, "inflate: stored length %u\n", s->sub.left)); - s->mode = s->sub.left ? STORED : (s->last ? DRY : TYPE); - break; - case STORED: - if (n == 0) - LEAVE - NEEDOUT - t = s->sub.left; - if (t > n) t = n; - if (t > m) t = m; - zmemcpy(q, p, t); - p += t; n -= t; - q += t; m -= t; - if ((s->sub.left -= t) != 0) - break; - Tracev((stderr, "inflate: stored end, %lu total out\n", - z->total_out + (q >= s->read ? q - s->read : - (s->end - s->read) + (q - s->window)))); - s->mode = s->last ? DRY : TYPE; - break; - case TABLE: - NEEDBITS(14) - s->sub.trees.table = t = (uInt)b & 0x3fff; -#ifndef PKZIP_BUG_WORKAROUND - if ((t & 0x1f) > 29 || ((t >> 5) & 0x1f) > 29) - { - s->mode = BAD; - z->msg = (char*)"too many length or distance symbols"; - r = Z_DATA_ERROR; - LEAVE - } -#endif - t = 258 + (t & 0x1f) + ((t >> 5) & 0x1f); - if (t < 19) - t = 19; - if ((s->sub.trees.blens = (uIntf*)ZALLOC(z, t, sizeof(uInt))) == Z_NULL) - { - r = Z_MEM_ERROR; - LEAVE - } - DUMPBITS(14) - s->sub.trees.index = 0; - Tracev((stderr, "inflate: table sizes ok\n")); - s->mode = BTREE; - case BTREE: - while (s->sub.trees.index < 4 + (s->sub.trees.table >> 10)) - { - NEEDBITS(3) - s->sub.trees.blens[border[s->sub.trees.index++]] = (uInt)b & 7; - DUMPBITS(3) - } - while (s->sub.trees.index < 19) - s->sub.trees.blens[border[s->sub.trees.index++]] = 0; - s->sub.trees.bb = 7; - t = inflate_trees_bits(s->sub.trees.blens, &s->sub.trees.bb, - &s->sub.trees.tb, z); - if (t != Z_OK) - { - ZFREE(z, s->sub.trees.blens); - r = t; - if (r == Z_DATA_ERROR) - s->mode = BAD; - LEAVE - } - s->sub.trees.index = 0; - Tracev((stderr, "inflate: bits tree ok\n")); - s->mode = DTREE; - case DTREE: - while (t = s->sub.trees.table, - s->sub.trees.index < 258 + (t & 0x1f) + ((t >> 5) & 0x1f)) - { - inflate_huft *h; - uInt i, j, c; - - t = s->sub.trees.bb; - NEEDBITS(t) - h = s->sub.trees.tb + ((uInt)b & inflate_mask[t]); - t = h->word.what.Bits; - c = h->more.Base; - if (c < 16) - { - DUMPBITS(t) - s->sub.trees.blens[s->sub.trees.index++] = c; - } - else /* c == 16..18 */ - { - i = c == 18 ? 7 : c - 14; - j = c == 18 ? 11 : 3; - NEEDBITS(t + i) - DUMPBITS(t) - j += (uInt)b & inflate_mask[i]; - DUMPBITS(i) - i = s->sub.trees.index; - t = s->sub.trees.table; - if (i + j > 258 + (t & 0x1f) + ((t >> 5) & 0x1f) || - (c == 16 && i < 1)) - { - inflate_trees_free(s->sub.trees.tb, z); - ZFREE(z, s->sub.trees.blens); - s->mode = BAD; - z->msg = (char*)"invalid bit length repeat"; - r = Z_DATA_ERROR; - LEAVE - } - c = c == 16 ? s->sub.trees.blens[i - 1] : 0; - do { - s->sub.trees.blens[i++] = c; - } while (--j); - s->sub.trees.index = i; - } - } - inflate_trees_free(s->sub.trees.tb, z); - s->sub.trees.tb = Z_NULL; - { - uInt bl, bd; - inflate_huft *tl, *td; - inflate_codes_statef *c; - - bl = 9; /* must be <= 9 for lookahead assumptions */ - bd = 6; /* must be <= 9 for lookahead assumptions */ - t = s->sub.trees.table; -#ifdef DEBUG - inflate_hufts = 0; -#endif - t = inflate_trees_dynamic(257 + (t & 0x1f), 1 + ((t >> 5) & 0x1f), - s->sub.trees.blens, &bl, &bd, &tl, &td, z); - ZFREE(z, s->sub.trees.blens); - if (t != Z_OK) - { - if (t == (uInt)Z_DATA_ERROR) - s->mode = BAD; - r = t; - LEAVE - } - Tracev((stderr, "inflate: trees ok, %d * %d bytes used\n", - inflate_hufts, sizeof(inflate_huft))); - if ((c = inflate_codes_new(bl, bd, tl, td, z)) == Z_NULL) - { - inflate_trees_free(td, z); - inflate_trees_free(tl, z); - r = Z_MEM_ERROR; - LEAVE - } - s->sub.decode.codes = c; - s->sub.decode.tl = tl; - s->sub.decode.td = td; - } - s->mode = CODES; - case CODES: - UPDATE - if ((r = inflate_codes(s, z, r)) != Z_STREAM_END) - return inflate_flush(s, z, r); - r = Z_OK; - inflate_codes_free(s->sub.decode.codes, z); - inflate_trees_free(s->sub.decode.td, z); - inflate_trees_free(s->sub.decode.tl, z); - LOAD - Tracev((stderr, "inflate: codes end, %lu total out\n", - z->total_out + (q >= s->read ? q - s->read : - (s->end - s->read) + (q - s->window)))); - if (!s->last) - { - s->mode = TYPE; - break; - } - if (k > 7) /* return unused byte, if any */ - { - Assert(k < 16, "inflate_codes grabbed too many bytes") - k -= 8; - n++; - p--; /* can always return one */ - } - s->mode = DRY; - case DRY: - FLUSH - if (s->read != s->write) - LEAVE - s->mode = DONE; - case DONE: - r = Z_STREAM_END; - LEAVE - case BAD: - r = Z_DATA_ERROR; - LEAVE - default: - r = Z_STREAM_ERROR; - LEAVE - } -} - - -int inflate_blocks_free(s, z, c) -inflate_blocks_statef *s; -z_streamp z; -uLongf *c; -{ - inflate_blocks_reset(s, z, c); - ZFREE(z, s->window); - ZFREE(z, s); - Trace((stderr, "inflate: blocks freed\n")); - return Z_OK; -} - - -void inflate_set_dictionary(s, d, n) -inflate_blocks_statef *s; -const Bytef *d; -uInt n; -{ - zmemcpy((charf *)s->window, d, n); - s->read = s->write = s->window + n; -} diff --git a/security/nss/cmd/zlib/infblock.h b/security/nss/cmd/zlib/infblock.h deleted file mode 100644 index 3ecd50cd3..000000000 --- a/security/nss/cmd/zlib/infblock.h +++ /dev/null @@ -1,37 +0,0 @@ -/* infblock.h -- header to use infblock.c - * Copyright (C) 1995-1996 Mark Adler - * For conditions of distribution and use, see copyright notice in zlib.h - */ - -/* WARNING: this file should *not* be used by applications. It is - part of the implementation of the compression library and is - subject to change. Applications should only use zlib.h. - */ - -struct inflate_blocks_state; -typedef struct inflate_blocks_state FAR inflate_blocks_statef; - -extern inflate_blocks_statef * inflate_blocks_new OF(( - z_streamp z, - check_func c, /* check function */ - uInt w)); /* window size */ - -extern int inflate_blocks OF(( - inflate_blocks_statef *, - z_streamp , - int)); /* initial return code */ - -extern void inflate_blocks_reset OF(( - inflate_blocks_statef *, - z_streamp , - uLongf *)); /* check value on output */ - -extern int inflate_blocks_free OF(( - inflate_blocks_statef *, - z_streamp , - uLongf *)); /* check value on output */ - -extern void inflate_set_dictionary OF(( - inflate_blocks_statef *s, - const Bytef *d, /* dictionary */ - uInt n)); /* dictionary length */ diff --git a/security/nss/cmd/zlib/infcodes.c b/security/nss/cmd/zlib/infcodes.c deleted file mode 100644 index 3ae3818a1..000000000 --- a/security/nss/cmd/zlib/infcodes.c +++ /dev/null @@ -1,247 +0,0 @@ -/* infcodes.c -- process literals and length/distance pairs - * Copyright (C) 1995-1996 Mark Adler - * For conditions of distribution and use, see copyright notice in zlib.h - */ - -#include "zutil.h" -#include "inftrees.h" -#include "infblock.h" -#include "infcodes.h" -#include "infutil.h" -#include "inffast.h" - -/* simplify the use of the inflate_huft type with some defines */ -#define base more.Base -#define next more.Next -#define exop word.what.Exop -#define bits word.what.Bits - -/* inflate codes private state */ -struct inflate_codes_state { - - /* mode */ - enum { /* waiting for "i:"=input, "o:"=output, "x:"=nothing */ - START, /* x: set up for LEN */ - LEN, /* i: get length/literal/eob next */ - LENEXT, /* i: getting length extra (have base) */ - DIST, /* i: get distance next */ - DISTEXT, /* i: getting distance extra */ - COPY, /* o: copying bytes in window, waiting for space */ - LIT, /* o: got literal, waiting for output space */ - WASH, /* o: got eob, possibly still output waiting */ - END, /* x: got eob and all data flushed */ - BADCODE} /* x: got error */ - mode; /* current inflate_codes mode */ - - /* mode dependent information */ - uInt len; - union { - struct { - inflate_huft *tree; /* pointer into tree */ - uInt need; /* bits needed */ - } code; /* if LEN or DIST, where in tree */ - uInt lit; /* if LIT, literal */ - struct { - uInt get; /* bits to get for extra */ - uInt dist; /* distance back to copy from */ - } copy; /* if EXT or COPY, where and how much */ - } sub; /* submode */ - - /* mode independent information */ - Byte lbits; /* ltree bits decoded per branch */ - Byte dbits; /* dtree bits decoder per branch */ - inflate_huft *ltree; /* literal/length/eob tree */ - inflate_huft *dtree; /* distance tree */ - -}; - - -inflate_codes_statef *inflate_codes_new(bl, bd, tl, td, z) -uInt bl, bd; -inflate_huft *tl; -inflate_huft *td; /* need separate declaration for Borland C++ */ -z_streamp z; -{ - inflate_codes_statef *c; - - if ((c = (inflate_codes_statef *) - ZALLOC(z,1,sizeof(struct inflate_codes_state))) != Z_NULL) - { - c->mode = START; - c->lbits = (Byte)bl; - c->dbits = (Byte)bd; - c->ltree = tl; - c->dtree = td; - Tracev((stderr, "inflate: codes new\n")); - } - return c; -} - - -int inflate_codes(s, z, r) -inflate_blocks_statef *s; -z_streamp z; -int r; -{ - uInt j; /* temporary storage */ - inflate_huft *t; /* temporary pointer */ - uInt e; /* extra bits or operation */ - uLong b; /* bit buffer */ - uInt k; /* bits in bit buffer */ - Bytef *p; /* input data pointer */ - uInt n; /* bytes available there */ - Bytef *q; /* output window write pointer */ - uInt m; /* bytes to end of window or read pointer */ - Bytef *f; /* pointer to copy strings from */ - inflate_codes_statef *c = s->sub.decode.codes; /* codes state */ - - /* copy input/output information to locals (UPDATE macro restores) */ - LOAD - - /* process input and output based on current state */ - while (1) switch (c->mode) - { /* waiting for "i:"=input, "o:"=output, "x:"=nothing */ - case START: /* x: set up for LEN */ -#ifndef SLOW - if (m >= 258 && n >= 10) - { - UPDATE - r = inflate_fast(c->lbits, c->dbits, c->ltree, c->dtree, s, z); - LOAD - if (r != Z_OK) - { - c->mode = r == Z_STREAM_END ? WASH : BADCODE; - break; - } - } -#endif /* !SLOW */ - c->sub.code.need = c->lbits; - c->sub.code.tree = c->ltree; - c->mode = LEN; - case LEN: /* i: get length/literal/eob next */ - j = c->sub.code.need; - NEEDBITS(j) - t = c->sub.code.tree + ((uInt)b & inflate_mask[j]); - DUMPBITS(t->bits) - e = (uInt)(t->exop); - if (e == 0) /* literal */ - { - c->sub.lit = t->base; - Tracevv((stderr, t->base >= 0x20 && t->base < 0x7f ? - "inflate: literal '%c'\n" : - "inflate: literal 0x%02x\n", t->base)); - c->mode = LIT; - break; - } - if (e & 16) /* length */ - { - c->sub.copy.get = e & 15; - c->len = t->base; - c->mode = LENEXT; - break; - } - if ((e & 64) == 0) /* next table */ - { - c->sub.code.need = e; - c->sub.code.tree = t->next; - break; - } - if (e & 32) /* end of block */ - { - Tracevv((stderr, "inflate: end of block\n")); - c->mode = WASH; - break; - } - c->mode = BADCODE; /* invalid code */ - z->msg = (char*)"invalid literal/length code"; - r = Z_DATA_ERROR; - LEAVE - case LENEXT: /* i: getting length extra (have base) */ - j = c->sub.copy.get; - NEEDBITS(j) - c->len += (uInt)b & inflate_mask[j]; - DUMPBITS(j) - c->sub.code.need = c->dbits; - c->sub.code.tree = c->dtree; - Tracevv((stderr, "inflate: length %u\n", c->len)); - c->mode = DIST; - case DIST: /* i: get distance next */ - j = c->sub.code.need; - NEEDBITS(j) - t = c->sub.code.tree + ((uInt)b & inflate_mask[j]); - DUMPBITS(t->bits) - e = (uInt)(t->exop); - if (e & 16) /* distance */ - { - c->sub.copy.get = e & 15; - c->sub.copy.dist = t->base; - c->mode = DISTEXT; - break; - } - if ((e & 64) == 0) /* next table */ - { - c->sub.code.need = e; - c->sub.code.tree = t->next; - break; - } - c->mode = BADCODE; /* invalid code */ - z->msg = (char*)"invalid distance code"; - r = Z_DATA_ERROR; - LEAVE - case DISTEXT: /* i: getting distance extra */ - j = c->sub.copy.get; - NEEDBITS(j) - c->sub.copy.dist += (uInt)b & inflate_mask[j]; - DUMPBITS(j) - Tracevv((stderr, "inflate: distance %u\n", c->sub.copy.dist)); - c->mode = COPY; - case COPY: /* o: copying bytes in window, waiting for space */ -#ifndef __TURBOC__ /* Turbo C bug for following expression */ - f = (uInt)(q - s->window) < c->sub.copy.dist ? - s->end - (c->sub.copy.dist - (q - s->window)) : - q - c->sub.copy.dist; -#else - f = q - c->sub.copy.dist; - if ((uInt)(q - s->window) < c->sub.copy.dist) - f = s->end - (c->sub.copy.dist - (uInt)(q - s->window)); -#endif - while (c->len) - { - NEEDOUT - OUTBYTE(*f++) - if (f == s->end) - f = s->window; - c->len--; - } - c->mode = START; - break; - case LIT: /* o: got literal, waiting for output space */ - NEEDOUT - OUTBYTE(c->sub.lit) - c->mode = START; - break; - case WASH: /* o: got eob, possibly more output */ - FLUSH - if (s->read != s->write) - LEAVE - c->mode = END; - case END: - r = Z_STREAM_END; - LEAVE - case BADCODE: /* x: got error */ - r = Z_DATA_ERROR; - LEAVE - default: - r = Z_STREAM_ERROR; - LEAVE - } -} - - -void inflate_codes_free(c, z) -inflate_codes_statef *c; -z_streamp z; -{ - ZFREE(z, c); - Tracev((stderr, "inflate: codes free\n")); -} diff --git a/security/nss/cmd/zlib/infcodes.h b/security/nss/cmd/zlib/infcodes.h deleted file mode 100644 index c2c38df2c..000000000 --- a/security/nss/cmd/zlib/infcodes.h +++ /dev/null @@ -1,27 +0,0 @@ -/* infcodes.h -- header to use infcodes.c - * Copyright (C) 1995-1996 Mark Adler - * For conditions of distribution and use, see copyright notice in zlib.h - */ - -/* WARNING: this file should *not* be used by applications. It is - part of the implementation of the compression library and is - subject to change. Applications should only use zlib.h. - */ - -struct inflate_codes_state; -typedef struct inflate_codes_state FAR inflate_codes_statef; - -extern inflate_codes_statef *inflate_codes_new OF(( - uInt, uInt, - inflate_huft *, inflate_huft *, - z_streamp )); - -extern int inflate_codes OF(( - inflate_blocks_statef *, - z_streamp , - int)); - -extern void inflate_codes_free OF(( - inflate_codes_statef *, - z_streamp )); - diff --git a/security/nss/cmd/zlib/inffast.c b/security/nss/cmd/zlib/inffast.c deleted file mode 100644 index 86eee4a29..000000000 --- a/security/nss/cmd/zlib/inffast.c +++ /dev/null @@ -1,168 +0,0 @@ -/* inffast.c -- process literals and length/distance pairs fast - * Copyright (C) 1995-1996 Mark Adler - * For conditions of distribution and use, see copyright notice in zlib.h - */ - -#include "zutil.h" -#include "inftrees.h" -#include "infblock.h" -#include "infcodes.h" -#include "infutil.h" -#include "inffast.h" - -struct inflate_codes_state {int dummy;}; /* for buggy compilers */ - -/* simplify the use of the inflate_huft type with some defines */ -#define base more.Base -#define next more.Next -#define exop word.what.Exop -#define bits word.what.Bits - -/* macros for bit input with no checking and for returning unused bytes */ -#define GRABBITS(j) {while(k<(j)){b|=((uLong)NEXTBYTE)<<k;k+=8;}} -#define UNGRAB {n+=(c=k>>3);p-=c;k&=7;} - -/* Called with number of bytes left to write in window at least 258 - (the maximum string length) and number of input bytes available - at least ten. The ten bytes are six bytes for the longest length/ - distance pair plus four bytes for overloading the bit buffer. */ - -int inflate_fast(bl, bd, tl, td, s, z) -uInt bl, bd; -inflate_huft *tl; -inflate_huft *td; /* need separate declaration for Borland C++ */ -inflate_blocks_statef *s; -z_streamp z; -{ - inflate_huft *t; /* temporary pointer */ - uInt e; /* extra bits or operation */ - uLong b; /* bit buffer */ - uInt k; /* bits in bit buffer */ - Bytef *p; /* input data pointer */ - uInt n; /* bytes available there */ - Bytef *q; /* output window write pointer */ - uInt m; /* bytes to end of window or read pointer */ - uInt ml; /* mask for literal/length tree */ - uInt md; /* mask for distance tree */ - uInt c; /* bytes to copy */ - uInt d; /* distance back to copy from */ - Bytef *r; /* copy source pointer */ - - /* load input, output, bit values */ - LOAD - - /* initialize masks */ - ml = inflate_mask[bl]; - md = inflate_mask[bd]; - - /* do until not enough input or output space for fast loop */ - do { /* assume called with m >= 258 && n >= 10 */ - /* get literal/length code */ - GRABBITS(20) /* max bits for literal/length code */ - if ((e = (t = tl + ((uInt)b & ml))->exop) == 0) - { - DUMPBITS(t->bits) - Tracevv((stderr, t->base >= 0x20 && t->base < 0x7f ? - "inflate: * literal '%c'\n" : - "inflate: * literal 0x%02x\n", t->base)); - *q++ = (Byte)t->base; - m--; - continue; - } - do { - DUMPBITS(t->bits) - if (e & 16) - { - /* get extra bits for length */ - e &= 15; - c = t->base + ((uInt)b & inflate_mask[e]); - DUMPBITS(e) - Tracevv((stderr, "inflate: * length %u\n", c)); - - /* decode distance base of block to copy */ - GRABBITS(15); /* max bits for distance code */ - e = (t = td + ((uInt)b & md))->exop; - do { - DUMPBITS(t->bits) - if (e & 16) - { - /* get extra bits to add to distance base */ - e &= 15; - GRABBITS(e) /* get extra bits (up to 13) */ - d = t->base + ((uInt)b & inflate_mask[e]); - DUMPBITS(e) - Tracevv((stderr, "inflate: * distance %u\n", d)); - - /* do the copy */ - m -= c; - if ((uInt)(q - s->window) >= d) /* offset before dest */ - { /* just copy */ - r = q - d; - *q++ = *r++; c--; /* minimum count is three, */ - *q++ = *r++; c--; /* so unroll loop a little */ - } - else /* else offset after destination */ - { - e = d - (uInt)(q - s->window); /* bytes from offset to end */ - r = s->end - e; /* pointer to offset */ - if (c > e) /* if source crosses, */ - { - c -= e; /* copy to end of window */ - do { - *q++ = *r++; - } while (--e); - r = s->window; /* copy rest from start of window */ - } - } - do { /* copy all or what's left */ - *q++ = *r++; - } while (--c); - break; - } - else if ((e & 64) == 0) - e = (t = t->next + ((uInt)b & inflate_mask[e]))->exop; - else - { - z->msg = (char*)"invalid distance code"; - UNGRAB - UPDATE - return Z_DATA_ERROR; - } - } while (1); - break; - } - if ((e & 64) == 0) - { - if ((e = (t = t->next + ((uInt)b & inflate_mask[e]))->exop) == 0) - { - DUMPBITS(t->bits) - Tracevv((stderr, t->base >= 0x20 && t->base < 0x7f ? - "inflate: * literal '%c'\n" : - "inflate: * literal 0x%02x\n", t->base)); - *q++ = (Byte)t->base; - m--; - break; - } - } - else if (e & 32) - { - Tracevv((stderr, "inflate: * end of block\n")); - UNGRAB - UPDATE - return Z_STREAM_END; - } - else - { - z->msg = (char*)"invalid literal/length code"; - UNGRAB - UPDATE - return Z_DATA_ERROR; - } - } while (1); - } while (m >= 258 && n >= 10); - - /* not enough input or output--restore pointers and return */ - UNGRAB - UPDATE - return Z_OK; -} diff --git a/security/nss/cmd/zlib/inffast.h b/security/nss/cmd/zlib/inffast.h deleted file mode 100644 index 8cc644efb..000000000 --- a/security/nss/cmd/zlib/inffast.h +++ /dev/null @@ -1,17 +0,0 @@ -/* inffast.h -- header to use inffast.c - * Copyright (C) 1995-1996 Mark Adler - * For conditions of distribution and use, see copyright notice in zlib.h - */ - -/* WARNING: this file should *not* be used by applications. It is - part of the implementation of the compression library and is - subject to change. Applications should only use zlib.h. - */ - -extern int inflate_fast OF(( - uInt, - uInt, - inflate_huft *, - inflate_huft *, - inflate_blocks_statef *, - z_streamp )); diff --git a/security/nss/cmd/zlib/inffixed.h b/security/nss/cmd/zlib/inffixed.h deleted file mode 100644 index 77f7e7631..000000000 --- a/security/nss/cmd/zlib/inffixed.h +++ /dev/null @@ -1,151 +0,0 @@ -/* inffixed.h -- table for decoding fixed codes - * Generated automatically by the maketree.c program - */ - -/* WARNING: this file should *not* be used by applications. It is - part of the implementation of the compression library and is - subject to change. Applications should only use zlib.h. - */ - -local uInt fixed_bl = 9; -local uInt fixed_bd = 5; -local inflate_huft fixed_tl[] = { - {{{96,7}},256}, {{{0,8}},80}, {{{0,8}},16}, {{{84,8}},115}, - {{{82,7}},31}, {{{0,8}},112}, {{{0,8}},48}, {{{0,9}},192}, - {{{80,7}},10}, {{{0,8}},96}, {{{0,8}},32}, {{{0,9}},160}, - {{{0,8}},0}, {{{0,8}},128}, {{{0,8}},64}, {{{0,9}},224}, - {{{80,7}},6}, {{{0,8}},88}, {{{0,8}},24}, {{{0,9}},144}, - {{{83,7}},59}, {{{0,8}},120}, {{{0,8}},56}, {{{0,9}},208}, - {{{81,7}},17}, {{{0,8}},104}, {{{0,8}},40}, {{{0,9}},176}, - {{{0,8}},8}, {{{0,8}},136}, {{{0,8}},72}, {{{0,9}},240}, - {{{80,7}},4}, {{{0,8}},84}, {{{0,8}},20}, {{{85,8}},227}, - {{{83,7}},43}, {{{0,8}},116}, {{{0,8}},52}, {{{0,9}},200}, - {{{81,7}},13}, {{{0,8}},100}, {{{0,8}},36}, {{{0,9}},168}, - {{{0,8}},4}, {{{0,8}},132}, {{{0,8}},68}, {{{0,9}},232}, - {{{80,7}},8}, {{{0,8}},92}, {{{0,8}},28}, {{{0,9}},152}, - {{{84,7}},83}, {{{0,8}},124}, {{{0,8}},60}, {{{0,9}},216}, - {{{82,7}},23}, {{{0,8}},108}, {{{0,8}},44}, {{{0,9}},184}, - {{{0,8}},12}, {{{0,8}},140}, {{{0,8}},76}, {{{0,9}},248}, - {{{80,7}},3}, {{{0,8}},82}, {{{0,8}},18}, {{{85,8}},163}, - {{{83,7}},35}, {{{0,8}},114}, {{{0,8}},50}, {{{0,9}},196}, - {{{81,7}},11}, {{{0,8}},98}, {{{0,8}},34}, {{{0,9}},164}, - {{{0,8}},2}, {{{0,8}},130}, {{{0,8}},66}, {{{0,9}},228}, - {{{80,7}},7}, {{{0,8}},90}, {{{0,8}},26}, {{{0,9}},148}, - {{{84,7}},67}, {{{0,8}},122}, {{{0,8}},58}, {{{0,9}},212}, - {{{82,7}},19}, {{{0,8}},106}, {{{0,8}},42}, {{{0,9}},180}, - {{{0,8}},10}, {{{0,8}},138}, {{{0,8}},74}, {{{0,9}},244}, - {{{80,7}},5}, {{{0,8}},86}, {{{0,8}},22}, {{{192,8}},0}, - {{{83,7}},51}, {{{0,8}},118}, {{{0,8}},54}, {{{0,9}},204}, - {{{81,7}},15}, {{{0,8}},102}, {{{0,8}},38}, {{{0,9}},172}, - {{{0,8}},6}, {{{0,8}},134}, {{{0,8}},70}, {{{0,9}},236}, - {{{80,7}},9}, {{{0,8}},94}, {{{0,8}},30}, {{{0,9}},156}, - {{{84,7}},99}, {{{0,8}},126}, {{{0,8}},62}, {{{0,9}},220}, - {{{82,7}},27}, {{{0,8}},110}, {{{0,8}},46}, {{{0,9}},188}, - {{{0,8}},14}, {{{0,8}},142}, {{{0,8}},78}, {{{0,9}},252}, - {{{96,7}},256}, {{{0,8}},81}, {{{0,8}},17}, {{{85,8}},131}, - {{{82,7}},31}, {{{0,8}},113}, {{{0,8}},49}, {{{0,9}},194}, - {{{80,7}},10}, {{{0,8}},97}, {{{0,8}},33}, {{{0,9}},162}, - {{{0,8}},1}, {{{0,8}},129}, {{{0,8}},65}, {{{0,9}},226}, - {{{80,7}},6}, {{{0,8}},89}, {{{0,8}},25}, {{{0,9}},146}, - {{{83,7}},59}, {{{0,8}},121}, {{{0,8}},57}, {{{0,9}},210}, - {{{81,7}},17}, {{{0,8}},105}, {{{0,8}},41}, {{{0,9}},178}, - {{{0,8}},9}, {{{0,8}},137}, {{{0,8}},73}, {{{0,9}},242}, - {{{80,7}},4}, {{{0,8}},85}, {{{0,8}},21}, {{{80,8}},258}, - {{{83,7}},43}, {{{0,8}},117}, {{{0,8}},53}, {{{0,9}},202}, - {{{81,7}},13}, {{{0,8}},101}, {{{0,8}},37}, {{{0,9}},170}, - {{{0,8}},5}, {{{0,8}},133}, {{{0,8}},69}, {{{0,9}},234}, - {{{80,7}},8}, {{{0,8}},93}, {{{0,8}},29}, {{{0,9}},154}, - {{{84,7}},83}, {{{0,8}},125}, {{{0,8}},61}, {{{0,9}},218}, - {{{82,7}},23}, {{{0,8}},109}, {{{0,8}},45}, {{{0,9}},186}, - {{{0,8}},13}, {{{0,8}},141}, {{{0,8}},77}, {{{0,9}},250}, - {{{80,7}},3}, {{{0,8}},83}, {{{0,8}},19}, {{{85,8}},195}, - {{{83,7}},35}, {{{0,8}},115}, {{{0,8}},51}, {{{0,9}},198}, - {{{81,7}},11}, {{{0,8}},99}, {{{0,8}},35}, {{{0,9}},166}, - {{{0,8}},3}, {{{0,8}},131}, {{{0,8}},67}, {{{0,9}},230}, - {{{80,7}},7}, {{{0,8}},91}, {{{0,8}},27}, {{{0,9}},150}, - {{{84,7}},67}, {{{0,8}},123}, {{{0,8}},59}, {{{0,9}},214}, - {{{82,7}},19}, {{{0,8}},107}, {{{0,8}},43}, {{{0,9}},182}, - {{{0,8}},11}, {{{0,8}},139}, {{{0,8}},75}, {{{0,9}},246}, - {{{80,7}},5}, {{{0,8}},87}, {{{0,8}},23}, {{{192,8}},0}, - {{{83,7}},51}, {{{0,8}},119}, {{{0,8}},55}, {{{0,9}},206}, - {{{81,7}},15}, {{{0,8}},103}, {{{0,8}},39}, {{{0,9}},174}, - {{{0,8}},7}, {{{0,8}},135}, {{{0,8}},71}, {{{0,9}},238}, - {{{80,7}},9}, {{{0,8}},95}, {{{0,8}},31}, {{{0,9}},158}, - {{{84,7}},99}, {{{0,8}},127}, {{{0,8}},63}, {{{0,9}},222}, - {{{82,7}},27}, {{{0,8}},111}, {{{0,8}},47}, {{{0,9}},190}, - {{{0,8}},15}, {{{0,8}},143}, {{{0,8}},79}, {{{0,9}},254}, - {{{96,7}},256}, {{{0,8}},80}, {{{0,8}},16}, {{{84,8}},115}, - {{{82,7}},31}, {{{0,8}},112}, {{{0,8}},48}, {{{0,9}},193}, - {{{80,7}},10}, {{{0,8}},96}, {{{0,8}},32}, {{{0,9}},161}, - {{{0,8}},0}, {{{0,8}},128}, {{{0,8}},64}, {{{0,9}},225}, - {{{80,7}},6}, {{{0,8}},88}, {{{0,8}},24}, {{{0,9}},145}, - {{{83,7}},59}, {{{0,8}},120}, {{{0,8}},56}, {{{0,9}},209}, - {{{81,7}},17}, {{{0,8}},104}, {{{0,8}},40}, {{{0,9}},177}, - {{{0,8}},8}, {{{0,8}},136}, {{{0,8}},72}, {{{0,9}},241}, - {{{80,7}},4}, {{{0,8}},84}, {{{0,8}},20}, {{{85,8}},227}, - {{{83,7}},43}, {{{0,8}},116}, {{{0,8}},52}, {{{0,9}},201}, - {{{81,7}},13}, {{{0,8}},100}, {{{0,8}},36}, {{{0,9}},169}, - {{{0,8}},4}, {{{0,8}},132}, {{{0,8}},68}, {{{0,9}},233}, - {{{80,7}},8}, {{{0,8}},92}, {{{0,8}},28}, {{{0,9}},153}, - {{{84,7}},83}, {{{0,8}},124}, {{{0,8}},60}, {{{0,9}},217}, - {{{82,7}},23}, {{{0,8}},108}, {{{0,8}},44}, {{{0,9}},185}, - {{{0,8}},12}, {{{0,8}},140}, {{{0,8}},76}, {{{0,9}},249}, - {{{80,7}},3}, {{{0,8}},82}, {{{0,8}},18}, {{{85,8}},163}, - {{{83,7}},35}, {{{0,8}},114}, {{{0,8}},50}, {{{0,9}},197}, - {{{81,7}},11}, {{{0,8}},98}, {{{0,8}},34}, {{{0,9}},165}, - {{{0,8}},2}, {{{0,8}},130}, {{{0,8}},66}, {{{0,9}},229}, - {{{80,7}},7}, {{{0,8}},90}, {{{0,8}},26}, {{{0,9}},149}, - {{{84,7}},67}, {{{0,8}},122}, {{{0,8}},58}, {{{0,9}},213}, - {{{82,7}},19}, {{{0,8}},106}, {{{0,8}},42}, {{{0,9}},181}, - {{{0,8}},10}, {{{0,8}},138}, {{{0,8}},74}, {{{0,9}},245}, - {{{80,7}},5}, {{{0,8}},86}, {{{0,8}},22}, {{{192,8}},0}, - {{{83,7}},51}, {{{0,8}},118}, {{{0,8}},54}, {{{0,9}},205}, - {{{81,7}},15}, {{{0,8}},102}, {{{0,8}},38}, {{{0,9}},173}, - {{{0,8}},6}, {{{0,8}},134}, {{{0,8}},70}, {{{0,9}},237}, - {{{80,7}},9}, {{{0,8}},94}, {{{0,8}},30}, {{{0,9}},157}, - {{{84,7}},99}, {{{0,8}},126}, {{{0,8}},62}, {{{0,9}},221}, - {{{82,7}},27}, {{{0,8}},110}, {{{0,8}},46}, {{{0,9}},189}, - {{{0,8}},14}, {{{0,8}},142}, {{{0,8}},78}, {{{0,9}},253}, - {{{96,7}},256}, {{{0,8}},81}, {{{0,8}},17}, {{{85,8}},131}, - {{{82,7}},31}, {{{0,8}},113}, {{{0,8}},49}, {{{0,9}},195}, - {{{80,7}},10}, {{{0,8}},97}, {{{0,8}},33}, {{{0,9}},163}, - {{{0,8}},1}, {{{0,8}},129}, {{{0,8}},65}, {{{0,9}},227}, - {{{80,7}},6}, {{{0,8}},89}, {{{0,8}},25}, {{{0,9}},147}, - {{{83,7}},59}, {{{0,8}},121}, {{{0,8}},57}, {{{0,9}},211}, - {{{81,7}},17}, {{{0,8}},105}, {{{0,8}},41}, {{{0,9}},179}, - {{{0,8}},9}, {{{0,8}},137}, {{{0,8}},73}, {{{0,9}},243}, - {{{80,7}},4}, {{{0,8}},85}, {{{0,8}},21}, {{{80,8}},258}, - {{{83,7}},43}, {{{0,8}},117}, {{{0,8}},53}, {{{0,9}},203}, - {{{81,7}},13}, {{{0,8}},101}, {{{0,8}},37}, {{{0,9}},171}, - {{{0,8}},5}, {{{0,8}},133}, {{{0,8}},69}, {{{0,9}},235}, - {{{80,7}},8}, {{{0,8}},93}, {{{0,8}},29}, {{{0,9}},155}, - {{{84,7}},83}, {{{0,8}},125}, {{{0,8}},61}, {{{0,9}},219}, - {{{82,7}},23}, {{{0,8}},109}, {{{0,8}},45}, {{{0,9}},187}, - {{{0,8}},13}, {{{0,8}},141}, {{{0,8}},77}, {{{0,9}},251}, - {{{80,7}},3}, {{{0,8}},83}, {{{0,8}},19}, {{{85,8}},195}, - {{{83,7}},35}, {{{0,8}},115}, {{{0,8}},51}, {{{0,9}},199}, - {{{81,7}},11}, {{{0,8}},99}, {{{0,8}},35}, {{{0,9}},167}, - {{{0,8}},3}, {{{0,8}},131}, {{{0,8}},67}, {{{0,9}},231}, - {{{80,7}},7}, {{{0,8}},91}, {{{0,8}},27}, {{{0,9}},151}, - {{{84,7}},67}, {{{0,8}},123}, {{{0,8}},59}, {{{0,9}},215}, - {{{82,7}},19}, {{{0,8}},107}, {{{0,8}},43}, {{{0,9}},183}, - {{{0,8}},11}, {{{0,8}},139}, {{{0,8}},75}, {{{0,9}},247}, - {{{80,7}},5}, {{{0,8}},87}, {{{0,8}},23}, {{{192,8}},0}, - {{{83,7}},51}, {{{0,8}},119}, {{{0,8}},55}, {{{0,9}},207}, - {{{81,7}},15}, {{{0,8}},103}, {{{0,8}},39}, {{{0,9}},175}, - {{{0,8}},7}, {{{0,8}},135}, {{{0,8}},71}, {{{0,9}},239}, - {{{80,7}},9}, {{{0,8}},95}, {{{0,8}},31}, {{{0,9}},159}, - {{{84,7}},99}, {{{0,8}},127}, {{{0,8}},63}, {{{0,9}},223}, - {{{82,7}},27}, {{{0,8}},111}, {{{0,8}},47}, {{{0,9}},191}, - {{{0,8}},15}, {{{0,8}},143}, {{{0,8}},79}, {{{0,9}},255} - }; -local inflate_huft fixed_td[] = { - {{{80,5}},1}, {{{87,5}},257}, {{{83,5}},17}, {{{91,5}},4097}, - {{{81,5}},5}, {{{89,5}},1025}, {{{85,5}},65}, {{{93,5}},16385}, - {{{80,5}},3}, {{{88,5}},513}, {{{84,5}},33}, {{{92,5}},8193}, - {{{82,5}},9}, {{{90,5}},2049}, {{{86,5}},129}, {{{192,5}},24577}, - {{{80,5}},2}, {{{87,5}},385}, {{{83,5}},25}, {{{91,5}},6145}, - {{{81,5}},7}, {{{89,5}},1537}, {{{85,5}},97}, {{{93,5}},24577}, - {{{80,5}},4}, {{{88,5}},769}, {{{84,5}},49}, {{{92,5}},12289}, - {{{82,5}},13}, {{{90,5}},3073}, {{{86,5}},193}, {{{192,5}},24577} - }; diff --git a/security/nss/cmd/zlib/inflate.c b/security/nss/cmd/zlib/inflate.c deleted file mode 100644 index 8cd0c141c..000000000 --- a/security/nss/cmd/zlib/inflate.c +++ /dev/null @@ -1,346 +0,0 @@ -/* inflate.c -- zlib interface to inflate modules - * Copyright (C) 1995-1996 Mark Adler - * For conditions of distribution and use, see copyright notice in zlib.h - */ -/* This file was modified since it was taken from the zlib distribution */ - -#include "zutil.h" -#include "infblock.h" - -struct inflate_blocks_state {int dummy;}; /* for buggy compilers */ - -/* inflate private state */ -struct internal_state { - - /* mode */ - enum { - METHOD, /* waiting for method byte */ - FLAG, /* waiting for flag byte */ - DICT4, /* four dictionary check bytes to go */ - DICT3, /* three dictionary check bytes to go */ - DICT2, /* two dictionary check bytes to go */ - DICT1, /* one dictionary check byte to go */ - DICT0, /* waiting for inflateSetDictionary */ - BLOCKS, /* decompressing blocks */ - CHECK4, /* four check bytes to go */ - CHECK3, /* three check bytes to go */ - CHECK2, /* two check bytes to go */ - CHECK1, /* one check byte to go */ - DONE, /* finished check, done */ - BAD} /* got an error--stay here */ - mode; /* current inflate mode */ - - /* mode dependent information */ - union { - uInt method; /* if FLAGS, method byte */ - struct { - uLong was; /* computed check value */ - uLong need; /* stream check value */ - } check; /* if CHECK, check values to compare */ - uInt marker; /* if BAD, inflateSync's marker bytes count */ - } sub; /* submode */ - - /* mode independent information */ - int nowrap; /* flag for no wrapper */ - uInt wbits; /* log2(window size) (8..15, defaults to 15) */ - inflate_blocks_statef - *blocks; /* current inflate_blocks state */ - -}; - - -PR_PUBLIC_API(int) inflateReset(z) -z_streamp z; -{ - uLong c; - - if (z == Z_NULL || z->state == Z_NULL) - return Z_STREAM_ERROR; - z->total_in = z->total_out = 0; - z->msg = Z_NULL; - z->state->mode = z->state->nowrap ? BLOCKS : METHOD; - inflate_blocks_reset(z->state->blocks, z, &c); - Trace((stderr, "inflate: reset\n")); - return Z_OK; -} - - -PR_PUBLIC_API(int) inflateEnd(z) -z_streamp z; -{ - uLong c; - - if (z == Z_NULL || z->state == Z_NULL || z->zfree == Z_NULL) - return Z_STREAM_ERROR; - if (z->state->blocks != Z_NULL) - inflate_blocks_free(z->state->blocks, z, &c); - ZFREE(z, z->state); - z->state = Z_NULL; - Trace((stderr, "inflate: end\n")); - return Z_OK; -} - - -PR_PUBLIC_API(int) inflateInit2_(z, w, version, stream_size) -z_streamp z; -int w; -const char *version; -int stream_size; -{ - if (version == Z_NULL || version[0] != ZLIB_VERSION[0] || - stream_size != sizeof(z_stream)) - return Z_VERSION_ERROR; - - /* initialize state */ - if (z == Z_NULL) - return Z_STREAM_ERROR; - z->msg = Z_NULL; - if (z->zalloc == Z_NULL) - { - z->zalloc = zcalloc; - z->opaque = (voidpf)0; - } - if (z->zfree == Z_NULL) z->zfree = zcfree; - if ((z->state = (struct internal_state FAR *) - ZALLOC(z,1,sizeof(struct internal_state))) == Z_NULL) - return Z_MEM_ERROR; - z->state->blocks = Z_NULL; - - /* handle undocumented nowrap option (no zlib header or check) */ - z->state->nowrap = 0; - if (w < 0) - { - w = - w; - z->state->nowrap = 1; - } - - /* set window size */ - if (w < 8 || w > 15) - { - inflateEnd(z); - return Z_STREAM_ERROR; - } - z->state->wbits = (uInt)w; - - /* create inflate_blocks state */ - if ((z->state->blocks = - inflate_blocks_new(z, z->state->nowrap ? Z_NULL : adler32, (uInt)1 << w)) - == Z_NULL) - { - inflateEnd(z); - return Z_MEM_ERROR; - } - Trace((stderr, "inflate: allocated\n")); - - /* reset state */ - inflateReset(z); - return Z_OK; -} - - -PR_PUBLIC_API(int) inflateInit_(z, version, stream_size) -z_streamp z; -const char *version; -int stream_size; -{ - return inflateInit2_(z, DEF_WBITS, version, stream_size); -} - - -#define NEEDBYTE {if(z->avail_in==0)return r;r=Z_OK;} -#define NEXTBYTE (z->avail_in--,z->total_in++,*z->next_in++) - -PR_PUBLIC_API(int) inflate(z, f) -z_streamp z; -int f; -{ - int r; - uInt b; - - if (z == Z_NULL || z->state == Z_NULL || z->next_in == Z_NULL || f < 0) - return Z_STREAM_ERROR; - r = Z_BUF_ERROR; - while (1) switch (z->state->mode) - { - case METHOD: - NEEDBYTE - if (((z->state->sub.method = NEXTBYTE) & 0xf) != Z_DEFLATED) - { - z->state->mode = BAD; - z->msg = (char*)"unknown compression method"; - z->state->sub.marker = 5; /* can't try inflateSync */ - break; - } - if ((z->state->sub.method >> 4) + 8 > z->state->wbits) - { - z->state->mode = BAD; - z->msg = (char*)"invalid window size"; - z->state->sub.marker = 5; /* can't try inflateSync */ - break; - } - z->state->mode = FLAG; - case FLAG: - NEEDBYTE - b = NEXTBYTE; - if (((z->state->sub.method << 8) + b) % 31) - { - z->state->mode = BAD; - z->msg = (char*)"incorrect header check"; - z->state->sub.marker = 5; /* can't try inflateSync */ - break; - } - Trace((stderr, "inflate: zlib header ok\n")); - if (!(b & PRESET_DICT)) - { - z->state->mode = BLOCKS; - break; - } - z->state->mode = DICT4; - case DICT4: - NEEDBYTE - z->state->sub.check.need = (uLong)NEXTBYTE << 24; - z->state->mode = DICT3; - case DICT3: - NEEDBYTE - z->state->sub.check.need += (uLong)NEXTBYTE << 16; - z->state->mode = DICT2; - case DICT2: - NEEDBYTE - z->state->sub.check.need += (uLong)NEXTBYTE << 8; - z->state->mode = DICT1; - case DICT1: - NEEDBYTE - z->state->sub.check.need += (uLong)NEXTBYTE; - z->adler = z->state->sub.check.need; - z->state->mode = DICT0; - return Z_NEED_DICT; - case DICT0: - z->state->mode = BAD; - z->msg = (char*)"need dictionary"; - z->state->sub.marker = 0; /* can try inflateSync */ - return Z_STREAM_ERROR; - case BLOCKS: - r = inflate_blocks(z->state->blocks, z, r); - if (r == Z_DATA_ERROR) - { - z->state->mode = BAD; - z->state->sub.marker = 0; /* can try inflateSync */ - break; - } - if (r != Z_STREAM_END) - return r; - r = Z_OK; - inflate_blocks_reset(z->state->blocks, z, &z->state->sub.check.was); - if (z->state->nowrap) - { - z->state->mode = DONE; - break; - } - z->state->mode = CHECK4; - case CHECK4: - NEEDBYTE - z->state->sub.check.need = (uLong)NEXTBYTE << 24; - z->state->mode = CHECK3; - case CHECK3: - NEEDBYTE - z->state->sub.check.need += (uLong)NEXTBYTE << 16; - z->state->mode = CHECK2; - case CHECK2: - NEEDBYTE - z->state->sub.check.need += (uLong)NEXTBYTE << 8; - z->state->mode = CHECK1; - case CHECK1: - NEEDBYTE - z->state->sub.check.need += (uLong)NEXTBYTE; - - if (z->state->sub.check.was != z->state->sub.check.need) - { - z->state->mode = BAD; - z->msg = (char*)"incorrect data check"; - z->state->sub.marker = 5; /* can't try inflateSync */ - break; - } - Trace((stderr, "inflate: zlib check ok\n")); - z->state->mode = DONE; - case DONE: - return Z_STREAM_END; - case BAD: - return Z_DATA_ERROR; - default: - return Z_STREAM_ERROR; - } -} - - -PR_PUBLIC_API(int) inflateSetDictionary(z, dictionary, dictLength) -z_streamp z; -const Bytef *dictionary; -uInt dictLength; -{ - uInt length = dictLength; - - if (z == Z_NULL || z->state == Z_NULL || z->state->mode != DICT0) - return Z_STREAM_ERROR; - - if (adler32(1L, dictionary, dictLength) != z->adler) return Z_DATA_ERROR; - z->adler = 1L; - - if (length >= ((uInt)1<<z->state->wbits)) - { - length = (1<<z->state->wbits)-1; - dictionary += dictLength - length; - } - inflate_set_dictionary(z->state->blocks, dictionary, length); - z->state->mode = BLOCKS; - return Z_OK; -} - - -PR_PUBLIC_API(int) inflateSync(z) -z_streamp z; -{ - uInt n; /* number of bytes to look at */ - Bytef *p; /* pointer to bytes */ - uInt m; /* number of marker bytes found in a row */ - uLong r, w; /* temporaries to save total_in and total_out */ - - /* set up */ - if (z == Z_NULL || z->state == Z_NULL) - return Z_STREAM_ERROR; - if (z->state->mode != BAD) - { - z->state->mode = BAD; - z->state->sub.marker = 0; - } - if ((n = z->avail_in) == 0) - return Z_BUF_ERROR; - p = z->next_in; - m = z->state->sub.marker; - - /* search */ - while (n && m < 4) - { - if (*p == (Byte)(m < 2 ? 0 : 0xff)) - m++; - else if (*p) - m = 0; - else - m = 4 - m; - p++, n--; - } - - /* restore */ - z->total_in += p - z->next_in; - z->next_in = p; - z->avail_in = n; - z->state->sub.marker = m; - - /* return no joy or set up to restart on a new block */ - if (m != 4) - return Z_DATA_ERROR; - r = z->total_in; w = z->total_out; - inflateReset(z); - z->total_in = r; z->total_out = w; - z->state->mode = BLOCKS; - return Z_OK; -} diff --git a/security/nss/cmd/zlib/inftrees.c b/security/nss/cmd/zlib/inftrees.c deleted file mode 100644 index 91dc00375..000000000 --- a/security/nss/cmd/zlib/inftrees.c +++ /dev/null @@ -1,479 +0,0 @@ -/* inftrees.c -- generate Huffman trees for efficient decoding - * Copyright (C) 1995-1996 Mark Adler - * For conditions of distribution and use, see copyright notice in zlib.h - */ -/* This file was modified since it was taken from the zlib distribution */ - -#include "zutil.h" -#include "inftrees.h" - -char inflate_copyright[] = " inflate 1.0.4 Copyright 1995-1996 Mark Adler "; -/* - If you use the zlib library in a product, an acknowledgment is welcome - in the documentation of your product. If for some reason you cannot - include such an acknowledgment, I would appreciate that you keep this - copyright string in the executable of your product. - */ -struct internal_state {int dummy;}; /* for buggy compilers */ - -/* simplify the use of the inflate_huft type with some defines */ -#define base more.Base -#define next more.Next -#define exop word.what.Exop -#define bits word.what.Bits - - -local int huft_build OF(( - uIntf *, /* code lengths in bits */ - uInt, /* number of codes */ - uInt, /* number of "simple" codes */ - uIntf *, /* list of base values for non-simple codes */ - uIntf *, /* list of extra bits for non-simple codes */ - inflate_huft * FAR*,/* result: starting table */ - uIntf *, /* maximum lookup bits (returns actual) */ - z_streamp )); /* for zalloc function */ - -local voidpf falloc OF(( - voidpf, /* opaque pointer (not used) */ - uInt, /* number of items */ - uInt)); /* size of item */ - -/* Tables for deflate from PKZIP's appnote.txt. */ -local uInt cplens[31] = { /* Copy lengths for literal codes 257..285 */ - 3, 4, 5, 6, 7, 8, 9, 10, 11, 13, 15, 17, 19, 23, 27, 31, - 35, 43, 51, 59, 67, 83, 99, 115, 131, 163, 195, 227, 258, 0, 0}; - /* see note #13 above about 258 */ -local uInt cplext[31] = { /* Extra bits for literal codes 257..285 */ - 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 2, 2, 2, 2, - 3, 3, 3, 3, 4, 4, 4, 4, 5, 5, 5, 5, 0, 112, 112}; /* 112==invalid */ -local uInt cpdist[30] = { /* Copy offsets for distance codes 0..29 */ - 1, 2, 3, 4, 5, 7, 9, 13, 17, 25, 33, 49, 65, 97, 129, 193, - 257, 385, 513, 769, 1025, 1537, 2049, 3073, 4097, 6145, - 8193, 12289, 16385, 24577}; -local uInt cpdext[30] = { /* Extra bits for distance codes */ - 0, 0, 0, 0, 1, 1, 2, 2, 3, 3, 4, 4, 5, 5, 6, 6, - 7, 7, 8, 8, 9, 9, 10, 10, 11, 11, - 12, 12, 13, 13}; - -/* - Huffman code decoding is performed using a multi-level table lookup. - The fastest way to decode is to simply build a lookup table whose - size is determined by the longest code. However, the time it takes - to build this table can also be a factor if the data being decoded - is not very long. The most common codes are necessarily the - shortest codes, so those codes dominate the decoding time, and hence - the speed. The idea is you can have a shorter table that decodes the - shorter, more probable codes, and then point to subsidiary tables for - the longer codes. The time it costs to decode the longer codes is - then traded against the time it takes to make longer tables. - - This results of this trade are in the variables lbits and dbits - below. lbits is the number of bits the first level table for literal/ - length codes can decode in one step, and dbits is the same thing for - the distance codes. Subsequent tables are also less than or equal to - those sizes. These values may be adjusted either when all of the - codes are shorter than that, in which case the longest code length in - bits is used, or when the shortest code is *longer* than the requested - table size, in which case the length of the shortest code in bits is - used. - - There are two different values for the two tables, since they code a - different number of possibilities each. The literal/length table - codes 286 possible values, or in a flat code, a little over eight - bits. The distance table codes 30 possible values, or a little less - than five bits, flat. The optimum values for speed end up being - about one bit more than those, so lbits is 8+1 and dbits is 5+1. - The optimum values may differ though from machine to machine, and - possibly even between compilers. Your mileage may vary. - */ - - -/* If BMAX needs to be larger than 16, then h and x[] should be uLong. */ -#define BMAX 15 /* maximum bit length of any code */ -#define N_MAX 288 /* maximum number of codes in any set */ - -#ifdef DEBUG - uInt inflate_hufts; -#endif - -local int huft_build(b, n, s, d, e, t, m, zs) -uIntf *b; /* code lengths in bits (all assumed <= BMAX) */ -uInt n; /* number of codes (assumed <= N_MAX) */ -uInt s; /* number of simple-valued codes (0..s-1) */ -uIntf *d; /* list of base values for non-simple codes */ -uIntf *e; /* list of extra bits for non-simple codes */ -inflate_huft * FAR *t; /* result: starting table */ -uIntf *m; /* maximum lookup bits, returns actual */ -z_streamp zs; /* for zalloc function */ -/* Given a list of code lengths and a maximum table size, make a set of - tables to decode that set of codes. Return Z_OK on success, Z_BUF_ERROR - if the given code set is incomplete (the tables are still built in this - case), Z_DATA_ERROR if the input is invalid (an over-subscribed set of - set of lengths), or Z_MEM_ERROR if not enough memory. */ -{ - - uInt a; /* counter for codes of length k */ - uInt c[BMAX+1]; /* bit length count table */ - uInt f; /* i repeats in table every f entries */ - int g; /* maximum code length */ - int h; /* table level */ - register uInt i; /* counter, current code */ - register uInt j; /* counter */ - register int k; /* number of bits in current code */ - int l; /* bits per table (returned in m) */ - register uIntf *p; /* pointer into c[], b[], or v[] */ - inflate_huft *q; /* points to current table */ - struct inflate_huft_s r; /* table entry for structure assignment */ - inflate_huft *u[BMAX]; /* table stack */ - uInt v[N_MAX]; /* values in order of bit length */ - register int w; /* bits before this table == (l * h) */ - uInt x[BMAX+1]; /* bit offsets, then code stack */ - uIntf *xp; /* pointer into x */ - int y; /* number of dummy codes added */ - uInt z; /* number of entries in current table */ - - - /* Generate counts for each bit length */ - p = c; -#define C0 *p++ = 0; -#define C2 C0 C0 C0 C0 -#define C4 C2 C2 C2 C2 - C4 /* clear c[]--assume BMAX+1 is 16 */ - p = b; i = n; - do { - c[*p++]++; /* assume all entries <= BMAX */ - } while (--i); - if (c[0] == n) /* null input--all zero length codes */ - { - *t = (inflate_huft *)Z_NULL; - *m = 0; - return Z_OK; - } - - - /* Find minimum and maximum length, bound *m by those */ - l = *m; - for (j = 1; j <= BMAX; j++) - if (c[j]) - break; - k = j; /* minimum code length */ - if ((uInt)l < j) - l = j; - for (i = BMAX; i; i--) - if (c[i]) - break; - g = i; /* maximum code length */ - if ((uInt)l > i) - l = i; - *m = l; - - - /* Adjust last length count to fill out codes, if needed */ - for (y = 1 << j; j < i; j++, y <<= 1) - if ((y -= c[j]) < 0) - return Z_DATA_ERROR; - if ((y -= c[i]) < 0) - return Z_DATA_ERROR; - c[i] += y; - - - /* Generate starting offsets into the value table for each length */ - x[1] = j = 0; - p = c + 1; xp = x + 2; - while (--i) { /* note that i == g from above */ - *xp++ = (j += *p++); - } - - - /* Make a table of values in order of bit lengths */ - p = b; i = 0; - do { - if ((j = *p++) != 0) - v[x[j]++] = i; - } while (++i < n); - n = x[g]; /* set n to length of v */ - - - /* Generate the Huffman codes and for each, make the table entries */ - x[0] = i = 0; /* first Huffman code is zero */ - p = v; /* grab values in bit order */ - h = -1; /* no tables yet--level -1 */ - w = -l; /* bits decoded == (l * h) */ - u[0] = (inflate_huft *)Z_NULL; /* just to keep compilers happy */ - q = (inflate_huft *)Z_NULL; /* ditto */ - z = 0; /* ditto */ - - /* go through the bit lengths (k already is bits in shortest code) */ - for (; k <= g; k++) - { - a = c[k]; - while (a--) - { - /* here i is the Huffman code of length k bits for value *p */ - /* make tables up to required level */ - while (k > w + l) - { - h++; - w += l; /* previous table always l bits */ - - /* compute minimum size table less than or equal to l bits */ - z = g - w; - z = z > (uInt)l ? l : z; /* table size upper limit */ - if ((f = 1 << (j = k - w)) > a + 1) /* try a k-w bit table */ - { /* too few codes for k-w bit table */ - f -= a + 1; /* deduct codes from patterns left */ - xp = c + k; - if (j < z) - while (++j < z) /* try smaller tables up to z bits */ - { - if ((f <<= 1) <= *++xp) - break; /* enough codes to use up j bits */ - f -= *xp; /* else deduct codes from patterns */ - } - } - z = 1 << j; /* table entries for j-bit table */ - - /* allocate and link in new table */ - if ((q = (inflate_huft *)ZALLOC - (zs,z + 1,sizeof(inflate_huft))) == Z_NULL) - { - if (h) - inflate_trees_free(u[0], zs); - return Z_MEM_ERROR; /* not enough memory */ - } -#ifdef DEBUG - inflate_hufts += z + 1; -#endif - *t = q + 1; /* link to list for huft_free() */ - *(t = &(q->next)) = Z_NULL; - u[h] = ++q; /* table starts after link */ - - /* connect to last table, if there is one */ - if (h) - { - x[h] = i; /* save pattern for backing up */ - r.bits = (Byte)l; /* bits to dump before this table */ - r.exop = (Byte)j; /* bits in this table */ - r.next = q; /* pointer to this table */ - j = i >> (w - l); /* (get around Turbo C bug) */ - u[h-1][j] = r; /* connect to last table */ - } - } - - /* set up table entry in r */ - r.bits = (Byte)(k - w); - if (p >= v + n) - r.exop = 128 + 64; /* out of values--invalid code */ - else if (*p < s) - { - r.exop = (Byte)(*p < 256 ? 0 : 32 + 64); /* 256 is end-of-block */ - r.base = *p++; /* simple code is just the value */ - } - else - { - r.exop = (Byte)(e[*p - s] + 16 + 64);/* non-simple--look up in lists */ - r.base = d[*p++ - s]; - } - - /* fill code-like entries with r */ - f = 1 << (k - w); - for (j = i >> w; j < z; j += f) - q[j] = r; - - /* backwards increment the k-bit code i */ - for (j = 1 << (k - 1); i & j; j >>= 1) - i ^= j; - i ^= j; - - /* backup over finished tables */ - while ((i & ((1 << w) - 1)) != x[h]) - { - h--; /* don't need to update q */ - w -= l; - } - } - } - - - /* Return Z_BUF_ERROR if we were given an incomplete table */ - return y != 0 && g != 1 ? Z_BUF_ERROR : Z_OK; -} - - -int inflate_trees_bits(c, bb, tb, z) -uIntf *c; /* 19 code lengths */ -uIntf *bb; /* bits tree desired/actual depth */ -inflate_huft * FAR *tb; /* bits tree result */ -z_streamp z; /* for zfree function */ -{ - int r; - - r = huft_build(c, 19, 19, (uIntf*)Z_NULL, (uIntf*)Z_NULL, tb, bb, z); - if (r == Z_DATA_ERROR) - z->msg = (char*)"oversubscribed dynamic bit lengths tree"; - else if (r == Z_BUF_ERROR || *bb == 0) - { - inflate_trees_free(*tb, z); - z->msg = (char*)"incomplete dynamic bit lengths tree"; - r = Z_DATA_ERROR; - } - return r; -} - - -int inflate_trees_dynamic(nl, nd, c, bl, bd, tl, td, z) -uInt nl; /* number of literal/length codes */ -uInt nd; /* number of distance codes */ -uIntf *c; /* that many (total) code lengths */ -uIntf *bl; /* literal desired/actual bit depth */ -uIntf *bd; /* distance desired/actual bit depth */ -inflate_huft * FAR *tl; /* literal/length tree result */ -inflate_huft * FAR *td; /* distance tree result */ -z_streamp z; /* for zfree function */ -{ - int r; - - /* build literal/length tree */ - r = huft_build(c, nl, 257, cplens, cplext, tl, bl, z); - if (r != Z_OK || *bl == 0) - { - if (r == Z_DATA_ERROR) - z->msg = (char*)"oversubscribed literal/length tree"; - else if (r != Z_MEM_ERROR) - { - inflate_trees_free(*tl, z); - z->msg = (char*)"incomplete literal/length tree"; - r = Z_DATA_ERROR; - } - return r; - } - - /* build distance tree */ - r = huft_build(c + nl, nd, 0, cpdist, cpdext, td, bd, z); - if (r != Z_OK || (*bd == 0 && nl > 257)) - { - if (r == Z_DATA_ERROR) - z->msg = (char*)"oversubscribed literal/length tree"; - else if (r == Z_BUF_ERROR) { -#ifdef PKZIP_BUG_WORKAROUND - r = Z_OK; - } -#else - inflate_trees_free(*td, z); - z->msg = (char*)"incomplete distance tree"; - r = Z_DATA_ERROR; - } - else if (r != Z_MEM_ERROR) - { - z->msg = (char*)"empty distance tree with lengths"; - r = Z_DATA_ERROR; - } - inflate_trees_free(*tl, z); - return r; -#endif - } - - /* done */ - return Z_OK; -} - - -/* build fixed tables only once--keep them here */ -local int fixed_built = 0; -#define FIXEDH 530 /* number of hufts used by fixed tables */ -local inflate_huft fixed_mem[FIXEDH]; -local uInt fixed_bl; -local uInt fixed_bd; -local inflate_huft *fixed_tl; -local inflate_huft *fixed_td; - - -local voidpf falloc(q, n, s) -voidpf q; /* opaque pointer */ -uInt n; /* number of items */ -uInt s; /* size of item */ -{ - Assert(s == sizeof(inflate_huft) && n <= *(intf *)q, - "inflate_trees falloc overflow"); - *(intf *)q -= n+s-s; /* s-s to avoid warning */ - return (voidpf)(fixed_mem + *(intf *)q); -} - - -int inflate_trees_fixed(bl, bd, tl, td) -uIntf *bl; /* literal desired/actual bit depth */ -uIntf *bd; /* distance desired/actual bit depth */ -inflate_huft * FAR *tl; /* literal/length tree result */ -inflate_huft * FAR *td; /* distance tree result */ -{ - /* build fixed tables if not already (multiple overlapped executions ok) */ - if (!fixed_built) - { - int k; /* temporary variable */ - unsigned c[288]; /* length list for huft_build */ - z_stream z; /* for falloc function */ - int f = FIXEDH; /* number of hufts left in fixed_mem */ - - /* set up fake z_stream for memory routines */ - z.zalloc = falloc; - z.zfree = Z_NULL; - z.opaque = (voidpf)&f; - - /* literal table */ - for (k = 0; k < 144; k++) - c[k] = 8; - for (; k < 256; k++) - c[k] = 9; - for (; k < 280; k++) - c[k] = 7; - for (; k < 288; k++) - c[k] = 8; - fixed_bl = 7; - huft_build(c, 288, 257, cplens, cplext, &fixed_tl, &fixed_bl, &z); - - /* distance table */ - for (k = 0; k < 30; k++) - c[k] = 5; - fixed_bd = 5; - huft_build(c, 30, 0, cpdist, cpdext, &fixed_td, &fixed_bd, &z); - - /* done */ - Assert(f == 0, "invalid build of fixed tables"); - fixed_built = 1; - } - *bl = fixed_bl; - *bd = fixed_bd; - *tl = fixed_tl; - *td = fixed_td; - return Z_OK; -} - - -int inflate_trees_free(t, z) -inflate_huft *t; /* table to free */ -z_streamp z; /* for zfree function */ -/* Free the malloc'ed tables built by huft_build(), which makes a linked - list of the tables it made, with the links in a dummy first entry of - each table. */ -{ - register inflate_huft *p, *q, *r; - - /* Reverse linked list */ - p = Z_NULL; - q = t; - while (q != Z_NULL) - { - r = (q - 1)->next; - (q - 1)->next = p; - p = q; - q = r; - } - /* Go through linked list, freeing from the malloced (t[-1]) address. */ - while (p != Z_NULL) - { - q = (--p)->next; - ZFREE(z,p); - p = q; - } - return Z_OK; -} diff --git a/security/nss/cmd/zlib/inftrees.h b/security/nss/cmd/zlib/inftrees.h deleted file mode 100644 index b06613ddd..000000000 --- a/security/nss/cmd/zlib/inftrees.h +++ /dev/null @@ -1,59 +0,0 @@ -/* inftrees.h -- header to use inftrees.c - * Copyright (C) 1995-1996 Mark Adler - * For conditions of distribution and use, see copyright notice in zlib.h - */ - -/* WARNING: this file should *not* be used by applications. It is - part of the implementation of the compression library and is - subject to change. Applications should only use zlib.h. - */ - -/* Huffman code lookup table entry--this entry is four bytes for machines - that have 16-bit pointers (e.g. PC's in the small or medium model). */ - -typedef struct inflate_huft_s FAR inflate_huft; - -struct inflate_huft_s { - union { - struct { - Byte Exop; /* number of extra bits or operation */ - Byte Bits; /* number of bits in this code or subcode */ - } what; - Bytef *pad; /* pad structure to a power of 2 (4 bytes for */ - } word; /* 16-bit, 8 bytes for 32-bit machines) */ - union { - uInt Base; /* literal, length base, or distance base */ - inflate_huft *Next; /* pointer to next level of table */ - } more; -}; - -#ifdef DEBUG - extern uInt inflate_hufts; -#endif - -extern int inflate_trees_bits OF(( - uIntf *, /* 19 code lengths */ - uIntf *, /* bits tree desired/actual depth */ - inflate_huft * FAR *, /* bits tree result */ - z_streamp )); /* for zalloc, zfree functions */ - -extern int inflate_trees_dynamic OF(( - uInt, /* number of literal/length codes */ - uInt, /* number of distance codes */ - uIntf *, /* that many (total) code lengths */ - uIntf *, /* literal desired/actual bit depth */ - uIntf *, /* distance desired/actual bit depth */ - inflate_huft * FAR *, /* literal/length tree result */ - inflate_huft * FAR *, /* distance tree result */ - z_streamp )); /* for zalloc, zfree functions */ - -extern int inflate_trees_fixed OF(( - uIntf *, /* literal desired/actual bit depth */ - uIntf *, /* distance desired/actual bit depth */ - inflate_huft * FAR *, /* literal/length tree result */ - inflate_huft * FAR *)); /* distance tree result */ - -extern int inflate_trees_free OF(( - inflate_huft *, /* tables to free */ - z_streamp )); /* for zfree function */ - diff --git a/security/nss/cmd/zlib/infutil.c b/security/nss/cmd/zlib/infutil.c deleted file mode 100644 index eb21199c3..000000000 --- a/security/nss/cmd/zlib/infutil.c +++ /dev/null @@ -1,87 +0,0 @@ -/* inflate_util.c -- data and routines common to blocks and codes - * Copyright (C) 1995-1996 Mark Adler - * For conditions of distribution and use, see copyright notice in zlib.h - */ - -#include "zutil.h" -#include "infblock.h" -#include "inftrees.h" -#include "infcodes.h" -#include "infutil.h" - -struct inflate_codes_state {int dummy;}; /* for buggy compilers */ - -/* And'ing with mask[n] masks the lower n bits */ -uInt inflate_mask[17] = { - 0x0000, - 0x0001, 0x0003, 0x0007, 0x000f, 0x001f, 0x003f, 0x007f, 0x00ff, - 0x01ff, 0x03ff, 0x07ff, 0x0fff, 0x1fff, 0x3fff, 0x7fff, 0xffff -}; - - -/* copy as much as possible from the sliding window to the output area */ -int inflate_flush(s, z, r) -inflate_blocks_statef *s; -z_streamp z; -int r; -{ - uInt n; - Bytef *p; - Bytef *q; - - /* local copies of source and destination pointers */ - p = z->next_out; - q = s->read; - - /* compute number of bytes to copy as far as end of window */ - n = (uInt)((q <= s->write ? s->write : s->end) - q); - if (n > z->avail_out) n = z->avail_out; - if (n && r == Z_BUF_ERROR) r = Z_OK; - - /* update counters */ - z->avail_out -= n; - z->total_out += n; - - /* update check information */ - if (s->checkfn != Z_NULL) - z->adler = s->check = (*s->checkfn)(s->check, q, n); - - /* copy as far as end of window */ - zmemcpy(p, q, n); - p += n; - q += n; - - /* see if more to copy at beginning of window */ - if (q == s->end) - { - /* wrap pointers */ - q = s->window; - if (s->write == s->end) - s->write = s->window; - - /* compute bytes to copy */ - n = (uInt)(s->write - q); - if (n > z->avail_out) n = z->avail_out; - if (n && r == Z_BUF_ERROR) r = Z_OK; - - /* update counters */ - z->avail_out -= n; - z->total_out += n; - - /* update check information */ - if (s->checkfn != Z_NULL) - z->adler = s->check = (*s->checkfn)(s->check, q, n); - - /* copy */ - zmemcpy(p, q, n); - p += n; - q += n; - } - - /* update pointers */ - z->next_out = p; - s->read = q; - - /* done */ - return r; -} diff --git a/security/nss/cmd/zlib/infutil.h b/security/nss/cmd/zlib/infutil.h deleted file mode 100644 index 702cd290c..000000000 --- a/security/nss/cmd/zlib/infutil.h +++ /dev/null @@ -1,99 +0,0 @@ -/* infutil.h -- types and macros common to blocks and codes - * Copyright (C) 1995-1996 Mark Adler - * For conditions of distribution and use, see copyright notice in zlib.h - */ - -/* WARNING: this file should *not* be used by applications. It is - part of the implementation of the compression library and is - subject to change. Applications should only use zlib.h. - */ - -#ifndef _INFUTIL_H -#define _INFUTIL_H - -typedef enum { - TYPE, /* get type bits (3, including end bit) */ - LENS, /* get lengths for stored */ - STORED, /* processing stored block */ - TABLE, /* get table lengths */ - BTREE, /* get bit lengths tree for a dynamic block */ - DTREE, /* get length, distance trees for a dynamic block */ - CODES, /* processing fixed or dynamic block */ - DRY, /* output remaining window bytes */ - DONE, /* finished last block, done */ - BAD} /* got a data error--stuck here */ -inflate_block_mode; - -/* inflate blocks semi-private state */ -struct inflate_blocks_state { - - /* mode */ - inflate_block_mode mode; /* current inflate_block mode */ - - /* mode dependent information */ - union { - uInt left; /* if STORED, bytes left to copy */ - struct { - uInt table; /* table lengths (14 bits) */ - uInt index; /* index into blens (or border) */ - uIntf *blens; /* bit lengths of codes */ - uInt bb; /* bit length tree depth */ - inflate_huft *tb; /* bit length decoding tree */ - } trees; /* if DTREE, decoding info for trees */ - struct { - inflate_huft *tl; - inflate_huft *td; /* trees to free */ - inflate_codes_statef - *codes; - } decode; /* if CODES, current state */ - } sub; /* submode */ - uInt last; /* true if this block is the last block */ - - /* mode independent information */ - uInt bitk; /* bits in bit buffer */ - uLong bitb; /* bit buffer */ - Bytef *window; /* sliding window */ - Bytef *end; /* one byte after sliding window */ - Bytef *read; /* window read pointer */ - Bytef *write; /* window write pointer */ - check_func checkfn; /* check function */ - uLong check; /* check on output */ - -}; - - -/* defines for inflate input/output */ -/* update pointers and return */ -#define UPDBITS {s->bitb=b;s->bitk=k;} -#define UPDIN {z->avail_in=n;z->total_in+=p-z->next_in;z->next_in=p;} -#define UPDOUT {s->write=q;} -#define UPDATE {UPDBITS UPDIN UPDOUT} -#define LEAVE {UPDATE return inflate_flush(s,z,r);} -/* get bytes and bits */ -#define LOADIN {p=z->next_in;n=z->avail_in;b=s->bitb;k=s->bitk;} -#define NEEDBYTE {if(n)r=Z_OK;else LEAVE} -#define NEXTBYTE (n--,*p++) -#define NEEDBITS(j) {while(k<(j)){NEEDBYTE;b|=((uLong)NEXTBYTE)<<k;k+=8;}} -#define DUMPBITS(j) {b>>=(j);k-=(j);} -/* output bytes */ -#define WAVAIL (uInt)(q<s->read?s->read-q-1:s->end-q) -#define LOADOUT {q=s->write;m=(uInt)WAVAIL;} -#define WRAP {if(q==s->end&&s->read!=s->window){q=s->window;m=(uInt)WAVAIL;}} -#define FLUSH {UPDOUT r=inflate_flush(s,z,r); LOADOUT} -#define NEEDOUT {if(m==0){WRAP if(m==0){FLUSH WRAP if(m==0) LEAVE}}r=Z_OK;} -#define OUTBYTE(a) {*q++=(Byte)(a);m--;} -/* load local pointers */ -#define LOAD {LOADIN LOADOUT} - -/* masks for lower bits (size given to avoid silly warnings with Visual C++) */ -extern uInt inflate_mask[17]; - -/* copy as much as possible from the sliding window to the output area */ -extern int inflate_flush OF(( - inflate_blocks_statef *, - z_streamp , - int)); - -struct internal_state {int dummy;}; /* for buggy compilers */ - -#endif diff --git a/security/nss/cmd/zlib/makefile.win b/security/nss/cmd/zlib/makefile.win deleted file mode 100644 index 0f87b40b8..000000000 --- a/security/nss/cmd/zlib/makefile.win +++ /dev/null @@ -1,91 +0,0 @@ -NODEPEND=1 -IGNORE_MANIFEST = 1 - -#//------------------------------------------------------------------------ -#// -# New build system where zip dll is build indepenant of java stubs. -#// -#//------------------------------------------------------------------------ -MODULE = zlib -EXPORTS = \ - zlib.h \ - zconf.h \ - $(NULL) - - -#//------------------------------------------------------------------------ -#// -#// Specify the depth of the current directory relative to the -#// root of NS -#// -#//------------------------------------------------------------------------ -DEPTH= ..\..\..\ - -MAKE_OBJ_TYPE=DLL -#//------------------------------------------------------------------------ -#// -#// Define any Public Make Variables here: (ie. PDFFILE, MAPFILE, ...) -#// -#//------------------------------------------------------------------------ -DLLNAME=$(ZIPDLL) -PDBFILE=$(MOD_ZIP).pdb -MAPFILE=$(MOD_ZIP).map -!if "$(MOZ_BITS)" == "16" -DEFFILE=zip16.def -!endif -#RESFILE=zip.res - -#//------------------------------------------------------------------------ -#// -#// Define the files necessary to build the target (ie. OBJS) -#// -#//------------------------------------------------------------------------ -OBJS= \ - .\$(OBJDIR)\adler32.obj \ - .\$(OBJDIR)\compress.obj \ - .\$(OBJDIR)\crc32.obj \ - .\$(OBJDIR)\deflate.obj \ - .\$(OBJDIR)\gzio.obj \ - .\$(OBJDIR)\infblock.obj \ - .\$(OBJDIR)\infcodes.obj \ - .\$(OBJDIR)\inffast.obj \ - .\$(OBJDIR)\inflate.obj \ - .\$(OBJDIR)\inftrees.obj \ - .\$(OBJDIR)\infutil.obj \ - .\$(OBJDIR)\trees.obj \ - .\$(OBJDIR)\uncompr.obj \ - .\$(OBJDIR)\zutil.obj \ - $(NULL) - -#//------------------------------------------------------------------------ -#// -#// Define any Public Targets here (ie. PROGRAM, LIBRARY, DLL, ...) -#// (these must be defined before the common makefiles are included) -#// -#//------------------------------------------------------------------------ - -DLL=.\$(OBJDIR)\$(DLLNAME) -MAPFILE= $(MOD_ZIP).map - - -#//------------------------------------------------------------------------ -#// -#// Define any local options for the make tools -#// (ie. LCFLAGS, LLFLAGS, LLIBS, LINCS) -#// -#//------------------------------------------------------------------------ -LLIBS=$(LLIBS) $(LIBNSPR) -LINCS=$(LINCS) -I. -I_gen -# clobber and clobber_all will remove the following garbage: -GARBAGE = $(GARBAGE) _gen - -#//------------------------------------------------------------------------ -#// -#// Include the common makefile rules -#// -#//------------------------------------------------------------------------ -include <$(DEPTH)/sun-java/config/rules.mak> - -export:: $(DLL) - $(MAKE_INSTALL) .\$(OBJDIR)\$(DLLNAME) $(DIST)\bin - $(MAKE_INSTALL) .\$(OBJDIR)\$(MOD_ZIP).lib $(DIST)\lib diff --git a/security/nss/cmd/zlib/maketree.c b/security/nss/cmd/zlib/maketree.c deleted file mode 100644 index a16d4b146..000000000 --- a/security/nss/cmd/zlib/maketree.c +++ /dev/null @@ -1,85 +0,0 @@ -/* maketree.c -- make inffixed.h table for decoding fixed codes - * Copyright (C) 1995-2002 Mark Adler - * For conditions of distribution and use, see copyright notice in zlib.h - */ - -/* WARNING: this file should *not* be used by applications. It is - part of the implementation of the compression library and is - subject to change. Applications should only use zlib.h. - */ - -/* This program is included in the distribution for completeness. - You do not need to compile or run this program since inffixed.h - is already included in the distribution. To use this program - you need to compile zlib with BUILDFIXED defined and then compile - and link this program with the zlib library. Then the output of - this program can be piped to inffixed.h. */ - -#include <stdio.h> -#include <stdlib.h> -#include "zutil.h" -#include "inftrees.h" - -/* simplify the use of the inflate_huft type with some defines */ -#define exop word.what.Exop -#define bits word.what.Bits - -/* generate initialization table for an inflate_huft structure array */ -void maketree(uInt b, inflate_huft *t) -{ - int i, e; - - i = 0; - while (1) - { - e = t[i].exop; - if (e && (e & (16+64)) == 0) /* table pointer */ - { - fprintf(stderr, "maketree: cannot initialize sub-tables!\n"); - exit(1); - } - if (i % 4 == 0) - printf("\n "); - printf(" {{{%u,%u}},%u}", t[i].exop, t[i].bits, t[i].base); - if (++i == (1<<b)) - break; - putchar(','); - } - puts(""); -} - -/* create the fixed tables in C initialization syntax */ -void main(void) -{ - int r; - uInt bl, bd; - inflate_huft *tl, *td; - z_stream z; - - z.zalloc = zcalloc; - z.opaque = (voidpf)0; - z.zfree = zcfree; - r = inflate_trees_fixed(&bl, &bd, &tl, &td, &z); - if (r) - { - fprintf(stderr, "inflate_trees_fixed error %d\n", r); - return; - } - puts("/* inffixed.h -- table for decoding fixed codes"); - puts(" * Generated automatically by the maketree.c program"); - puts(" */"); - puts(""); - puts("/* WARNING: this file should *not* be used by applications. It is"); - puts(" part of the implementation of the compression library and is"); - puts(" subject to change. Applications should only use zlib.h."); - puts(" */"); - puts(""); - printf("local uInt fixed_bl = %d;\n", bl); - printf("local uInt fixed_bd = %d;\n", bd); - printf("local inflate_huft fixed_tl[] = {"); - maketree(bl, tl); - puts(" };"); - printf("local inflate_huft fixed_td[] = {"); - maketree(bd, td); - puts(" };"); -} diff --git a/security/nss/cmd/zlib/manifest.mn b/security/nss/cmd/zlib/manifest.mn deleted file mode 100644 index 13460377c..000000000 --- a/security/nss/cmd/zlib/manifest.mn +++ /dev/null @@ -1,60 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -CORE_DEPTH = ../../.. - -MODULE = seccmd - -EXPORTS = zlib.h zconf.h - -CSRCS = adler32.c \ - crc32.c \ - compress.c \ - uncompr.c \ - deflate.c \ - trees.c \ - zutil.c \ - inflate.c \ - infblock.c \ - inftrees.c \ - infcodes.c \ - infutil.c \ - inffast.c \ - $(NULL) - -LIBRARY_NAME = zlib - -# REQUIRES = nss - -DEFINES = -DNSPR20=1 -DMOZILLA_CLIENT=1 - diff --git a/security/nss/cmd/zlib/minigzip.c b/security/nss/cmd/zlib/minigzip.c deleted file mode 100644 index 60a48a12d..000000000 --- a/security/nss/cmd/zlib/minigzip.c +++ /dev/null @@ -1,246 +0,0 @@ -/* minigzip.c -- simulate gzip using the zlib compression library - * Copyright (C) 1995-1996 Jean-loup Gailly. - * For conditions of distribution and use, see copyright notice in zlib.h - */ - -/* - * minigzip is a minimal implementation of the gzip utility. This is - * only an example of using zlib and isn't meant to replace the - * full-featured gzip. No attempt is made to deal with file systems - * limiting names to 14 or 8+3 characters, etc... Error checking is - * very limited. So use minigzip only for testing; use gzip for the - * real thing. On MSDOS, use only on file names without extension - * or in pipe mode. - */ - -/* $Id$ */ - -#include <stdio.h> -#include "zlib.h" - -#ifdef STDC -# include <string.h> -# include <stdlib.h> -#else - extern void exit OF((int)); -#endif - - -#if defined(MSDOS) || defined(OS2) || defined(WIN32) -# include <fcntl.h> -# include <io.h> -# define SET_BINARY_MODE(file) setmode(fileno(file), O_BINARY) -#else -# define SET_BINARY_MODE(file) -#endif - -#ifdef VMS -# define unlink delete -# define GZ_SUFFIX "-gz" -#endif -#ifdef RISCOS -# define unlink remove -# define GZ_SUFFIX "-gz" -# define fileno(file) file->__file -#endif - -#ifndef GZ_SUFFIX -# define GZ_SUFFIX ".gz" -#endif -#define SUFFIX_LEN sizeof(GZ_SUFFIX) - -extern int unlink OF((const char *)); - -#define BUFLEN 4096 -#define MAX_NAME_LEN 1024 - -#define local static -/* For MSDOS and other systems with limitation on stack size. For Unix, - #define local - works also. - */ - -char *prog; - -void error OF((const char *msg)); -void gz_compress OF((FILE *in, gzFile out)); -void gz_uncompress OF((gzFile in, FILE *out)); -void file_compress OF((char *file)); -void file_uncompress OF((char *file)); -int main OF((int argc, char *argv[])); - -/* =========================================================================== - * Display error message and exit - */ -void error(msg) - const char *msg; -{ - fprintf(stderr, "%s: %s\n", prog, msg); - exit(1); -} - -/* =========================================================================== - * Compress input to output then close both files. - */ -void gz_compress(in, out) - FILE *in; - gzFile out; -{ - local char buf[BUFLEN]; - int len; - int err; - - for (;;) { - len = fread(buf, 1, sizeof(buf), in); - if (ferror(in)) { - perror("fread"); - exit(1); - } - if (len == 0) break; - - if (gzwrite(out, buf, (unsigned)len) != len) error(gzerror(out, &err)); - } - fclose(in); - if (gzclose(out) != Z_OK) error("failed gzclose"); -} - -/* =========================================================================== - * Uncompress input to output then close both files. - */ -void gz_uncompress(in, out) - gzFile in; - FILE *out; -{ - local char buf[BUFLEN]; - int len; - int err; - - for (;;) { - len = gzread(in, buf, sizeof(buf)); - if (len < 0) error (gzerror(in, &err)); - if (len == 0) break; - - if ((int)fwrite(buf, 1, (unsigned)len, out) != len) { - error("failed fwrite"); - } - } - if (fclose(out)) error("failed fclose"); - - if (gzclose(in) != Z_OK) error("failed gzclose"); -} - - -/* =========================================================================== - * Compress the given file: create a corresponding .gz file and remove the - * original. - */ -void file_compress(file) - char *file; -{ - local char outfile[MAX_NAME_LEN]; - FILE *in; - gzFile out; - - strcpy(outfile, file); - strcat(outfile, GZ_SUFFIX); - - in = fopen(file, "rb"); - if (in == NULL) { - perror(file); - exit(1); - } - out = gzopen(outfile, "wb"); /* use "wb9" for maximal compression */ - if (out == NULL) { - fprintf(stderr, "%s: can't gzopen %s\n", prog, outfile); - exit(1); - } - gz_compress(in, out); - - unlink(file); -} - - -/* =========================================================================== - * Uncompress the given file and remove the original. - */ -void file_uncompress(file) - char *file; -{ - local char buf[MAX_NAME_LEN]; - char *infile, *outfile; - FILE *out; - gzFile in; - int len = strlen(file); - - strcpy(buf, file); - - if (len > SUFFIX_LEN && strcmp(file+len-SUFFIX_LEN, GZ_SUFFIX) == 0) { - infile = file; - outfile = buf; - outfile[len-3] = '\0'; - } else { - outfile = file; - infile = buf; - strcat(infile, GZ_SUFFIX); - } - in = gzopen(infile, "rb"); - if (in == NULL) { - fprintf(stderr, "%s: can't gzopen %s\n", prog, infile); - exit(1); - } - out = fopen(outfile, "wb"); - if (out == NULL) { - perror(file); - exit(1); - } - - gz_uncompress(in, out); - - unlink(infile); -} - - -/* =========================================================================== - * Usage: minigzip [-d] [files...] - */ - -int main(argc, argv) - int argc; - char *argv[]; -{ - int uncompr = 0; - gzFile file; - - prog = argv[0]; - argc--, argv++; - - if (argc > 0) { - uncompr = (strcmp(*argv, "-d") == 0); - if (uncompr) { - argc--, argv++; - } - } - if (argc == 0) { - SET_BINARY_MODE(stdin); - SET_BINARY_MODE(stdout); - if (uncompr) { - file = gzdopen(fileno(stdin), "rb"); - if (file == NULL) error("can't gzdopen stdin"); - gz_uncompress(file, stdout); - } else { - file = gzdopen(fileno(stdout), "wb"); /* "wb9" for max compr. */ - if (file == NULL) error("can't gzdopen stdout"); - gz_compress(stdin, file); - } - } else { - do { - if (uncompr) { - file_uncompress(*argv); - } else { - file_compress(*argv); - } - } while (argv++, --argc); - } - exit(0); - return 0; /* to avoid warning */ -} diff --git a/security/nss/cmd/zlib/netscape_mods.doc b/security/nss/cmd/zlib/netscape_mods.doc deleted file mode 100644 index c8a72d159..000000000 --- a/security/nss/cmd/zlib/netscape_mods.doc +++ /dev/null @@ -1,43 +0,0 @@ - -/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 2 -*- - * - * The contents of this file are subject to the Netscape Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/NPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is mozilla.org code. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1998 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - */ - -Netscape Modifications to Zlib source - - - -Changes were made to the following files to -create a zlib dll: - - adler32.c - compress.c - crc32.c - deflate.c - gzio.c - inflate.c - uncompr.c - zutil.c - - -Various changes for cross platform builds -are clearly marked through out the source. - - diff --git a/security/nss/cmd/zlib/trees.c b/security/nss/cmd/zlib/trees.c deleted file mode 100644 index 84623d992..000000000 --- a/security/nss/cmd/zlib/trees.c +++ /dev/null @@ -1,1143 +0,0 @@ -/* trees.c -- output deflated data using Huffman coding - * Copyright (C) 1995-1996 Jean-loup Gailly - * For conditions of distribution and use, see copyright notice in zlib.h - */ -/* This file was modified since it was taken from the zlib distribution */ -/* - * ALGORITHM - * - * The "deflation" process uses several Huffman trees. The more - * common source values are represented by shorter bit sequences. - * - * Each code tree is stored in a compressed form which is itself - * a Huffman encoding of the lengths of all the code strings (in - * ascending order by source values). The actual code strings are - * reconstructed from the lengths in the inflate process, as described - * in the deflate specification. - * - * REFERENCES - * - * Deutsch, L.P.,"'Deflate' Compressed Data Format Specification". - * Available in ftp.uu.net:/pub/archiving/zip/doc/deflate-1.1.doc - * - * Storer, James A. - * Data Compression: Methods and Theory, pp. 49-50. - * Computer Science Press, 1988. ISBN 0-7167-8156-5. - * - * Sedgewick, R. - * Algorithms, p290. - * Addison-Wesley, 1983. ISBN 0-201-06672-6. - */ - -/* $Id$ */ - -#include "deflate.h" - -#ifdef DEBUG -# include <ctype.h> -#endif - -/* =========================================================================== - * Constants - */ - -#define MAX_BL_BITS 7 -/* Bit length codes must not exceed MAX_BL_BITS bits */ - -#define END_BLOCK 256 -/* end of block literal code */ - -#define REP_3_6 16 -/* repeat previous bit length 3-6 times (2 bits of repeat count) */ - -#define REPZ_3_10 17 -/* repeat a zero length 3-10 times (3 bits of repeat count) */ - -#define REPZ_11_138 18 -/* repeat a zero length 11-138 times (7 bits of repeat count) */ - -local int extra_lbits[LENGTH_CODES] /* extra bits for each length code */ - = {0,0,0,0,0,0,0,0,1,1,1,1,2,2,2,2,3,3,3,3,4,4,4,4,5,5,5,5,0}; - -local int extra_dbits[D_CODES] /* extra bits for each distance code */ - = {0,0,0,0,1,1,2,2,3,3,4,4,5,5,6,6,7,7,8,8,9,9,10,10,11,11,12,12,13,13}; - -local int extra_blbits[BL_CODES]/* extra bits for each bit length code */ - = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,3,7}; - -local uch bl_order[BL_CODES] - = {16,17,18,0,8,7,9,6,10,5,11,4,12,3,13,2,14,1,15}; -/* The lengths of the bit length codes are sent in order of decreasing - * probability, to avoid transmitting the lengths for unused bit length codes. - */ - -#define Buf_size (8 * 2*sizeof(char)) -/* Number of bits used within bi_buf. (bi_buf might be implemented on - * more than 16 bits on some systems.) - */ - -/* =========================================================================== - * Local data. These are initialized only once. - */ - -local ct_data static_ltree[L_CODES+2]; -/* The static literal tree. Since the bit lengths are imposed, there is no - * need for the L_CODES extra codes used during heap construction. However - * The codes 286 and 287 are needed to build a canonical tree (see _tr_init - * below). - */ - -local ct_data static_dtree[D_CODES]; -/* The static distance tree. (Actually a trivial tree since all codes use - * 5 bits.) - */ - -local uch dist_code[512]; -/* distance codes. The first 256 values correspond to the distances - * 3 .. 258, the last 256 values correspond to the top 8 bits of - * the 15 bit distances. - */ - -local uch length_code[MAX_MATCH-MIN_MATCH+1]; -/* length code for each normalized match length (0 == MIN_MATCH) */ - -local int base_length[LENGTH_CODES]; -/* First normalized length for each code (0 = MIN_MATCH) */ - -local int base_dist[D_CODES]; -/* First normalized distance for each code (0 = distance of 1) */ - -struct static_tree_desc_s { - ct_data *static_tree; /* static tree or NULL */ - intf *extra_bits; /* extra bits for each code or NULL */ - int extra_base; /* base index for extra_bits */ - int elems; /* max number of elements in the tree */ - int max_length; /* max bit length for the codes */ -}; - -local static_tree_desc static_l_desc = -{static_ltree, extra_lbits, LITERALS+1, L_CODES, MAX_BITS}; - -local static_tree_desc static_d_desc = -{static_dtree, extra_dbits, 0, D_CODES, MAX_BITS}; - -local static_tree_desc static_bl_desc = -{(ct_data *)0, extra_blbits, 0, BL_CODES, MAX_BL_BITS}; - -/* =========================================================================== - * Local (static) routines in this file. - */ - -local void tr_static_init OF((void)); -local void init_block OF((deflate_state *s)); -local void pqdownheap OF((deflate_state *s, ct_data *tree, int k)); -local void gen_bitlen OF((deflate_state *s, tree_desc *desc)); -local void gen_codes OF((ct_data *tree, int max_code, ushf *bl_count)); -local void build_tree OF((deflate_state *s, tree_desc *desc)); -local void scan_tree OF((deflate_state *s, ct_data *tree, int max_code)); -local void send_tree OF((deflate_state *s, ct_data *tree, int max_code)); -local int build_bl_tree OF((deflate_state *s)); -local void send_all_trees OF((deflate_state *s, int lcodes, int dcodes, - int blcodes)); -local void compress_block OF((deflate_state *s, ct_data *ltree, - ct_data *dtree)); -local void set_data_type OF((deflate_state *s)); -local unsigned bi_reverse OF((unsigned value, int length)); -local void bi_windup OF((deflate_state *s)); -local void bi_flush OF((deflate_state *s)); -local void copy_block OF((deflate_state *s, charf *buf, unsigned len, - int header)); - -#ifndef DEBUG_NEVER -# define send_code(s, c, tree) send_bits(s, tree[c].Code, tree[c].Len) - /* Send a code of the given tree. c and tree must not have side effects */ - -#else /* DEBUG */ -# define send_code(s, c, tree) \ - { if (verbose>2) fprintf(stderr,"\ncd %3d ",(c)); \ - send_bits(s, tree[c].Code, tree[c].Len); } -#endif - -#define d_code(dist) \ - ((dist) < 256 ? dist_code[dist] : dist_code[256+((dist)>>7)]) -/* Mapping from a distance to a distance code. dist is the distance - 1 and - * must not have side effects. dist_code[256] and dist_code[257] are never - * used. - */ - -/* =========================================================================== - * Output a short LSB first on the stream. - * IN assertion: there is enough room in pendingBuf. - */ -#define put_short(s, w) { \ - put_byte(s, (uch)((w) & 0xff)); \ - put_byte(s, (uch)((ush)(w) >> 8)); \ -} - -/* =========================================================================== - * Send a value on a given number of bits. - * IN assertion: length <= 16 and value fits in length bits. - */ -#ifdef DEBUG -local void send_bits OF((deflate_state *s, int value, int length)); - -local void send_bits(s, value, length) - deflate_state *s; - int value; /* value to send */ - int length; /* number of bits */ -{ - Tracevv((stderr," l %2d v %4x ", length, value)); - Assert(length > 0 && length <= 15, "invalid length"); - s->bits_sent += (ulg)length; - - /* If not enough room in bi_buf, use (valid) bits from bi_buf and - * (16 - bi_valid) bits from value, leaving (width - (16-bi_valid)) - * unused bits in value. - */ - if (s->bi_valid > (int)Buf_size - length) { - s->bi_buf |= (value << s->bi_valid); - put_short(s, s->bi_buf); - s->bi_buf = (ush)value >> (Buf_size - s->bi_valid); - s->bi_valid += length - Buf_size; - } else { - s->bi_buf |= value << s->bi_valid; - s->bi_valid += length; - } -} -#else /* !DEBUG */ - -#define send_bits(s, value, length) \ -{ int len = length;\ - if (s->bi_valid > (int)Buf_size - len) {\ - int val = value;\ - s->bi_buf |= (val << s->bi_valid);\ - put_short(s, s->bi_buf);\ - s->bi_buf = (ush)val >> (Buf_size - s->bi_valid);\ - s->bi_valid += len - Buf_size;\ - } else {\ - s->bi_buf |= (value) << s->bi_valid;\ - s->bi_valid += len;\ - }\ -} -#endif /* DEBUG */ - - -#ifndef MAX -#define MAX(a,b) (a >= b ? a : b) -#endif -/* the arguments must not have side effects */ - -/* =========================================================================== - * Initialize the various 'constant' tables. In a multi-threaded environment, - * this function may be called by two threads concurrently, but this is - * harmless since both invocations do exactly the same thing. - */ -local void tr_static_init() -{ - static int static_init_done = 0; - int n; /* iterates over tree elements */ - int bits; /* bit counter */ - int length; /* length value */ - int code; /* code value */ - int dist; /* distance index */ - ush bl_count[MAX_BITS+1]; - /* number of codes at each bit length for an optimal tree */ - - if (static_init_done) return; - - /* Initialize the mapping length (0..255) -> length code (0..28) */ - length = 0; - for (code = 0; code < LENGTH_CODES-1; code++) { - base_length[code] = length; - for (n = 0; n < (1<<extra_lbits[code]); n++) { - length_code[length++] = (uch)code; - } - } - Assert (length == 256, "tr_static_init: length != 256"); - /* Note that the length 255 (match length 258) can be represented - * in two different ways: code 284 + 5 bits or code 285, so we - * overwrite length_code[255] to use the best encoding: - */ - length_code[length-1] = (uch)code; - - /* Initialize the mapping dist (0..32K) -> dist code (0..29) */ - dist = 0; - for (code = 0 ; code < 16; code++) { - base_dist[code] = dist; - for (n = 0; n < (1<<extra_dbits[code]); n++) { - dist_code[dist++] = (uch)code; - } - } - Assert (dist == 256, "tr_static_init: dist != 256"); - dist >>= 7; /* from now on, all distances are divided by 128 */ - for ( ; code < D_CODES; code++) { - base_dist[code] = dist << 7; - for (n = 0; n < (1<<(extra_dbits[code]-7)); n++) { - dist_code[256 + dist++] = (uch)code; - } - } - Assert (dist == 256, "tr_static_init: 256+dist != 512"); - - /* Construct the codes of the static literal tree */ - for (bits = 0; bits <= MAX_BITS; bits++) bl_count[bits] = 0; - n = 0; - while (n <= 143) static_ltree[n++].Len = 8, bl_count[8]++; - while (n <= 255) static_ltree[n++].Len = 9, bl_count[9]++; - while (n <= 279) static_ltree[n++].Len = 7, bl_count[7]++; - while (n <= 287) static_ltree[n++].Len = 8, bl_count[8]++; - /* Codes 286 and 287 do not exist, but we must include them in the - * tree construction to get a canonical Huffman tree (longest code - * all ones) - */ - gen_codes((ct_data *)static_ltree, L_CODES+1, bl_count); - - /* The static distance tree is trivial: */ - for (n = 0; n < D_CODES; n++) { - static_dtree[n].Len = 5; - static_dtree[n].Code = bi_reverse((unsigned)n, 5); - } - static_init_done = 1; -} - -/* =========================================================================== - * Initialize the tree data structures for a new zlib stream. - */ -void _tr_init(s) - deflate_state *s; -{ - tr_static_init(); - - s->compressed_len = 0L; - - s->l_desc.dyn_tree = s->dyn_ltree; - s->l_desc.stat_desc = &static_l_desc; - - s->d_desc.dyn_tree = s->dyn_dtree; - s->d_desc.stat_desc = &static_d_desc; - - s->bl_desc.dyn_tree = s->bl_tree; - s->bl_desc.stat_desc = &static_bl_desc; - - s->bi_buf = 0; - s->bi_valid = 0; - s->last_eob_len = 8; /* enough lookahead for inflate */ -#ifdef DEBUG - s->bits_sent = 0L; -#endif - - /* Initialize the first block of the first file: */ - init_block(s); -} - -/* =========================================================================== - * Initialize a new block. - */ -local void init_block(s) - deflate_state *s; -{ - int n; /* iterates over tree elements */ - - /* Initialize the trees. */ - for (n = 0; n < L_CODES; n++) s->dyn_ltree[n].Freq = 0; - for (n = 0; n < D_CODES; n++) s->dyn_dtree[n].Freq = 0; - for (n = 0; n < BL_CODES; n++) s->bl_tree[n].Freq = 0; - - s->dyn_ltree[END_BLOCK].Freq = 1; - s->opt_len = s->static_len = 0L; - s->last_lit = s->matches = 0; -} - -#define SMALLEST 1 -/* Index within the heap array of least frequent node in the Huffman tree */ - - -/* =========================================================================== - * Remove the smallest element from the heap and recreate the heap with - * one less element. Updates heap and heap_len. - */ -#define pqremove(s, tree, top) \ -{\ - top = s->heap[SMALLEST]; \ - s->heap[SMALLEST] = s->heap[s->heap_len--]; \ - pqdownheap(s, tree, SMALLEST); \ -} - -/* =========================================================================== - * Compares to subtrees, using the tree depth as tie breaker when - * the subtrees have equal frequency. This minimizes the worst case length. - */ -#define smaller(tree, n, m, depth) \ - (tree[n].Freq < tree[m].Freq || \ - (tree[n].Freq == tree[m].Freq && depth[n] <= depth[m])) - -/* =========================================================================== - * Restore the heap property by moving down the tree starting at node k, - * exchanging a node with the smallest of its two sons if necessary, stopping - * when the heap property is re-established (each father smaller than its - * two sons). - */ -local void pqdownheap(s, tree, k) - deflate_state *s; - ct_data *tree; /* the tree to restore */ - int k; /* node to move down */ -{ - int v = s->heap[k]; - int j = k << 1; /* left son of k */ - while (j <= s->heap_len) { - /* Set j to the smallest of the two sons: */ - if (j < s->heap_len && - smaller(tree, s->heap[j+1], s->heap[j], s->depth)) { - j++; - } - /* Exit if v is smaller than both sons */ - if (smaller(tree, v, s->heap[j], s->depth)) break; - - /* Exchange v with the smallest son */ - s->heap[k] = s->heap[j]; k = j; - - /* And continue down the tree, setting j to the left son of k */ - j <<= 1; - } - s->heap[k] = v; -} - -/* =========================================================================== - * Compute the optimal bit lengths for a tree and update the total bit length - * for the current block. - * IN assertion: the fields freq and dad are set, heap[heap_max] and - * above are the tree nodes sorted by increasing frequency. - * OUT assertions: the field len is set to the optimal bit length, the - * array bl_count contains the frequencies for each bit length. - * The length opt_len is updated; static_len is also updated if stree is - * not null. - */ -local void gen_bitlen(s, desc) - deflate_state *s; - tree_desc *desc; /* the tree descriptor */ -{ - ct_data *tree = desc->dyn_tree; - int max_code = desc->max_code; - ct_data *stree = desc->stat_desc->static_tree; - intf *extra = desc->stat_desc->extra_bits; - int base = desc->stat_desc->extra_base; - int max_length = desc->stat_desc->max_length; - int h; /* heap index */ - int n, m; /* iterate over the tree elements */ - int bits; /* bit length */ - int xbits; /* extra bits */ - ush f; /* frequency */ - int overflow = 0; /* number of elements with bit length too large */ - - for (bits = 0; bits <= MAX_BITS; bits++) s->bl_count[bits] = 0; - - /* In a first pass, compute the optimal bit lengths (which may - * overflow in the case of the bit length tree). - */ - tree[s->heap[s->heap_max]].Len = 0; /* root of the heap */ - - for (h = s->heap_max+1; h < HEAP_SIZE; h++) { - n = s->heap[h]; - bits = tree[tree[n].Dad].Len + 1; - if (bits > max_length) bits = max_length, overflow++; - tree[n].Len = (ush)bits; - /* We overwrite tree[n].Dad which is no longer needed */ - - if (n > max_code) continue; /* not a leaf node */ - - s->bl_count[bits]++; - xbits = 0; - if (n >= base) xbits = extra[n-base]; - f = tree[n].Freq; - s->opt_len += (ulg)f * (bits + xbits); - if (stree) s->static_len += (ulg)f * (stree[n].Len + xbits); - } - if (overflow == 0) return; - - Trace((stderr,"\nbit length overflow\n")); - /* This happens for example on obj2 and pic of the Calgary corpus */ - - /* Find the first bit length which could increase: */ - do { - bits = max_length-1; - while (s->bl_count[bits] == 0) bits--; - s->bl_count[bits]--; /* move one leaf down the tree */ - s->bl_count[bits+1] += 2; /* move one overflow item as its brother */ - s->bl_count[max_length]--; - /* The brother of the overflow item also moves one step up, - * but this does not affect bl_count[max_length] - */ - overflow -= 2; - } while (overflow > 0); - - /* Now recompute all bit lengths, scanning in increasing frequency. - * h is still equal to HEAP_SIZE. (It is simpler to reconstruct all - * lengths instead of fixing only the wrong ones. This idea is taken - * from 'ar' written by Haruhiko Okumura.) - */ - for (bits = max_length; bits != 0; bits--) { - n = s->bl_count[bits]; - while (n != 0) { - m = s->heap[--h]; - if (m > max_code) continue; - if (tree[m].Len != (unsigned) bits) { - Trace((stderr,"code %d bits %d->%d\n", m, tree[m].Len, bits)); - s->opt_len += ((long)bits - (long)tree[m].Len) - *(long)tree[m].Freq; - tree[m].Len = (ush)bits; - } - n--; - } - } -} - -/* =========================================================================== - * Generate the codes for a given tree and bit counts (which need not be - * optimal). - * IN assertion: the array bl_count contains the bit length statistics for - * the given tree and the field len is set for all tree elements. - * OUT assertion: the field code is set for all tree elements of non - * zero code length. - */ -local void gen_codes (tree, max_code, bl_count) - ct_data *tree; /* the tree to decorate */ - int max_code; /* largest code with non zero frequency */ - ushf *bl_count; /* number of codes at each bit length */ -{ - ush next_code[MAX_BITS+1]; /* next code value for each bit length */ - ush code = 0; /* running code value */ - int bits; /* bit index */ - int n; /* code index */ - - /* The distribution counts are first used to generate the code values - * without bit reversal. - */ - for (bits = 1; bits <= MAX_BITS; bits++) { - next_code[bits] = code = (code + bl_count[bits-1]) << 1; - } - /* Check that the bit counts in bl_count are consistent. The last code - * must be all ones. - */ - Assert (code + bl_count[MAX_BITS]-1 == (1<<MAX_BITS)-1, - "inconsistent bit counts"); - Tracev((stderr,"\ngen_codes: max_code %d ", max_code)); - - for (n = 0; n <= max_code; n++) { - int len = tree[n].Len; - if (len == 0) continue; - /* Now reverse the bits */ - tree[n].Code = bi_reverse(next_code[len]++, len); - - Tracecv(tree != static_ltree, (stderr,"\nn %3d %c l %2d c %4x (%x) ", - n, (isgraph(n) ? n : ' '), len, tree[n].Code, next_code[len]-1)); - } -} - -/* =========================================================================== - * Construct one Huffman tree and assigns the code bit strings and lengths. - * Update the total bit length for the current block. - * IN assertion: the field freq is set for all tree elements. - * OUT assertions: the fields len and code are set to the optimal bit length - * and corresponding code. The length opt_len is updated; static_len is - * also updated if stree is not null. The field max_code is set. - */ -local void build_tree(s, desc) - deflate_state *s; - tree_desc *desc; /* the tree descriptor */ -{ - ct_data *tree = desc->dyn_tree; - ct_data *stree = desc->stat_desc->static_tree; - int elems = desc->stat_desc->elems; - int n, m; /* iterate over heap elements */ - int max_code = -1; /* largest code with non zero frequency */ - int node; /* new node being created */ - - /* Construct the initial heap, with least frequent element in - * heap[SMALLEST]. The sons of heap[n] are heap[2*n] and heap[2*n+1]. - * heap[0] is not used. - */ - s->heap_len = 0, s->heap_max = HEAP_SIZE; - - for (n = 0; n < elems; n++) { - if (tree[n].Freq != 0) { - s->heap[++(s->heap_len)] = max_code = n; - s->depth[n] = 0; - } else { - tree[n].Len = 0; - } - } - - /* The pkzip format requires that at least one distance code exists, - * and that at least one bit should be sent even if there is only one - * possible code. So to avoid special checks later on we force at least - * two codes of non zero frequency. - */ - while (s->heap_len < 2) { - node = s->heap[++(s->heap_len)] = (max_code < 2 ? ++max_code : 0); - tree[node].Freq = 1; - s->depth[node] = 0; - s->opt_len--; if (stree) s->static_len -= stree[node].Len; - /* node is 0 or 1 so it does not have extra bits */ - } - desc->max_code = max_code; - - /* The elements heap[heap_len/2+1 .. heap_len] are leaves of the tree, - * establish sub-heaps of increasing lengths: - */ - for (n = s->heap_len/2; n >= 1; n--) pqdownheap(s, tree, n); - - /* Construct the Huffman tree by repeatedly combining the least two - * frequent nodes. - */ - node = elems; /* next internal node of the tree */ - do { - pqremove(s, tree, n); /* n = node of least frequency */ - m = s->heap[SMALLEST]; /* m = node of next least frequency */ - - s->heap[--(s->heap_max)] = n; /* keep the nodes sorted by frequency */ - s->heap[--(s->heap_max)] = m; - - /* Create a new node father of n and m */ - tree[node].Freq = tree[n].Freq + tree[m].Freq; - s->depth[node] = (uch) (MAX(s->depth[n], s->depth[m]) + 1); - tree[n].Dad = tree[m].Dad = (ush)node; -#ifdef DUMP_BL_TREE - if (tree == s->bl_tree) { - fprintf(stderr,"\nnode %d(%d), sons %d(%d) %d(%d)", - node, tree[node].Freq, n, tree[n].Freq, m, tree[m].Freq); - } -#endif - /* and insert the new node in the heap */ - s->heap[SMALLEST] = node++; - pqdownheap(s, tree, SMALLEST); - - } while (s->heap_len >= 2); - - s->heap[--(s->heap_max)] = s->heap[SMALLEST]; - - /* At this point, the fields freq and dad are set. We can now - * generate the bit lengths. - */ - gen_bitlen(s, (tree_desc *)desc); - - /* The field len is now set, we can generate the bit codes */ - gen_codes ((ct_data *)tree, max_code, s->bl_count); -} - -/* =========================================================================== - * Scan a literal or distance tree to determine the frequencies of the codes - * in the bit length tree. - */ -local void scan_tree (s, tree, max_code) - deflate_state *s; - ct_data *tree; /* the tree to be scanned */ - int max_code; /* and its largest code of non zero frequency */ -{ - int n; /* iterates over all tree elements */ - int prevlen = -1; /* last emitted length */ - int curlen; /* length of current code */ - int nextlen = tree[0].Len; /* length of next code */ - int count = 0; /* repeat count of the current code */ - int max_count = 7; /* max repeat count */ - int min_count = 4; /* min repeat count */ - - if (nextlen == 0) max_count = 138, min_count = 3; - tree[max_code+1].Len = (ush)0xffff; /* guard */ - - for (n = 0; n <= max_code; n++) { - curlen = nextlen; nextlen = tree[n+1].Len; - if (++count < max_count && curlen == nextlen) { - continue; - } else if (count < min_count) { - s->bl_tree[curlen].Freq += count; - } else if (curlen != 0) { - if (curlen != prevlen) s->bl_tree[curlen].Freq++; - s->bl_tree[REP_3_6].Freq++; - } else if (count <= 10) { - s->bl_tree[REPZ_3_10].Freq++; - } else { - s->bl_tree[REPZ_11_138].Freq++; - } - count = 0; prevlen = curlen; - if (nextlen == 0) { - max_count = 138, min_count = 3; - } else if (curlen == nextlen) { - max_count = 6, min_count = 3; - } else { - max_count = 7, min_count = 4; - } - } -} - -/* =========================================================================== - * Send a literal or distance tree in compressed form, using the codes in - * bl_tree. - */ -local void send_tree (s, tree, max_code) - deflate_state *s; - ct_data *tree; /* the tree to be scanned */ - int max_code; /* and its largest code of non zero frequency */ -{ - int n; /* iterates over all tree elements */ - int prevlen = -1; /* last emitted length */ - int curlen; /* length of current code */ - int nextlen = tree[0].Len; /* length of next code */ - int count = 0; /* repeat count of the current code */ - int max_count = 7; /* max repeat count */ - int min_count = 4; /* min repeat count */ - - /* tree[max_code+1].Len = -1; */ /* guard already set */ - if (nextlen == 0) max_count = 138, min_count = 3; - - for (n = 0; n <= max_code; n++) { - curlen = nextlen; nextlen = tree[n+1].Len; - if (++count < max_count && curlen == nextlen) { - continue; - } else if (count < min_count) { - do { send_code(s, curlen, s->bl_tree); } while (--count != 0); - - } else if (curlen != 0) { - if (curlen != prevlen) { - send_code(s, curlen, s->bl_tree); count--; - } - Assert(count >= 3 && count <= 6, " 3_6?"); - send_code(s, REP_3_6, s->bl_tree); send_bits(s, count-3, 2); - - } else if (count <= 10) { - send_code(s, REPZ_3_10, s->bl_tree); send_bits(s, count-3, 3); - - } else { - send_code(s, REPZ_11_138, s->bl_tree); send_bits(s, count-11, 7); - } - count = 0; prevlen = curlen; - if (nextlen == 0) { - max_count = 138, min_count = 3; - } else if (curlen == nextlen) { - max_count = 6, min_count = 3; - } else { - max_count = 7, min_count = 4; - } - } -} - -/* =========================================================================== - * Construct the Huffman tree for the bit lengths and return the index in - * bl_order of the last bit length code to send. - */ -local int build_bl_tree(s) - deflate_state *s; -{ - int max_blindex; /* index of last bit length code of non zero freq */ - - /* Determine the bit length frequencies for literal and distance trees */ - scan_tree(s, (ct_data *)s->dyn_ltree, s->l_desc.max_code); - scan_tree(s, (ct_data *)s->dyn_dtree, s->d_desc.max_code); - - /* Build the bit length tree: */ - build_tree(s, (tree_desc *)(&(s->bl_desc))); - /* opt_len now includes the length of the tree representations, except - * the lengths of the bit lengths codes and the 5+5+4 bits for the counts. - */ - - /* Determine the number of bit length codes to send. The pkzip format - * requires that at least 4 bit length codes be sent. (appnote.txt says - * 3 but the actual value used is 4.) - */ - for (max_blindex = BL_CODES-1; max_blindex >= 3; max_blindex--) { - if (s->bl_tree[bl_order[max_blindex]].Len != 0) break; - } - /* Update opt_len to include the bit length tree and counts */ - s->opt_len += 3*(max_blindex+1) + 5+5+4; - Tracev((stderr, "\ndyn trees: dyn %ld, stat %ld", - s->opt_len, s->static_len)); - - return max_blindex; -} - -/* =========================================================================== - * Send the header for a block using dynamic Huffman trees: the counts, the - * lengths of the bit length codes, the literal tree and the distance tree. - * IN assertion: lcodes >= 257, dcodes >= 1, blcodes >= 4. - */ -local void send_all_trees(s, lcodes, dcodes, blcodes) - deflate_state *s; - int lcodes, dcodes, blcodes; /* number of codes for each tree */ -{ - int rank; /* index in bl_order */ - - Assert (lcodes >= 257 && dcodes >= 1 && blcodes >= 4, "not enough codes"); - Assert (lcodes <= L_CODES && dcodes <= D_CODES && blcodes <= BL_CODES, - "too many codes"); - Tracev((stderr, "\nbl counts: ")); - send_bits(s, lcodes-257, 5); /* not +255 as stated in appnote.txt */ - send_bits(s, dcodes-1, 5); - send_bits(s, blcodes-4, 4); /* not -3 as stated in appnote.txt */ - for (rank = 0; rank < blcodes; rank++) { - Tracev((stderr, "\nbl code %2d ", bl_order[rank])); - send_bits(s, s->bl_tree[bl_order[rank]].Len, 3); - } - Tracev((stderr, "\nbl tree: sent %ld", s->bits_sent)); - - send_tree(s, (ct_data *)s->dyn_ltree, lcodes-1); /* literal tree */ - Tracev((stderr, "\nlit tree: sent %ld", s->bits_sent)); - - send_tree(s, (ct_data *)s->dyn_dtree, dcodes-1); /* distance tree */ - Tracev((stderr, "\ndist tree: sent %ld", s->bits_sent)); -} - -/* =========================================================================== - * Send a stored block - */ -void _tr_stored_block(s, buf, stored_len, eof) - deflate_state *s; - charf *buf; /* input block */ - ulg stored_len; /* length of input block */ - int eof; /* true if this is the last block for a file */ -{ - send_bits(s, (STORED_BLOCK<<1)+eof, 3); /* send block type */ - s->compressed_len = (s->compressed_len + 3 + 7) & (ulg)~7L; - s->compressed_len += (stored_len + 4) << 3; - - copy_block(s, buf, (unsigned)stored_len, 1); /* with header */ -} - -/* =========================================================================== - * Send one empty static block to give enough lookahead for inflate. - * This takes 10 bits, of which 7 may remain in the bit buffer. - * The current inflate code requires 9 bits of lookahead. If the - * last two codes for the previous block (real code plus EOB) were coded - * on 5 bits or less, inflate may have only 5+3 bits of lookahead to decode - * the last real code. In this case we send two empty static blocks instead - * of one. (There are no problems if the previous block is stored or fixed.) - * To simplify the code, we assume the worst case of last real code encoded - * on one bit only. - */ -void _tr_align(s) - deflate_state *s; -{ - send_bits(s, STATIC_TREES<<1, 3); - send_code(s, END_BLOCK, static_ltree); - s->compressed_len += 10L; /* 3 for block type, 7 for EOB */ - bi_flush(s); - /* Of the 10 bits for the empty block, we have already sent - * (10 - bi_valid) bits. The lookahead for the last real code (before - * the EOB of the previous block) was thus at least one plus the length - * of the EOB plus what we have just sent of the empty static block. - */ - if (1 + s->last_eob_len + 10 - s->bi_valid < 9) { - send_bits(s, STATIC_TREES<<1, 3); - send_code(s, END_BLOCK, static_ltree); - s->compressed_len += 10L; - bi_flush(s); - } - s->last_eob_len = 7; -} - -/* =========================================================================== - * Determine the best encoding for the current block: dynamic trees, static - * trees or store, and output the encoded block to the zip file. This function - * returns the total compressed length for the file so far. - */ -ulg _tr_flush_block(s, buf, stored_len, eof) - deflate_state *s; - charf *buf; /* input block, or NULL if too old */ - ulg stored_len; /* length of input block */ - int eof; /* true if this is the last block for a file */ -{ - ulg opt_lenb, static_lenb; /* opt_len and static_len in bytes */ - int max_blindex = 0; /* index of last bit length code of non zero freq */ - - /* Build the Huffman trees unless a stored block is forced */ - if (s->level > 0) { - - /* Check if the file is ascii or binary */ - if (s->data_type == Z_UNKNOWN) set_data_type(s); - - /* Construct the literal and distance trees */ - build_tree(s, (tree_desc *)(&(s->l_desc))); - Tracev((stderr, "\nlit data: dyn %ld, stat %ld", s->opt_len, - s->static_len)); - - build_tree(s, (tree_desc *)(&(s->d_desc))); - Tracev((stderr, "\ndist data: dyn %ld, stat %ld", s->opt_len, - s->static_len)); - /* At this point, opt_len and static_len are the total bit lengths of - * the compressed block data, excluding the tree representations. - */ - - /* Build the bit length tree for the above two trees, and get the index - * in bl_order of the last bit length code to send. - */ - max_blindex = build_bl_tree(s); - - /* Determine the best encoding. Compute first the block length in bytes*/ - opt_lenb = (s->opt_len+3+7)>>3; - static_lenb = (s->static_len+3+7)>>3; - - Tracev((stderr, "\nopt %lu(%lu) stat %lu(%lu) stored %lu lit %u ", - opt_lenb, s->opt_len, static_lenb, s->static_len, stored_len, - s->last_lit)); - - if (static_lenb <= opt_lenb) opt_lenb = static_lenb; - - } else { - Assert(buf != (char*)0, "lost buf"); - opt_lenb = static_lenb = stored_len + 5; /* force a stored block */ - } - - /* If compression failed and this is the first and last block, - * and if the .zip file can be seeked (to rewrite the local header), - * the whole file is transformed into a stored file: - */ -#ifdef STORED_FILE_OK -# ifdef FORCE_STORED_FILE - if (eof && s->compressed_len == 0L) { /* force stored file */ -# else - if (stored_len <= opt_lenb && eof && s->compressed_len==0L && seekable()) { -# endif - /* Since LIT_BUFSIZE <= 2*WSIZE, the input data must be there: */ - if (buf == (charf*)0) error ("block vanished"); - - copy_block(buf, (unsigned)stored_len, 0); /* without header */ - s->compressed_len = stored_len << 3; - s->method = STORED; - } else -#endif /* STORED_FILE_OK */ - -#ifdef FORCE_STORED - if (buf != (char*)0) { /* force stored block */ -#else - if (stored_len+4 <= opt_lenb && buf != (char*)0) { - /* 4: two words for the lengths */ -#endif - /* The test buf != NULL is only necessary if LIT_BUFSIZE > WSIZE. - * Otherwise we can't have processed more than WSIZE input bytes since - * the last block flush, because compression would have been - * successful. If LIT_BUFSIZE <= WSIZE, it is never too late to - * transform a block into a stored block. - */ - _tr_stored_block(s, buf, stored_len, eof); - -#ifdef FORCE_STATIC - } else if (static_lenb >= 0) { /* force static trees */ -#else - } else if (static_lenb == opt_lenb) { -#endif - send_bits(s, (STATIC_TREES<<1)+eof, 3); - compress_block(s, (ct_data *)static_ltree, (ct_data *)static_dtree); - s->compressed_len += 3 + s->static_len; - } else { - send_bits(s, (DYN_TREES<<1)+eof, 3); - send_all_trees(s, s->l_desc.max_code+1, s->d_desc.max_code+1, - max_blindex+1); - compress_block(s, (ct_data *)s->dyn_ltree, (ct_data *)s->dyn_dtree); - s->compressed_len += 3 + s->opt_len; - } - Assert (s->compressed_len == s->bits_sent, "bad compressed size"); - init_block(s); - - if (eof) { - bi_windup(s); - s->compressed_len += 7; /* align on byte boundary */ - } - Tracev((stderr,"\ncomprlen %lu(%lu) ", s->compressed_len>>3, - s->compressed_len-7*eof)); - - return s->compressed_len >> 3; -} - -/* =========================================================================== - * Save the match info and tally the frequency counts. Return true if - * the current block must be flushed. - */ -int _tr_tally (s, dist, lc) - deflate_state *s; - unsigned dist; /* distance of matched string */ - unsigned lc; /* match length-MIN_MATCH or unmatched char (if dist==0) */ -{ - s->d_buf[s->last_lit] = (ush)dist; - s->l_buf[s->last_lit++] = (uch)lc; - if (dist == 0) { - /* lc is the unmatched char */ - s->dyn_ltree[lc].Freq++; - } else { - s->matches++; - /* Here, lc is the match length - MIN_MATCH */ - dist--; /* dist = match distance - 1 */ - Assert((ush)dist < (ush)MAX_DIST(s) && - (ush)lc <= (ush)(MAX_MATCH-MIN_MATCH) && - (ush)d_code(dist) < (ush)D_CODES, "_tr_tally: bad match"); - - s->dyn_ltree[length_code[lc]+LITERALS+1].Freq++; - s->dyn_dtree[d_code(dist)].Freq++; - } - - /* Try to guess if it is profitable to stop the current block here */ - if (s->level > 2 && (s->last_lit & 0xfff) == 0) { - /* Compute an upper bound for the compressed length */ - ulg out_length = (ulg)s->last_lit*8L; - ulg in_length = (ulg)((long)s->strstart - s->block_start); - int dcode; - for (dcode = 0; dcode < D_CODES; dcode++) { - out_length += (ulg)s->dyn_dtree[dcode].Freq * - (5L+extra_dbits[dcode]); - } - out_length >>= 3; - Tracev((stderr,"\nlast_lit %u, in %ld, out ~%ld(%ld%%) ", - s->last_lit, in_length, out_length, - 100L - out_length*100L/in_length)); - if (s->matches < s->last_lit/2 && out_length < in_length/2) return 1; - } - return (s->last_lit == s->lit_bufsize-1); - /* We avoid equality with lit_bufsize because of wraparound at 64K - * on 16 bit machines and because stored blocks are restricted to - * 64K-1 bytes. - */ -} - -/* =========================================================================== - * Send the block data compressed using the given Huffman trees - */ -local void compress_block(s, ltree, dtree) - deflate_state *s; - ct_data *ltree; /* literal tree */ - ct_data *dtree; /* distance tree */ -{ - unsigned dist; /* distance of matched string */ - int lc; /* match length or unmatched char (if dist == 0) */ - unsigned lx = 0; /* running index in l_buf */ - unsigned code; /* the code to send */ - int extra; /* number of extra bits to send */ - - if (s->last_lit != 0) do { - dist = s->d_buf[lx]; - lc = s->l_buf[lx++]; - if (dist == 0) { - send_code(s, lc, ltree); /* send a literal byte */ - Tracecv(isgraph(lc), (stderr," '%c' ", lc)); - } else { - /* Here, lc is the match length - MIN_MATCH */ - code = length_code[lc]; - send_code(s, code+LITERALS+1, ltree); /* send the length code */ - extra = extra_lbits[code]; - if (extra != 0) { - lc -= base_length[code]; - send_bits(s, lc, extra); /* send the extra length bits */ - } - dist--; /* dist is now the match distance - 1 */ - code = d_code(dist); - Assert (code < D_CODES, "bad d_code"); - - send_code(s, code, dtree); /* send the distance code */ - extra = extra_dbits[code]; - if (extra != 0) { - dist -= base_dist[code]; - send_bits(s, dist, extra); /* send the extra distance bits */ - } - } /* literal or match pair ? */ - - /* Check that the overlay between pending_buf and d_buf+l_buf is ok: */ - Assert((uInt)s->pending < s->lit_bufsize + 2*lx, "pendingBuf overflow"); - - } while (lx < s->last_lit); - - send_code(s, END_BLOCK, ltree); - s->last_eob_len = ltree[END_BLOCK].Len; -} - -/* =========================================================================== - * Set the data type to ASCII or BINARY, using a crude approximation: - * binary if more than 20% of the bytes are <= 6 or >= 128, ascii otherwise. - * IN assertion: the fields freq of dyn_ltree are set and the total of all - * frequencies does not exceed 64K (to fit in an int on 16 bit machines). - */ -local void set_data_type(s) - deflate_state *s; -{ - int n = 0; - unsigned ascii_freq = 0; - unsigned bin_freq = 0; - while (n < 7) bin_freq += s->dyn_ltree[n++].Freq; - while (n < 128) ascii_freq += s->dyn_ltree[n++].Freq; - while (n < LITERALS) bin_freq += s->dyn_ltree[n++].Freq; - s->data_type = (Byte)(bin_freq > (ascii_freq >> 2) ? Z_BINARY : Z_ASCII); -} - -/* =========================================================================== - * Reverse the first len bits of a code, using straightforward code (a faster - * method would use a table) - * IN assertion: 1 <= len <= 15 - */ -local unsigned bi_reverse(code, len) - unsigned code; /* the value to invert */ - int len; /* its bit length */ -{ - register unsigned res = 0; - do { - res |= code & 1; - code >>= 1, res <<= 1; - } while (--len > 0); - return res >> 1; -} - -/* =========================================================================== - * Flush the bit buffer, keeping at most 7 bits in it. - */ -local void bi_flush(s) - deflate_state *s; -{ - if (s->bi_valid == 16) { - put_short(s, s->bi_buf); - s->bi_buf = 0; - s->bi_valid = 0; - } else if (s->bi_valid >= 8) { - put_byte(s, (Byte)s->bi_buf); - s->bi_buf >>= 8; - s->bi_valid -= 8; - } -} - -/* =========================================================================== - * Flush the bit buffer and align the output on a byte boundary - */ -local void bi_windup(s) - deflate_state *s; -{ - if (s->bi_valid > 8) { - put_short(s, s->bi_buf); - } else if (s->bi_valid > 0) { - put_byte(s, (Byte)s->bi_buf); - } - s->bi_buf = 0; - s->bi_valid = 0; -#ifdef DEBUG - s->bits_sent = (s->bits_sent+7) & ~7; -#endif -} - -/* =========================================================================== - * Copy a stored block, storing first the length and its - * one's complement if requested. - */ -local void copy_block(s, buf, len, header) - deflate_state *s; - charf *buf; /* the input data */ - unsigned len; /* its length */ - int header; /* true if block header must be written */ -{ - bi_windup(s); /* align on byte boundary */ - s->last_eob_len = 8; /* enough lookahead for inflate */ - - if (header) { - put_short(s, (ush)len); - put_short(s, (ush)~len); -#ifdef DEBUG - s->bits_sent += 2*16; -#endif - } -#ifdef DEBUG - s->bits_sent += (ulg)len<<3; -#endif - while (len--) { - put_byte(s, *buf++); - } -} diff --git a/security/nss/cmd/zlib/trees.h b/security/nss/cmd/zlib/trees.h deleted file mode 100644 index 72facf900..000000000 --- a/security/nss/cmd/zlib/trees.h +++ /dev/null @@ -1,128 +0,0 @@ -/* header created automatically with -DGEN_TREES_H */ - -local const ct_data static_ltree[L_CODES+2] = { -{{ 12},{ 8}}, {{140},{ 8}}, {{ 76},{ 8}}, {{204},{ 8}}, {{ 44},{ 8}}, -{{172},{ 8}}, {{108},{ 8}}, {{236},{ 8}}, {{ 28},{ 8}}, {{156},{ 8}}, -{{ 92},{ 8}}, {{220},{ 8}}, {{ 60},{ 8}}, {{188},{ 8}}, {{124},{ 8}}, -{{252},{ 8}}, {{ 2},{ 8}}, {{130},{ 8}}, {{ 66},{ 8}}, {{194},{ 8}}, -{{ 34},{ 8}}, {{162},{ 8}}, {{ 98},{ 8}}, {{226},{ 8}}, {{ 18},{ 8}}, -{{146},{ 8}}, {{ 82},{ 8}}, {{210},{ 8}}, {{ 50},{ 8}}, {{178},{ 8}}, -{{114},{ 8}}, {{242},{ 8}}, {{ 10},{ 8}}, {{138},{ 8}}, {{ 74},{ 8}}, -{{202},{ 8}}, {{ 42},{ 8}}, {{170},{ 8}}, {{106},{ 8}}, {{234},{ 8}}, -{{ 26},{ 8}}, {{154},{ 8}}, {{ 90},{ 8}}, {{218},{ 8}}, {{ 58},{ 8}}, -{{186},{ 8}}, {{122},{ 8}}, {{250},{ 8}}, {{ 6},{ 8}}, {{134},{ 8}}, -{{ 70},{ 8}}, {{198},{ 8}}, {{ 38},{ 8}}, {{166},{ 8}}, {{102},{ 8}}, -{{230},{ 8}}, {{ 22},{ 8}}, {{150},{ 8}}, {{ 86},{ 8}}, {{214},{ 8}}, -{{ 54},{ 8}}, {{182},{ 8}}, {{118},{ 8}}, {{246},{ 8}}, {{ 14},{ 8}}, -{{142},{ 8}}, {{ 78},{ 8}}, {{206},{ 8}}, {{ 46},{ 8}}, {{174},{ 8}}, -{{110},{ 8}}, {{238},{ 8}}, {{ 30},{ 8}}, {{158},{ 8}}, {{ 94},{ 8}}, -{{222},{ 8}}, {{ 62},{ 8}}, {{190},{ 8}}, {{126},{ 8}}, {{254},{ 8}}, -{{ 1},{ 8}}, {{129},{ 8}}, {{ 65},{ 8}}, {{193},{ 8}}, {{ 33},{ 8}}, -{{161},{ 8}}, {{ 97},{ 8}}, {{225},{ 8}}, {{ 17},{ 8}}, {{145},{ 8}}, -{{ 81},{ 8}}, {{209},{ 8}}, {{ 49},{ 8}}, {{177},{ 8}}, {{113},{ 8}}, -{{241},{ 8}}, {{ 9},{ 8}}, {{137},{ 8}}, {{ 73},{ 8}}, {{201},{ 8}}, -{{ 41},{ 8}}, {{169},{ 8}}, {{105},{ 8}}, {{233},{ 8}}, {{ 25},{ 8}}, -{{153},{ 8}}, {{ 89},{ 8}}, {{217},{ 8}}, {{ 57},{ 8}}, {{185},{ 8}}, -{{121},{ 8}}, {{249},{ 8}}, {{ 5},{ 8}}, {{133},{ 8}}, {{ 69},{ 8}}, -{{197},{ 8}}, {{ 37},{ 8}}, {{165},{ 8}}, {{101},{ 8}}, {{229},{ 8}}, -{{ 21},{ 8}}, {{149},{ 8}}, {{ 85},{ 8}}, {{213},{ 8}}, {{ 53},{ 8}}, -{{181},{ 8}}, {{117},{ 8}}, {{245},{ 8}}, {{ 13},{ 8}}, {{141},{ 8}}, -{{ 77},{ 8}}, {{205},{ 8}}, {{ 45},{ 8}}, {{173},{ 8}}, {{109},{ 8}}, -{{237},{ 8}}, {{ 29},{ 8}}, {{157},{ 8}}, {{ 93},{ 8}}, {{221},{ 8}}, -{{ 61},{ 8}}, {{189},{ 8}}, {{125},{ 8}}, {{253},{ 8}}, {{ 19},{ 9}}, -{{275},{ 9}}, {{147},{ 9}}, {{403},{ 9}}, {{ 83},{ 9}}, {{339},{ 9}}, -{{211},{ 9}}, {{467},{ 9}}, {{ 51},{ 9}}, {{307},{ 9}}, {{179},{ 9}}, -{{435},{ 9}}, {{115},{ 9}}, {{371},{ 9}}, {{243},{ 9}}, {{499},{ 9}}, -{{ 11},{ 9}}, {{267},{ 9}}, {{139},{ 9}}, {{395},{ 9}}, {{ 75},{ 9}}, -{{331},{ 9}}, {{203},{ 9}}, {{459},{ 9}}, {{ 43},{ 9}}, {{299},{ 9}}, -{{171},{ 9}}, {{427},{ 9}}, {{107},{ 9}}, {{363},{ 9}}, {{235},{ 9}}, -{{491},{ 9}}, {{ 27},{ 9}}, {{283},{ 9}}, {{155},{ 9}}, {{411},{ 9}}, -{{ 91},{ 9}}, {{347},{ 9}}, {{219},{ 9}}, {{475},{ 9}}, {{ 59},{ 9}}, -{{315},{ 9}}, {{187},{ 9}}, {{443},{ 9}}, {{123},{ 9}}, {{379},{ 9}}, -{{251},{ 9}}, {{507},{ 9}}, {{ 7},{ 9}}, {{263},{ 9}}, {{135},{ 9}}, -{{391},{ 9}}, {{ 71},{ 9}}, {{327},{ 9}}, {{199},{ 9}}, {{455},{ 9}}, -{{ 39},{ 9}}, {{295},{ 9}}, {{167},{ 9}}, {{423},{ 9}}, {{103},{ 9}}, -{{359},{ 9}}, {{231},{ 9}}, {{487},{ 9}}, {{ 23},{ 9}}, {{279},{ 9}}, -{{151},{ 9}}, {{407},{ 9}}, {{ 87},{ 9}}, {{343},{ 9}}, {{215},{ 9}}, -{{471},{ 9}}, {{ 55},{ 9}}, {{311},{ 9}}, {{183},{ 9}}, {{439},{ 9}}, -{{119},{ 9}}, {{375},{ 9}}, {{247},{ 9}}, {{503},{ 9}}, {{ 15},{ 9}}, -{{271},{ 9}}, {{143},{ 9}}, {{399},{ 9}}, {{ 79},{ 9}}, {{335},{ 9}}, -{{207},{ 9}}, {{463},{ 9}}, {{ 47},{ 9}}, {{303},{ 9}}, {{175},{ 9}}, -{{431},{ 9}}, {{111},{ 9}}, {{367},{ 9}}, {{239},{ 9}}, {{495},{ 9}}, -{{ 31},{ 9}}, {{287},{ 9}}, {{159},{ 9}}, {{415},{ 9}}, {{ 95},{ 9}}, -{{351},{ 9}}, {{223},{ 9}}, {{479},{ 9}}, {{ 63},{ 9}}, {{319},{ 9}}, -{{191},{ 9}}, {{447},{ 9}}, {{127},{ 9}}, {{383},{ 9}}, {{255},{ 9}}, -{{511},{ 9}}, {{ 0},{ 7}}, {{ 64},{ 7}}, {{ 32},{ 7}}, {{ 96},{ 7}}, -{{ 16},{ 7}}, {{ 80},{ 7}}, {{ 48},{ 7}}, {{112},{ 7}}, {{ 8},{ 7}}, -{{ 72},{ 7}}, {{ 40},{ 7}}, {{104},{ 7}}, {{ 24},{ 7}}, {{ 88},{ 7}}, -{{ 56},{ 7}}, {{120},{ 7}}, {{ 4},{ 7}}, {{ 68},{ 7}}, {{ 36},{ 7}}, -{{100},{ 7}}, {{ 20},{ 7}}, {{ 84},{ 7}}, {{ 52},{ 7}}, {{116},{ 7}}, -{{ 3},{ 8}}, {{131},{ 8}}, {{ 67},{ 8}}, {{195},{ 8}}, {{ 35},{ 8}}, -{{163},{ 8}}, {{ 99},{ 8}}, {{227},{ 8}} -}; - -local const ct_data static_dtree[D_CODES] = { -{{ 0},{ 5}}, {{16},{ 5}}, {{ 8},{ 5}}, {{24},{ 5}}, {{ 4},{ 5}}, -{{20},{ 5}}, {{12},{ 5}}, {{28},{ 5}}, {{ 2},{ 5}}, {{18},{ 5}}, -{{10},{ 5}}, {{26},{ 5}}, {{ 6},{ 5}}, {{22},{ 5}}, {{14},{ 5}}, -{{30},{ 5}}, {{ 1},{ 5}}, {{17},{ 5}}, {{ 9},{ 5}}, {{25},{ 5}}, -{{ 5},{ 5}}, {{21},{ 5}}, {{13},{ 5}}, {{29},{ 5}}, {{ 3},{ 5}}, -{{19},{ 5}}, {{11},{ 5}}, {{27},{ 5}}, {{ 7},{ 5}}, {{23},{ 5}} -}; - -const uch _dist_code[DIST_CODE_LEN] = { - 0, 1, 2, 3, 4, 4, 5, 5, 6, 6, 6, 6, 7, 7, 7, 7, 8, 8, 8, 8, - 8, 8, 8, 8, 9, 9, 9, 9, 9, 9, 9, 9, 10, 10, 10, 10, 10, 10, 10, 10, -10, 10, 10, 10, 10, 10, 10, 10, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, -11, 11, 11, 11, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, -12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 13, 13, 13, 13, -13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, -13, 13, 13, 13, 13, 13, 13, 13, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, -14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, -14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, -14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 15, 15, 15, 15, 15, 15, 15, 15, -15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, -15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, -15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 0, 0, 16, 17, -18, 18, 19, 19, 20, 20, 20, 20, 21, 21, 21, 21, 22, 22, 22, 22, 22, 22, 22, 22, -23, 23, 23, 23, 23, 23, 23, 23, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, -24, 24, 24, 24, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, -26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, -26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 27, 27, 27, 27, 27, 27, 27, 27, -27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, -27, 27, 27, 27, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, -28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, -28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, -28, 28, 28, 28, 28, 28, 28, 28, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, -29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, -29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, -29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29 -}; - -const uch _length_code[MAX_MATCH-MIN_MATCH+1]= { - 0, 1, 2, 3, 4, 5, 6, 7, 8, 8, 9, 9, 10, 10, 11, 11, 12, 12, 12, 12, -13, 13, 13, 13, 14, 14, 14, 14, 15, 15, 15, 15, 16, 16, 16, 16, 16, 16, 16, 16, -17, 17, 17, 17, 17, 17, 17, 17, 18, 18, 18, 18, 18, 18, 18, 18, 19, 19, 19, 19, -19, 19, 19, 19, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, -21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 22, 22, 22, 22, -22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 23, 23, 23, 23, 23, 23, 23, 23, -23, 23, 23, 23, 23, 23, 23, 23, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, -24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, -25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, -25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 26, 26, 26, 26, 26, 26, 26, 26, -26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, -26, 26, 26, 26, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, -27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 28 -}; - -local const int base_length[LENGTH_CODES] = { -0, 1, 2, 3, 4, 5, 6, 7, 8, 10, 12, 14, 16, 20, 24, 28, 32, 40, 48, 56, -64, 80, 96, 112, 128, 160, 192, 224, 0 -}; - -local const int base_dist[D_CODES] = { - 0, 1, 2, 3, 4, 6, 8, 12, 16, 24, - 32, 48, 64, 96, 128, 192, 256, 384, 512, 768, - 1024, 1536, 2048, 3072, 4096, 6144, 8192, 12288, 16384, 24576 -}; - diff --git a/security/nss/cmd/zlib/uncompr.c b/security/nss/cmd/zlib/uncompr.c deleted file mode 100644 index 5e5a83247..000000000 --- a/security/nss/cmd/zlib/uncompr.c +++ /dev/null @@ -1,58 +0,0 @@ -/* uncompr.c -- decompress a memory buffer - * Copyright (C) 1995-1996 Jean-loup Gailly. - * For conditions of distribution and use, see copyright notice in zlib.h - */ -/* This file was modified since it was taken from the zlib distribution */ -/* $Id$ */ - -#include "zlib.h" - -/* =========================================================================== - Decompresses the source buffer into the destination buffer. sourceLen is - the byte length of the source buffer. Upon entry, destLen is the total - size of the destination buffer, which must be large enough to hold the - entire uncompressed data. (The size of the uncompressed data must have - been saved previously by the compressor and transmitted to the decompressor - by some mechanism outside the scope of this compression library.) - Upon exit, destLen is the actual size of the compressed buffer. - This function can be used to decompress a whole file at once if the - input file is mmap'ed. - - uncompress returns Z_OK if success, Z_MEM_ERROR if there was not - enough memory, Z_BUF_ERROR if there was not enough room in the output - buffer, or Z_DATA_ERROR if the input data was corrupted. -*/ -PR_PUBLIC_API(int) uncompress (dest, destLen, source, sourceLen) - Bytef *dest; - uLongf *destLen; - const Bytef *source; - uLong sourceLen; -{ - z_stream stream; - int err; - - stream.next_in = (Bytef*)source; - stream.avail_in = (uInt)sourceLen; - /* Check for source > 64K on 16-bit machine: */ - if ((uLong)stream.avail_in != sourceLen) return Z_BUF_ERROR; - - stream.next_out = dest; - stream.avail_out = (uInt)*destLen; - if ((uLong)stream.avail_out != *destLen) return Z_BUF_ERROR; - - stream.zalloc = (alloc_func)0; - stream.zfree = (free_func)0; - - err = inflateInit(&stream); - if (err != Z_OK) return err; - - err = inflate(&stream, Z_FINISH); - if (err != Z_STREAM_END) { - inflateEnd(&stream); - return err; - } - *destLen = stream.total_out; - - err = inflateEnd(&stream); - return err; -} diff --git a/security/nss/cmd/zlib/zconf.h b/security/nss/cmd/zlib/zconf.h deleted file mode 100644 index 096a448b4..000000000 --- a/security/nss/cmd/zlib/zconf.h +++ /dev/null @@ -1,190 +0,0 @@ -/* zconf.h -- configuration of the zlib compression library - * Copyright (C) 1995-1996 Jean-loup Gailly. - * For conditions of distribution and use, see copyright notice in zlib.h - */ -/* This file was modified since it was taken from the zlib distribution */ -/* $Id$ */ - -#ifndef _ZCONF_H -#define _ZCONF_H - -/* - * If you *really* need a unique prefix for all types and library functions, - * compile with -DZ_PREFIX. The "standard" zlib should be compiled without it. - */ -#ifdef Z_PREFIX -# define deflateInit_ z_deflateInit_ -# define deflate z_deflate -# define deflateEnd z_deflateEnd -# define inflateInit_ z_inflateInit_ -# define inflate z_inflate -# define inflateEnd z_inflateEnd -# define deflateInit2_ z_deflateInit2_ -# define deflateSetDictionary z_deflateSetDictionary -# define deflateCopy z_deflateCopy -# define deflateReset z_deflateReset -# define deflateParams z_deflateParams -# define inflateInit2_ z_inflateInit2_ -# define inflateSetDictionary z_inflateSetDictionary -# define inflateSync z_inflateSync -# define inflateReset z_inflateReset -# define compress z_compress -# define uncompress z_uncompress -# define adler32 z_adler32 -# define crc32 z_crc32 -# define get_crc_table z_get_crc_table - -# define Byte z_Byte -# define uInt z_uInt -# define uLong z_uLong -# define Bytef z_Bytef -# define charf z_charf -# define intf z_intf -# define uIntf z_uIntf -# define uLongf z_uLongf -# define voidpf z_voidpf -# define voidp z_voidp -#endif - -#if (defined(_WIN32) || defined(__WIN32__)) && !defined(WIN32) -# define WIN32 -#endif -#if defined(__GNUC__) || defined(WIN32) || defined(__386__) || defined(i386) -# ifndef __32BIT__ -# define __32BIT__ -# endif -#endif -#if defined(__MSDOS__) && !defined(MSDOS) -# define MSDOS -#endif - -/* - * Compile with -DMAXSEG_64K if the alloc function cannot allocate more - * than 64k bytes at a time (needed on systems with 16-bit int). - */ -#if defined(MSDOS) && !defined(__32BIT__) -# define MAXSEG_64K -#endif -#ifdef MSDOS -# define UNALIGNED_OK -#endif - -#if (defined(MSDOS) || defined(_WINDOWS) || defined(WIN32) || defined(XP_OS2)) && !defined(STDC) -# define STDC -#endif -#if (defined(__STDC__) || defined(__cplusplus)) && !defined(STDC) -# define STDC -#endif - -#ifndef STDC -# ifndef const /* cannot use !defined(STDC) && !defined(const) on Mac */ -# define const -# endif -#endif - -/* Some Mac compilers merge all .h files incorrectly: */ -#if defined(__MWERKS__) || defined(applec) ||defined(THINK_C) ||defined(__SC__) -# define NO_DUMMY_DECL -#endif - -/* Maximum value for memLevel in deflateInit2 */ -#ifndef MAX_MEM_LEVEL -# ifdef MAXSEG_64K -# define MAX_MEM_LEVEL 8 -# else -# define MAX_MEM_LEVEL 9 -# endif -#endif - -/* Maximum value for windowBits in deflateInit2 and inflateInit2 */ -#ifndef MAX_WBITS -# define MAX_WBITS 15 /* 32K LZ77 window */ -#endif - -/* The memory requirements for deflate are (in bytes): - 1 << (windowBits+2) + 1 << (memLevel+9) - that is: 128K for windowBits=15 + 128K for memLevel = 8 (default values) - plus a few kilobytes for small objects. For example, if you want to reduce - the default memory requirements from 256K to 128K, compile with - make CFLAGS="-O -DMAX_WBITS=14 -DMAX_MEM_LEVEL=7" - Of course this will generally degrade compression (there's no free lunch). - - The memory requirements for inflate are (in bytes) 1 << windowBits - that is, 32K for windowBits=15 (default value) plus a few kilobytes - for small objects. -*/ - - /* Type declarations */ - -#ifndef OF /* function prototypes */ -# ifdef STDC -# define OF(args) args -# else -# define OF(args) () -# endif -#endif - -/* The following definitions for FAR are needed only for MSDOS mixed - * model programming (small or medium model with some far allocations). - * This was tested only with MSC; for other MSDOS compilers you may have - * to define NO_MEMCPY in zutil.h. If you don't need the mixed model, - * just define FAR to be empty. - */ -#if (defined(M_I86SM) || defined(M_I86MM)) && !defined(__32BIT__) - /* MSC small or medium model */ -# define SMALL_MEDIUM -# ifdef _MSC_VER -# define FAR __far -# else -# define FAR far -# endif -#endif -#if defined(__BORLANDC__) && (defined(__SMALL__) || defined(__MEDIUM__)) -# ifndef __32BIT__ -# define SMALL_MEDIUM -# define FAR __far -# endif -#endif -#ifndef FAR -# define FAR -#endif - -typedef unsigned char Byte; /* 8 bits */ -typedef unsigned int uInt; /* 16 bits or more */ -typedef unsigned long uLong; /* 32 bits or more */ - -#if defined(__BORLANDC__) && defined(SMALL_MEDIUM) - /* Borland C/C++ ignores FAR inside typedef */ -# define Bytef Byte FAR -#else - typedef Byte FAR Bytef; -#endif -typedef char FAR charf; -typedef int FAR intf; -typedef uInt FAR uIntf; -typedef uLong FAR uLongf; - -#ifdef STDC - typedef void FAR *voidpf; - typedef void *voidp; -#else - typedef Byte FAR *voidpf; - typedef Byte *voidp; -#endif - -#ifdef MOZILLA_CLIENT -#include "prtypes.h" -#else -/* Compile with -DZLIB_DLL for Windows DLL support */ -#if (defined(_WINDOWS) || defined(WINDOWS)) && defined(ZLIB_DLL) -# include <windows.h> -# define EXPORT WINAPI -#else -# define EXPORT -#endif - -/* #define PR_PUBLIC_API(type) type */ - -#endif /* MOZILLA_CLIENT */ - -#endif /* _ZCONF_H */ diff --git a/security/nss/cmd/zlib/zip16.def b/security/nss/cmd/zlib/zip16.def deleted file mode 100644 index 664eeab09..000000000 --- a/security/nss/cmd/zlib/zip16.def +++ /dev/null @@ -1,24 +0,0 @@ -LIBRARY zip1640.DLL -EXETYPE WINDOWS -PROTMODE - -DESCRIPTION '16-bit Zip DLL' - -STUB 'WINSTUB.EXE' - -CODE LOADONCALL MOVEABLE DISCARDABLE -DATA PRELOAD MOVEABLE SINGLE - -HEAPSIZE 8192 - -EXPORTS - -IMPORTS - _malloc = nspr3.2 - _realloc = nspr3.3 - _calloc = nspr3.4 - _free = nspr3.5 - _getenv = nspr3.9 - _printf = nspr3.11 - _sscanf = nspr3.33 - diff --git a/security/nss/cmd/zlib/zlib.h b/security/nss/cmd/zlib/zlib.h deleted file mode 100644 index b216f00a3..000000000 --- a/security/nss/cmd/zlib/zlib.h +++ /dev/null @@ -1,892 +0,0 @@ -/* zlib.h -- interface of the 'zlib' general purpose compression library - version 1.0.4, Jul 24th, 1996. - - Copyright (C) 1995-1996 Jean-loup Gailly and Mark Adler - - This software is provided 'as-is', without any express or implied - warranty. In no event will the authors be held liable for any damages - arising from the use of this software. - - Permission is granted to anyone to use this software for any purpose, - including commercial applications, and to alter it and redistribute it - freely, subject to the following restrictions: - - 1. The origin of this software must not be misrepresented; you must not - claim that you wrote the original software. If you use this software - in a product, an acknowledgment in the product documentation would be - appreciated but is not required. - 2. Altered source versions must be plainly marked as such, and must not be - misrepresented as being the original software. - 3. This notice may not be removed or altered from any source distribution. - - Jean-loup Gailly Mark Adler - gzip@prep.ai.mit.edu madler@alumni.caltech.edu - - - The data format used by the zlib library is described by RFCs (Request for - Comments) 1950 to 1952 in the files ftp://ds.internic.net/rfc/rfc1950.txt - (zlib format), rfc1951.txt (deflate format) and rfc1952.txt (gzip format). -*/ -/* This file was modified since it was taken from the zlib distribution */ - -#ifndef _ZLIB_H -#define _ZLIB_H - -#ifdef __cplusplus -extern "C" { -#endif - -#include "zconf.h" - -#define ZLIB_VERSION "1.0.4" - -/* - The 'zlib' compression library provides in-memory compression and - decompression functions, including integrity checks of the uncompressed - data. This version of the library supports only one compression method - (deflation) but other algorithms may be added later and will have the same - stream interface. - - For compression the application must provide the output buffer and - may optionally provide the input buffer for optimization. For decompression, - the application must provide the input buffer and may optionally provide - the output buffer for optimization. - - Compression can be done in a single step if the buffers are large - enough (for example if an input file is mmap'ed), or can be done by - repeated calls of the compression function. In the latter case, the - application must provide more input and/or consume the output - (providing more output space) before each call. - - The library does not install any signal handler. It is recommended to - add at least a handler for SIGSEGV when decompressing; the library checks - the consistency of the input data whenever possible but may go nuts - for some forms of corrupted input. -*/ - -typedef voidpf (*alloc_func) OF((voidpf opaque, uInt items, uInt size)); -typedef void (*free_func) OF((voidpf opaque, voidpf address)); - -struct internal_state; - -typedef struct z_stream_s { - Bytef *next_in; /* next input byte */ - uInt avail_in; /* number of bytes available at next_in */ - uLong total_in; /* total nb of input bytes read so far */ - - Bytef *next_out; /* next output byte should be put there */ - uInt avail_out; /* remaining free space at next_out */ - uLong total_out; /* total nb of bytes output so far */ - - char *msg; /* last error message, NULL if no error */ - struct internal_state FAR *state; /* not visible by applications */ - - alloc_func zalloc; /* used to allocate the internal state */ - free_func zfree; /* used to free the internal state */ - voidpf opaque; /* private data object passed to zalloc and zfree */ - - int data_type; /* best guess about the data type: ascii or binary */ - uLong adler; /* adler32 value of the uncompressed data */ - uLong reserved; /* reserved for future use */ -} z_stream; - -typedef z_stream FAR *z_streamp; - -/* - The application must update next_in and avail_in when avail_in has - dropped to zero. It must update next_out and avail_out when avail_out - has dropped to zero. The application must initialize zalloc, zfree and - opaque before calling the init function. All other fields are set by the - compression library and must not be updated by the application. - - The opaque value provided by the application will be passed as the first - parameter for calls of zalloc and zfree. This can be useful for custom - memory management. The compression library attaches no meaning to the - opaque value. - - zalloc must return Z_NULL if there is not enough memory for the object. - On 16-bit systems, the functions zalloc and zfree must be able to allocate - exactly 65536 bytes, but will not be required to allocate more than this - if the symbol MAXSEG_64K is defined (see zconf.h). WARNING: On MSDOS, - pointers returned by zalloc for objects of exactly 65536 bytes *must* - have their offset normalized to zero. The default allocation function - provided by this library ensures this (see zutil.c). To reduce memory - requirements and avoid any allocation of 64K objects, at the expense of - compression ratio, compile the library with -DMAX_WBITS=14 (see zconf.h). - - The fields total_in and total_out can be used for statistics or - progress reports. After compression, total_in holds the total size of - the uncompressed data and may be saved for use in the decompressor - (particularly if the decompressor wants to decompress everything in - a single step). -*/ - - /* constants */ - -#define Z_NO_FLUSH 0 -#define Z_PARTIAL_FLUSH 1 -#define Z_SYNC_FLUSH 2 -#define Z_FULL_FLUSH 3 -#define Z_FINISH 4 -/* Allowed flush values; see deflate() below for details */ - -#define Z_OK 0 -#define Z_STREAM_END 1 -#define Z_NEED_DICT 2 -#define Z_ERRNO (-1) -#define Z_STREAM_ERROR (-2) -#define Z_DATA_ERROR (-3) -#define Z_MEM_ERROR (-4) -#define Z_BUF_ERROR (-5) -#define Z_VERSION_ERROR (-6) -/* Return codes for the compression/decompression functions. Negative - * values are errors, positive values are used for special but normal events. - */ - -#define Z_NO_COMPRESSION 0 -#define Z_BEST_SPEED 1 -#define Z_BEST_COMPRESSION 9 -#define Z_DEFAULT_COMPRESSION (-1) -/* compression levels */ - -#define Z_FILTERED 1 -#define Z_HUFFMAN_ONLY 2 -#define Z_DEFAULT_STRATEGY 0 -/* compression strategy; see deflateInit2() below for details */ - -#define Z_BINARY 0 -#define Z_ASCII 1 -#define Z_UNKNOWN 2 -/* Possible values of the data_type field */ - -#define Z_DEFLATED 8 -/* The deflate compression method (the only one supported in this version) */ - -#define Z_NULL 0 /* for initializing zalloc, zfree, opaque */ - -#define zlib_version zlibVersion() -/* for compatibility with versions < 1.0.2 */ - - /* basic functions */ - -#ifdef MOZILLA_CLIENT -PR_PUBLIC_API(extern const char *) zlibVersion (void); -#else -extern const char * EXPORT zlibVersion OF((void)); -#endif -/* The application can compare zlibVersion and ZLIB_VERSION for consistency. - If the first character differs, the library code actually used is - not compatible with the zlib.h header file used by the application. - This check is automatically made by deflateInit and inflateInit. - */ - -/* -extern int EXPORT deflateInit OF((z_streamp strm, int level)); - - Initializes the internal stream state for compression. The fields - zalloc, zfree and opaque must be initialized before by the caller. - If zalloc and zfree are set to Z_NULL, deflateInit updates them to - use default allocation functions. - - The compression level must be Z_DEFAULT_COMPRESSION, or between 0 and 9: - 1 gives best speed, 9 gives best compression, 0 gives no compression at - all (the input data is simply copied a block at a time). - Z_DEFAULT_COMPRESSION requests a default compromise between speed and - compression (currently equivalent to level 6). - - deflateInit returns Z_OK if success, Z_MEM_ERROR if there was not - enough memory, Z_STREAM_ERROR if level is not a valid compression level, - Z_VERSION_ERROR if the zlib library version (zlib_version) is incompatible - with the version assumed by the caller (ZLIB_VERSION). - msg is set to null if there is no error message. deflateInit does not - perform any compression: this will be done by deflate(). -*/ - - -#ifdef MOZILLA_CLIENT -PR_PUBLIC_API(extern int) deflate (z_streamp strm, int flush); -#else -extern int EXPORT deflate OF((z_streamp strm, int flush)); -#endif -/* - Performs one or both of the following actions: - - - Compress more input starting at next_in and update next_in and avail_in - accordingly. If not all input can be processed (because there is not - enough room in the output buffer), next_in and avail_in are updated and - processing will resume at this point for the next call of deflate(). - - - Provide more output starting at next_out and update next_out and avail_out - accordingly. This action is forced if the parameter flush is non zero. - Forcing flush frequently degrades the compression ratio, so this parameter - should be set only when necessary (in interactive applications). - Some output may be provided even if flush is not set. - - Before the call of deflate(), the application should ensure that at least - one of the actions is possible, by providing more input and/or consuming - more output, and updating avail_in or avail_out accordingly; avail_out - should never be zero before the call. The application can consume the - compressed output when it wants, for example when the output buffer is full - (avail_out == 0), or after each call of deflate(). If deflate returns Z_OK - and with zero avail_out, it must be called again after making room in the - output buffer because there might be more output pending. - - If the parameter flush is set to Z_PARTIAL_FLUSH, the current compression - block is terminated and flushed to the output buffer so that the - decompressor can get all input data available so far. For method 9, a future - variant on method 8, the current block will be flushed but not terminated. - Z_SYNC_FLUSH has the same effect as partial flush except that the compressed - output is byte aligned (the compressor can clear its internal bit buffer) - and the current block is always terminated; this can be useful if the - compressor has to be restarted from scratch after an interruption (in which - case the internal state of the compressor may be lost). - If flush is set to Z_FULL_FLUSH, the compression block is terminated, a - special marker is output and the compression dictionary is discarded; this - is useful to allow the decompressor to synchronize if one compressed block - has been damaged (see inflateSync below). Flushing degrades compression and - so should be used only when necessary. Using Z_FULL_FLUSH too often can - seriously degrade the compression. If deflate returns with avail_out == 0, - this function must be called again with the same value of the flush - parameter and more output space (updated avail_out), until the flush is - complete (deflate returns with non-zero avail_out). - - If the parameter flush is set to Z_FINISH, pending input is processed, - pending output is flushed and deflate returns with Z_STREAM_END if there - was enough output space; if deflate returns with Z_OK, this function must be - called again with Z_FINISH and more output space (updated avail_out) but no - more input data, until it returns with Z_STREAM_END or an error. After - deflate has returned Z_STREAM_END, the only possible operations on the - stream are deflateReset or deflateEnd. - - Z_FINISH can be used immediately after deflateInit if all the compression - is to be done in a single step. In this case, avail_out must be at least - 0.1% larger than avail_in plus 12 bytes. If deflate does not return - Z_STREAM_END, then it must be called again as described above. - - deflate() may update data_type if it can make a good guess about - the input data type (Z_ASCII or Z_BINARY). In doubt, the data is considered - binary. This field is only for information purposes and does not affect - the compression algorithm in any manner. - - deflate() returns Z_OK if some progress has been made (more input - processed or more output produced), Z_STREAM_END if all input has been - consumed and all output has been produced (only when flush is set to - Z_FINISH), Z_STREAM_ERROR if the stream state was inconsistent (for example - if next_in or next_out was NULL), Z_BUF_ERROR if no progress is possible. -*/ - - -#ifdef MOZILLA_CLIENT -PR_PUBLIC_API(extern int) deflateEnd (z_streamp strm); -#else -extern int EXPORT deflateEnd OF((z_streamp strm)); -#endif -/* - All dynamically allocated data structures for this stream are freed. - This function discards any unprocessed input and does not flush any - pending output. - - deflateEnd returns Z_OK if success, Z_STREAM_ERROR if the - stream state was inconsistent, Z_DATA_ERROR if the stream was freed - prematurely (some input or output was discarded). In the error case, - msg may be set but then points to a static string (which must not be - deallocated). -*/ - - -/* -extern int EXPORT inflateInit OF((z_streamp strm)); - - Initializes the internal stream state for decompression. The fields - zalloc, zfree and opaque must be initialized before by the caller. If - zalloc and zfree are set to Z_NULL, inflateInit updates them to use default - allocation functions. - - inflateInit returns Z_OK if success, Z_MEM_ERROR if there was not - enough memory, Z_VERSION_ERROR if the zlib library version is incompatible - with the version assumed by the caller. msg is set to null if there is no - error message. inflateInit does not perform any decompression: this will be - done by inflate(). -*/ - - -#ifdef MOZILLA_CLIENT -PR_PUBLIC_API(extern int) inflate (z_streamp strm, int flush); -#else -extern int EXPORT inflate OF((z_streamp strm, int flush)); -#endif -/* - Performs one or both of the following actions: - - - Decompress more input starting at next_in and update next_in and avail_in - accordingly. If not all input can be processed (because there is not - enough room in the output buffer), next_in is updated and processing - will resume at this point for the next call of inflate(). - - - Provide more output starting at next_out and update next_out and avail_out - accordingly. inflate() provides as much output as possible, until there - is no more input data or no more space in the output buffer (see below - about the flush parameter). - - Before the call of inflate(), the application should ensure that at least - one of the actions is possible, by providing more input and/or consuming - more output, and updating the next_* and avail_* values accordingly. - The application can consume the uncompressed output when it wants, for - example when the output buffer is full (avail_out == 0), or after each - call of inflate(). If inflate returns Z_OK and with zero avail_out, it - must be called again after making room in the output buffer because there - might be more output pending. - - If the parameter flush is set to Z_PARTIAL_FLUSH, inflate flushes as much - output as possible to the output buffer. The flushing behavior of inflate is - not specified for values of the flush parameter other than Z_PARTIAL_FLUSH - and Z_FINISH, but the current implementation actually flushes as much output - as possible anyway. - - inflate() should normally be called until it returns Z_STREAM_END or an - error. However if all decompression is to be performed in a single step - (a single call of inflate), the parameter flush should be set to - Z_FINISH. In this case all pending input is processed and all pending - output is flushed; avail_out must be large enough to hold all the - uncompressed data. (The size of the uncompressed data may have been saved - by the compressor for this purpose.) The next operation on this stream must - be inflateEnd to deallocate the decompression state. The use of Z_FINISH - is never required, but can be used to inform inflate that a faster routine - may be used for the single inflate() call. - - inflate() returns Z_OK if some progress has been made (more input - processed or more output produced), Z_STREAM_END if the end of the - compressed data has been reached and all uncompressed output has been - produced, Z_NEED_DICT if a preset dictionary is needed at this point (see - inflateSetDictionary below), Z_DATA_ERROR if the input data was corrupted, - Z_STREAM_ERROR if the stream structure was inconsistent (for example if - next_in or next_out was NULL), Z_MEM_ERROR if there was not enough memory, - Z_BUF_ERROR if no progress is possible or if there was not enough room in - the output buffer when Z_FINISH is used. In the Z_DATA_ERROR case, the - application may then call inflateSync to look for a good compression block. - In the Z_NEED_DICT case, strm->adler is set to the Adler32 value of the - dictionary chosen by the compressor. -*/ - - -#ifdef MOZILLA_CLIENT -PR_PUBLIC_API(extern int) inflateEnd (z_streamp strm); -#else -extern int EXPORT inflateEnd OF((z_streamp strm)); -#endif -/* - All dynamically allocated data structures for this stream are freed. - This function discards any unprocessed input and does not flush any - pending output. - - inflateEnd returns Z_OK if success, Z_STREAM_ERROR if the stream state - was inconsistent. In the error case, msg may be set but then points to a - static string (which must not be deallocated). -*/ - - /* Advanced functions */ - -/* - The following functions are needed only in some special applications. -*/ - -/* -extern int EXPORT deflateInit2 OF((z_streamp strm, - int level, - int method, - int windowBits, - int memLevel, - int strategy)); - - This is another version of deflateInit with more compression options. The - fields next_in, zalloc, zfree and opaque must be initialized before by - the caller. - - The method parameter is the compression method. It must be Z_DEFLATED in - this version of the library. (Method 9 will allow a 64K history buffer and - partial block flushes.) - - The windowBits parameter is the base two logarithm of the window size - (the size of the history buffer). It should be in the range 8..15 for this - version of the library (the value 16 will be allowed for method 9). Larger - values of this parameter result in better compression at the expense of - memory usage. The default value is 15 if deflateInit is used instead. - - The memLevel parameter specifies how much memory should be allocated - for the internal compression state. memLevel=1 uses minimum memory but - is slow and reduces compression ratio; memLevel=9 uses maximum memory - for optimal speed. The default value is 8. See zconf.h for total memory - usage as a function of windowBits and memLevel. - - The strategy parameter is used to tune the compression algorithm. Use the - value Z_DEFAULT_STRATEGY for normal data, Z_FILTERED for data produced by a - filter (or predictor), or Z_HUFFMAN_ONLY to force Huffman encoding only (no - string match). Filtered data consists mostly of small values with a - somewhat random distribution. In this case, the compression algorithm is - tuned to compress them better. The effect of Z_FILTERED is to force more - Huffman coding and less string matching; it is somewhat intermediate - between Z_DEFAULT and Z_HUFFMAN_ONLY. The strategy parameter only affects - the compression ratio but not the correctness of the compressed output even - if it is not set appropriately. - - If next_in is not null, the library will use this buffer to hold also - some history information; the buffer must either hold the entire input - data, or have at least 1<<(windowBits+1) bytes and be writable. If next_in - is null, the library will allocate its own history buffer (and leave next_in - null). next_out need not be provided here but must be provided by the - application for the next call of deflate(). - - If the history buffer is provided by the application, next_in must - must never be changed by the application since the compressor maintains - information inside this buffer from call to call; the application - must provide more input only by increasing avail_in. next_in is always - reset by the library in this case. - - deflateInit2 returns Z_OK if success, Z_MEM_ERROR if there was - not enough memory, Z_STREAM_ERROR if a parameter is invalid (such as - an invalid method). msg is set to null if there is no error message. - deflateInit2 does not perform any compression: this will be done by - deflate(). -*/ - -#ifdef MOZILLA_CLIENT -PR_PUBLIC_API(extern int) deflateSetDictionary (z_streamp strm, - const Bytef *dictionary, - uInt dictLength); -#else -extern int EXPORT deflateSetDictionary OF((z_streamp strm, - const Bytef *dictionary, - uInt dictLength)); -#endif -/* - Initializes the compression dictionary (history buffer) from the given - byte sequence without producing any compressed output. This function must - be called immediately after deflateInit or deflateInit2, before any call - of deflate. The compressor and decompressor must use exactly the same - dictionary (see inflateSetDictionary). - The dictionary should consist of strings (byte sequences) that are likely - to be encountered later in the data to be compressed, with the most commonly - used strings preferably put towards the end of the dictionary. Using a - dictionary is most useful when the data to be compressed is short and - can be predicted with good accuracy; the data can then be compressed better - than with the default empty dictionary. In this version of the library, - only the last 32K bytes of the dictionary are used. - Upon return of this function, strm->adler is set to the Adler32 value - of the dictionary; the decompressor may later use this value to determine - which dictionary has been used by the compressor. (The Adler32 value - applies to the whole dictionary even if only a subset of the dictionary is - actually used by the compressor.) - - deflateSetDictionary returns Z_OK if success, or Z_STREAM_ERROR if a - parameter is invalid (such as NULL dictionary) or the stream state - is inconsistent (for example if deflate has already been called for this - stream). deflateSetDictionary does not perform any compression: this will - be done by deflate(). -*/ - -#ifdef MOZILLA_CLIENT -PR_PUBLIC_API(extern int) deflateCopy (z_streamp dest, z_streamp source); -#else -extern int EXPORT deflateCopy OF((z_streamp dest, z_streamp source)); -#endif -/* - Sets the destination stream as a complete copy of the source stream. If - the source stream is using an application-supplied history buffer, a new - buffer is allocated for the destination stream. The compressed output - buffer is always application-supplied. It's the responsibility of the - application to provide the correct values of next_out and avail_out for the - next call of deflate. - - This function can be useful when several compression strategies will be - tried, for example when there are several ways of pre-processing the input - data with a filter. The streams that will be discarded should then be freed - by calling deflateEnd. Note that deflateCopy duplicates the internal - compression state which can be quite large, so this strategy is slow and - can consume lots of memory. - - deflateCopy returns Z_OK if success, Z_MEM_ERROR if there was not - enough memory, Z_STREAM_ERROR if the source stream state was inconsistent - (such as zalloc being NULL). msg is left unchanged in both source and - destination. -*/ - -#ifdef MOZILLA_CLIENT -PR_PUBLIC_API(extern int) deflateReset (z_streamp strm); -#else -extern int EXPORT deflateReset OF((z_streamp strm)); -#endif -/* - This function is equivalent to deflateEnd followed by deflateInit, - but does not free and reallocate all the internal compression state. - The stream will keep the same compression level and any other attributes - that may have been set by deflateInit2. - - deflateReset returns Z_OK if success, or Z_STREAM_ERROR if the source - stream state was inconsistent (such as zalloc or state being NULL). -*/ - -#ifdef MOZILLA_CLIENT -PR_PUBLIC_API(extern int) deflateParams (z_streamp strm, int level, int strategy); -#else -extern int EXPORT deflateParams OF((z_streamp strm, int level, int strategy)); -#endif -/* - Dynamically update the compression level and compression strategy. - This can be used to switch between compression and straight copy of - the input data, or to switch to a different kind of input data requiring - a different strategy. If the compression level is changed, the input - available so far is compressed with the old level (and may be flushed); - the new level will take effect only at the next call of deflate(). - - Before the call of deflateParams, the stream state must be set as for - a call of deflate(), since the currently available input may have to - be compressed and flushed. In particular, strm->avail_out must be non-zero. - - deflateParams returns Z_OK if success, Z_STREAM_ERROR if the source - stream state was inconsistent or if a parameter was invalid, Z_BUF_ERROR - if strm->avail_out was zero. -*/ - -/* -extern int EXPORT inflateInit2 OF((z_streamp strm, - int windowBits)); - - This is another version of inflateInit with more compression options. The - fields next_out, zalloc, zfree and opaque must be initialized before by - the caller. - - The windowBits parameter is the base two logarithm of the maximum window - size (the size of the history buffer). It should be in the range 8..15 for - this version of the library (the value 16 will be allowed soon). The - default value is 15 if inflateInit is used instead. If a compressed stream - with a larger window size is given as input, inflate() will return with - the error code Z_DATA_ERROR instead of trying to allocate a larger window. - - If next_out is not null, the library will use this buffer for the history - buffer; the buffer must either be large enough to hold the entire output - data, or have at least 1<<windowBits bytes. If next_out is null, the - library will allocate its own buffer (and leave next_out null). next_in - need not be provided here but must be provided by the application for the - next call of inflate(). - - If the history buffer is provided by the application, next_out must - never be changed by the application since the decompressor maintains - history information inside this buffer from call to call; the application - can only reset next_out to the beginning of the history buffer when - avail_out is zero and all output has been consumed. - - inflateInit2 returns Z_OK if success, Z_MEM_ERROR if there was - not enough memory, Z_STREAM_ERROR if a parameter is invalid (such as - windowBits < 8). msg is set to null if there is no error message. - inflateInit2 does not perform any decompression: this will be done by - inflate(). -*/ - -#ifdef MOZILLA_CLIENT -PR_PUBLIC_API(extern int) inflateSetDictionary (z_streamp strm, - const Bytef *dictionary, - uInt dictLength); -#else -extern int EXPORT inflateSetDictionary OF((z_streamp strm, - const Bytef *dictionary, - uInt dictLength)); -#endif -/* - Initializes the decompression dictionary (history buffer) from the given - uncompressed byte sequence. This function must be called immediately after - a call of inflate if this call returned Z_NEED_DICT. The dictionary chosen - by the compressor can be determined from the Adler32 value returned by this - call of inflate. The compressor and decompressor must use exactly the same - dictionary (see deflateSetDictionary). - - inflateSetDictionary returns Z_OK if success, Z_STREAM_ERROR if a - parameter is invalid (such as NULL dictionary) or the stream state is - inconsistent, Z_DATA_ERROR if the given dictionary doesn't match the - expected one (incorrect Adler32 value). inflateSetDictionary does not - perform any decompression: this will be done by subsequent calls of - inflate(). -*/ - -#ifdef MOZILLA_CLIENT -PR_PUBLIC_API(extern int) inflateSync (z_streamp strm); -#else -extern int EXPORT inflateSync OF((z_streamp strm)); -#endif -/* - Skips invalid compressed data until the special marker (see deflate() - above) can be found, or until all available input is skipped. No output - is provided. - - inflateSync returns Z_OK if the special marker has been found, Z_BUF_ERROR - if no more input was provided, Z_DATA_ERROR if no marker has been found, - or Z_STREAM_ERROR if the stream structure was inconsistent. In the success - case, the application may save the current current value of total_in which - indicates where valid compressed data was found. In the error case, the - application may repeatedly call inflateSync, providing more input each time, - until success or end of the input data. -*/ - -#ifdef MOZILLA_CLIENT -PR_PUBLIC_API(extern int) inflateReset (z_streamp strm); -#else -extern int EXPORT inflateReset OF((z_streamp strm)); -#endif -/* - This function is equivalent to inflateEnd followed by inflateInit, - but does not free and reallocate all the internal decompression state. - The stream will keep attributes that may have been set by inflateInit2. - - inflateReset returns Z_OK if success, or Z_STREAM_ERROR if the source - stream state was inconsistent (such as zalloc or state being NULL). -*/ - - - /* utility functions */ - -/* - The following utility functions are implemented on top of the - basic stream-oriented functions. To simplify the interface, some - default options are assumed (compression level, window size, - standard memory allocation functions). The source code of these - utility functions can easily be modified if you need special options. -*/ - -#ifdef MOZILLA_CLIENT -PR_PUBLIC_API(extern int) compress (Bytef *dest, uLongf *destLen, - const Bytef *source, uLong sourceLen); -#else -extern int EXPORT compress OF((Bytef *dest, uLongf *destLen, - const Bytef *source, uLong sourceLen)); -#endif -/* - Compresses the source buffer into the destination buffer. sourceLen is - the byte length of the source buffer. Upon entry, destLen is the total - size of the destination buffer, which must be at least 0.1% larger than - sourceLen plus 12 bytes. Upon exit, destLen is the actual size of the - compressed buffer. - This function can be used to compress a whole file at once if the - input file is mmap'ed. - compress returns Z_OK if success, Z_MEM_ERROR if there was not - enough memory, Z_BUF_ERROR if there was not enough room in the output - buffer. -*/ - -#ifdef MOZILLA_CLIENT -PR_PUBLIC_API(extern int) uncompress (Bytef *dest, uLongf *destLen, - const Bytef *source, uLong sourceLen); -#else -extern int EXPORT uncompress OF((Bytef *dest, uLongf *destLen, - const Bytef *source, uLong sourceLen)); -#endif -/* - Decompresses the source buffer into the destination buffer. sourceLen is - the byte length of the source buffer. Upon entry, destLen is the total - size of the destination buffer, which must be large enough to hold the - entire uncompressed data. (The size of the uncompressed data must have - been saved previously by the compressor and transmitted to the decompressor - by some mechanism outside the scope of this compression library.) - Upon exit, destLen is the actual size of the compressed buffer. - This function can be used to decompress a whole file at once if the - input file is mmap'ed. - - uncompress returns Z_OK if success, Z_MEM_ERROR if there was not - enough memory, Z_BUF_ERROR if there was not enough room in the output - buffer, or Z_DATA_ERROR if the input data was corrupted. -*/ - - -typedef voidp gzFile; - -#ifdef MOZILLA_CLIENT -PR_PUBLIC_API(extern gzFile) gzopen (const char *path, const char *mode); -#else -extern gzFile EXPORT gzopen OF((const char *path, const char *mode)); -#endif -/* - Opens a gzip (.gz) file for reading or writing. The mode parameter - is as in fopen ("rb" or "wb") but can also include a compression level - ("wb9"). gzopen can be used to read a file which is not in gzip format; - in this case gzread will directly read from the file without decompression. - gzopen returns NULL if the file could not be opened or if there was - insufficient memory to allocate the (de)compression state; errno - can be checked to distinguish the two cases (if errno is zero, the - zlib error is Z_MEM_ERROR). -*/ - -#ifdef MOZILLA_CLIENT -PR_PUBLIC_API(extern gzFile) gzdopen (int fd, const char *mode); -#else -extern gzFile EXPORT gzdopen OF((int fd, const char *mode)); -#endif -/* - gzdopen() associates a gzFile with the file descriptor fd. File - descriptors are obtained from calls like open, dup, creat, pipe or - fileno (in the file has been previously opened with fopen). - The mode parameter is as in gzopen. - The next call of gzclose on the returned gzFile will also close the - file descriptor fd, just like fclose(fdopen(fd), mode) closes the file - descriptor fd. If you want to keep fd open, use gzdopen(dup(fd), mode). - gzdopen returns NULL if there was insufficient memory to allocate - the (de)compression state. -*/ - -#ifdef MOZILLA_CLIENT -PR_PUBLIC_API(extern int) gzread (gzFile file, voidp buf, unsigned len); -#else -extern int EXPORT gzread OF((gzFile file, voidp buf, unsigned len)); -#endif -/* - Reads the given number of uncompressed bytes from the compressed file. - If the input file was not in gzip format, gzread copies the given number - of bytes into the buffer. - gzread returns the number of uncompressed bytes actually read (0 for - end of file, -1 for error). */ - -#ifdef MOZILLA_CLIENT -PR_PUBLIC_API(extern int) gzwrite (gzFile file, const voidp buf, unsigned len); -#else -extern int EXPORT gzwrite OF((gzFile file, const voidp buf, unsigned len)); -#endif -/* - Writes the given number of uncompressed bytes into the compressed file. - gzwrite returns the number of uncompressed bytes actually written - (0 in case of error). -*/ - -#ifdef MOZILLA_CLIENT -PR_PUBLIC_API(extern int) gzflush (gzFile file, int flush); -#else -extern int EXPORT gzflush OF((gzFile file, int flush)); -#endif -/* - Flushes all pending output into the compressed file. The parameter - flush is as in the deflate() function. The return value is the zlib - error number (see function gzerror below). gzflush returns Z_OK if - the flush parameter is Z_FINISH and all output could be flushed. - gzflush should be called only when strictly necessary because it can - degrade compression. -*/ - -#ifdef MOZILLA_CLIENT -PR_PUBLIC_API(extern int) gzclose (gzFile file); -#else -extern int EXPORT gzclose OF((gzFile file)); -#endif -/* - Flushes all pending output if necessary, closes the compressed file - and deallocates all the (de)compression state. The return value is the zlib - error number (see function gzerror below). -*/ - -#ifdef MOZILLA_CLIENT -PR_PUBLIC_API(extern const char *) gzerror (gzFile file, int *errnum); -#else -extern const char * EXPORT gzerror OF((gzFile file, int *errnum)); -#endif -/* - Returns the error message for the last error which occurred on the - given compressed file. errnum is set to zlib error number. If an - error occurred in the file system and not in the compression library, - errnum is set to Z_ERRNO and the application may consult errno - to get the exact error code. -*/ - - /* checksum functions */ - -/* - These functions are not related to compression but are exported - anyway because they might be useful in applications using the - compression library. -*/ - -#ifdef MOZILLA_CLIENT -PR_PUBLIC_API(extern uLong) adler32 (uLong adler, const Bytef *buf, uInt len); -#else -extern uLong EXPORT adler32 OF((uLong adler, const Bytef *buf, uInt len)); -#endif - -/* - Update a running Adler-32 checksum with the bytes buf[0..len-1] and - return the updated checksum. If buf is NULL, this function returns - the required initial value for the checksum. - An Adler-32 checksum is almost as reliable as a CRC32 but can be computed - much faster. Usage example: - - uLong adler = adler32(0L, Z_NULL, 0); - - while (read_buffer(buffer, length) != EOF) { - adler = adler32(adler, buffer, length); - } - if (adler != original_adler) error(); -*/ - -#ifdef MOZILLA_CLIENT -PR_PUBLIC_API(extern uLong) crc32 (uLong crc, const Bytef *buf, uInt len); -#else -extern uLong EXPORT crc32 OF((uLong crc, const Bytef *buf, uInt len)); -#endif -/* - Update a running crc with the bytes buf[0..len-1] and return the updated - crc. If buf is NULL, this function returns the required initial value - for the crc. Pre- and post-conditioning (one's complement) is performed - within this function so it shouldn't be done by the application. - Usage example: - - uLong crc = crc32(0L, Z_NULL, 0); - - while (read_buffer(buffer, length) != EOF) { - crc = crc32(crc, buffer, length); - } - if (crc != original_crc) error(); -*/ - - - /* various hacks, don't look :) */ - -/* deflateInit and inflateInit are macros to allow checking the zlib version - * and the compiler's view of z_stream: - */ -#ifdef MOZILLA_CLIENT -PR_PUBLIC_API(extern int) deflateInit_ (z_streamp strm, int level, const char *version, - int stream_size); -PR_PUBLIC_API(extern int) inflateInit_ (z_streamp strm, const char *version, - int stream_size); -PR_PUBLIC_API(extern int) deflateInit2_ (z_streamp strm, int level, int method, - int windowBits, int memLevel, int strategy, - const char *version, int stream_size); -PR_PUBLIC_API(extern int) inflateInit2_ (z_streamp strm, int windowBits, - const char *version, int stream_size); -#else -extern int EXPORT deflateInit_ OF((z_streamp strm, int level, const char *version, - int stream_size)); -extern int EXPORT inflateInit_ OF((z_streamp strm, const char *version, - int stream_size)); -extern int EXPORT deflateInit2_ OF((z_streamp strm, int level, int method, - int windowBits, int memLevel, int strategy, - const char *version, int stream_size)); -extern int EXPORT inflateInit2_ OF((z_streamp strm, int windowBits, - const char *version, int stream_size)); -#endif /* MOZILLA_CLIENT */ - - -#define deflateInit(strm, level) \ - deflateInit_((strm), (level), ZLIB_VERSION, sizeof(z_stream)) -#define inflateInit(strm) \ - inflateInit_((strm), ZLIB_VERSION, sizeof(z_stream)) -#define deflateInit2(strm, level, method, windowBits, memLevel, strategy) \ - deflateInit2_((strm),(level),(method),(windowBits),(memLevel),\ - (strategy), ZLIB_VERSION, sizeof(z_stream)) -#define inflateInit2(strm, windowBits) \ - inflateInit2_((strm), (windowBits), ZLIB_VERSION, sizeof(z_stream)) - -#if !defined(_Z_UTIL_H) && !defined(NO_DUMMY_DECL) - struct internal_state {int dummy;}; /* hack for buggy compilers */ -#endif - -uLongf *get_crc_table OF((void)); /* can be used by asm versions of crc32() */ - -#ifdef __cplusplus -} -#endif - -#endif /* _ZLIB_H */ diff --git a/security/nss/cmd/zlib/zutil.c b/security/nss/cmd/zlib/zutil.c deleted file mode 100644 index afca3ed0c..000000000 --- a/security/nss/cmd/zlib/zutil.c +++ /dev/null @@ -1,215 +0,0 @@ -/* zutil.c -- target dependent utility functions for the compression library - * Copyright (C) 1995-1996 Jean-loup Gailly. - * For conditions of distribution and use, see copyright notice in zlib.h - */ -/* This file was modified since it was taken from the zlib distribution */ -/* $Id$ */ - -#include <stdio.h> - -#include "zutil.h" - -#ifdef MOZILLA_CLIENT -#include "prtypes.h" -#include "prlog.h" -#endif - -struct internal_state {int dummy;}; /* for buggy compilers */ - -#ifndef STDC -extern void exit OF((int)); -#endif - -const char *z_errmsg[10] = { -"need dictionary", /* Z_NEED_DICT 2 */ -"stream end", /* Z_STREAM_END 1 */ -"", /* Z_OK 0 */ -"file error", /* Z_ERRNO (-1) */ -"stream error", /* Z_STREAM_ERROR (-2) */ -"data error", /* Z_DATA_ERROR (-3) */ -"insufficient memory", /* Z_MEM_ERROR (-4) */ -"buffer error", /* Z_BUF_ERROR (-5) */ -"incompatible version",/* Z_VERSION_ERROR (-6) */ -""}; - - -PR_PUBLIC_API(const char *) zlibVersion() -{ - return ZLIB_VERSION; -} - -#if defined(DEBUG) && defined(MOZILLA_CLIENT) -void z_error (m) - char *m; -{ - PR_ASSERT(0); -} -#endif - -#ifndef HAVE_MEMCPY - -void zmemcpy(dest, source, len) - Bytef* dest; - Bytef* source; - uInt len; -{ - if (len == 0) return; - do { - *dest++ = *source++; /* ??? to be unrolled */ - } while (--len != 0); -} - -int zmemcmp(s1, s2, len) - Bytef* s1; - Bytef* s2; - uInt len; -{ - uInt j; - - for (j = 0; j < len; j++) { - if (s1[j] != s2[j]) return 2*(s1[j] > s2[j])-1; - } - return 0; -} - -void zmemzero(dest, len) - Bytef* dest; - uInt len; -{ - if (len == 0) return; - do { - *dest++ = 0; /* ??? to be unrolled */ - } while (--len != 0); -} -#endif - -#ifdef __TURBOC__ -#if (defined( __BORLANDC__) || !defined(SMALL_MEDIUM)) && !defined(__32BIT__) -/* Small and medium model in Turbo C are for now limited to near allocation - * with reduced MAX_WBITS and MAX_MEM_LEVEL - */ -# define MY_ZCALLOC - -/* Turbo C malloc() does not allow dynamic allocation of 64K bytes - * and farmalloc(64K) returns a pointer with an offset of 8, so we - * must fix the pointer. Warning: the pointer must be put back to its - * original form in order to free it, use zcfree(). - */ - -#define MAX_PTR 10 -/* 10*64K = 640K */ - -local int next_ptr = 0; - -typedef struct ptr_table_s { - voidpf org_ptr; - voidpf new_ptr; -} ptr_table; - -local ptr_table table[MAX_PTR]; -/* This table is used to remember the original form of pointers - * to large buffers (64K). Such pointers are normalized with a zero offset. - * Since MSDOS is not a preemptive multitasking OS, this table is not - * protected from concurrent access. This hack doesn't work anyway on - * a protected system like OS/2. Use Microsoft C instead. - */ - -voidpf zcalloc (voidpf opaque, unsigned items, unsigned size) -{ - voidpf buf = opaque; /* just to make some compilers happy */ - ulg bsize = (ulg)items*size; - - /* If we allocate less than 65520 bytes, we assume that farmalloc - * will return a usable pointer which doesn't have to be normalized. - */ - if (bsize < 65520L) { - buf = farmalloc(bsize); - if (*(ush*)&buf != 0) return buf; - } else { - buf = farmalloc(bsize + 16L); - } - if (buf == NULL || next_ptr >= MAX_PTR) return NULL; - table[next_ptr].org_ptr = buf; - - /* Normalize the pointer to seg:0 */ - *((ush*)&buf+1) += ((ush)((uch*)buf-0) + 15) >> 4; - *(ush*)&buf = 0; - table[next_ptr++].new_ptr = buf; - return buf; -} - -void zcfree (voidpf opaque, voidpf ptr) -{ - int n; - if (*(ush*)&ptr != 0) { /* object < 64K */ - farfree(ptr); - return; - } - /* Find the original pointer */ - for (n = 0; n < next_ptr; n++) { - if (ptr != table[n].new_ptr) continue; - - farfree(table[n].org_ptr); - while (++n < next_ptr) { - table[n-1] = table[n]; - } - next_ptr--; - return; - } - ptr = opaque; /* just to make some compilers happy */ - Assert(0, "zcfree: ptr not found"); -} -#endif -#endif /* __TURBOC__ */ - - -#if defined(M_I86) && !defined(__32BIT__) -/* Microsoft C in 16-bit mode */ - -# define MY_ZCALLOC - -#if (!defined(_MSC_VER) || (_MSC_VER < 600)) -# define _halloc halloc -# define _hfree hfree -#endif - -voidpf zcalloc (voidpf opaque, unsigned items, unsigned size) -{ - if (opaque) opaque = 0; /* to make compiler happy */ - return _halloc((long)items, size); -} - -void zcfree (voidpf opaque, voidpf ptr) -{ - if (opaque) opaque = 0; /* to make compiler happy */ - _hfree(ptr); -} - -#endif /* MSC */ - - -#ifndef MY_ZCALLOC /* Any system without a special alloc function */ - -#ifndef STDC -extern voidp calloc OF((uInt items, uInt size)); -extern void free OF((voidpf ptr)); -#endif - -voidpf zcalloc (opaque, items, size) - voidpf opaque; - unsigned items; - unsigned size; -{ - if (opaque) items += size - size; /* make compiler happy */ - return (voidpf)calloc(items, size); -} - -void zcfree (opaque, ptr) - voidpf opaque; - voidpf ptr; -{ - free(ptr); - if (opaque) return; /* make compiler happy */ -} - -#endif /* MY_ZCALLOC */ diff --git a/security/nss/cmd/zlib/zutil.h b/security/nss/cmd/zlib/zutil.h deleted file mode 100644 index 6918260cf..000000000 --- a/security/nss/cmd/zlib/zutil.h +++ /dev/null @@ -1,211 +0,0 @@ -/* zutil.h -- internal interface and configuration of the compression library - * Copyright (C) 1995-1996 Jean-loup Gailly. - * For conditions of distribution and use, see copyright notice in zlib.h - */ -/* This file was modified since it was taken from the zlib distribution */ -/* WARNING: this file should *not* be used by applications. It is - part of the implementation of the compression library and is - subject to change. Applications should only use zlib.h. - */ - -/* $Id$ */ - -#ifndef _Z_UTIL_H -#define _Z_UTIL_H - -#include "zlib.h" - -#if defined(_WIN32_WCE) -#elif defined(MSDOS)||defined(VMS)||defined(CRAY)||defined(WIN32)||defined(RISCOS) -# include <stddef.h> -# include <errno.h> -#else - extern int errno; -#endif -#ifdef STDC -# include <string.h> -# include <stdlib.h> -#endif - -#ifndef local -# define local static -#endif -/* compile with -Dlocal if your debugger can't find static symbols */ - -typedef unsigned char uch; -typedef uch FAR uchf; -typedef unsigned short ush; -typedef ush FAR ushf; -typedef unsigned long ulg; - -extern const char *z_errmsg[10]; /* indexed by 2-zlib_error */ -/* (size given to avoid silly warnings with Visual C++) */ - -#define ERR_MSG(err) z_errmsg[Z_NEED_DICT-(err)] - -#define ERR_RETURN(strm,err) \ - return (strm->msg = (char*)ERR_MSG(err), (err)) -/* To be used only when the state is known to be valid */ - - /* common constants */ - -#ifndef DEF_WBITS -# define DEF_WBITS MAX_WBITS -#endif -/* default windowBits for decompression. MAX_WBITS is for compression only */ - -#if MAX_MEM_LEVEL >= 8 -# define DEF_MEM_LEVEL 8 -#else -# define DEF_MEM_LEVEL MAX_MEM_LEVEL -#endif -/* default memLevel */ - -#define STORED_BLOCK 0 -#define STATIC_TREES 1 -#define DYN_TREES 2 -/* The three kinds of block type */ - -#define MIN_MATCH 3 -#define MAX_MATCH 258 -/* The minimum and maximum match lengths */ - -#define PRESET_DICT 0x20 /* preset dictionary flag in zlib header */ - - /* target dependencies */ - -#ifdef MSDOS -# define OS_CODE 0x00 -# ifdef __TURBOC__ -# include <alloc.h> -# else /* MSC or DJGPP */ -# include <malloc.h> -# endif -#endif - -#ifdef OS2 -# define OS_CODE 0x06 -#endif - -#ifdef WIN32 /* Window 95 & Windows NT */ -# define OS_CODE 0x0b -#endif - -#if defined(VAXC) || defined(VMS) -# define OS_CODE 0x02 -# define FOPEN(name, mode) \ - fopen((name), (mode), "mbc=60", "ctx=stm", "rfm=fix", "mrs=512") -#endif - -#ifdef AMIGA -# define OS_CODE 0x01 -#endif - -#if defined(ATARI) || defined(atarist) -# define OS_CODE 0x05 -#endif - -#ifdef MACOS -# define OS_CODE 0x07 -#endif - -#ifdef __50SERIES /* Prime/PRIMOS */ -# define OS_CODE 0x0F -#endif - -#ifdef TOPS20 -# define OS_CODE 0x0a -#endif - -#if defined(_BEOS_) || defined(RISCOS) -# define fdopen(fd,mode) NULL /* No fdopen() */ -#endif - - /* Common defaults */ - -#ifndef OS_CODE -# define OS_CODE 0x03 /* assume Unix */ -#endif - -#ifndef FOPEN -# define FOPEN(name, mode) fopen((name), (mode)) -#endif - - /* functions */ - -#ifdef HAVE_STRERROR -#ifndef MOZILLA_CLIENT - extern char *strerror OF((int)); -#endif -# define zstrerror(errnum) strerror(errnum) -#else -# define zstrerror(errnum) "" -#endif - -#if defined(pyr) -# define NO_MEMCPY -#endif -#if (defined(M_I86SM) || defined(M_I86MM)) && !defined(_MSC_VER) - /* Use our own functions for small and medium model with MSC <= 5.0. - * You may have to use the same strategy for Borland C (untested). - */ -# define NO_MEMCPY -#endif -#if defined(STDC) && !defined(HAVE_MEMCPY) && !defined(NO_MEMCPY) -# define HAVE_MEMCPY -#endif -#ifdef HAVE_MEMCPY -# ifdef SMALL_MEDIUM /* MSDOS small or medium model */ -# define zmemcpy _fmemcpy -# define zmemcmp _fmemcmp -# define zmemzero(dest, len) _fmemset(dest, 0, len) -# else -# define zmemcpy memcpy -# define zmemcmp memcmp -# define zmemzero(dest, len) memset(dest, 0, len) -# endif -#else - extern void zmemcpy OF((Bytef* dest, Bytef* source, uInt len)); - extern int zmemcmp OF((Bytef* s1, Bytef* s2, uInt len)); - extern void zmemzero OF((Bytef* dest, uInt len)); -#endif - -/* Diagnostic functions */ -#ifdef DEBUG_ZLIB -# include <stdio.h> -# ifndef verbose -# define verbose 0 -# endif - extern void z_error OF((char *m)); -# define Assert(cond,msg) {if(!(cond)) z_error(msg);} -# define Trace(x) fprintf x -# define Tracev(x) {if (verbose) fprintf x ;} -# define Tracevv(x) {if (verbose>1) fprintf x ;} -# define Tracec(c,x) {if (verbose && (c)) fprintf x ;} -# define Tracecv(c,x) {if (verbose>1 && (c)) fprintf x ;} -#else -# include <stdio.h> -# ifndef verbose -# define verbose 0 -# endif - extern void z_error OF((char *m)); -# define Assert(cond,msg) -# define Trace(x) -# define Tracev(x) -# define Tracevv(x) -# define Tracec(c,x) -# define Tracecv(c,x) -#endif - - -typedef uLong (*check_func) OF((uLong check, const Bytef *buf, uInt len)); - -voidpf zcalloc OF((voidpf opaque, unsigned items, unsigned size)); -void zcfree OF((voidpf opaque, voidpf ptr)); - -#define ZALLOC(strm, items, size) \ - (*((strm)->zalloc))((strm)->opaque, (items), (size)) -#define ZFREE(strm, addr) (*((strm)->zfree))((strm)->opaque, (voidpf)(addr)) -#define TRY_FREE(s, p) {if (p) ZFREE(s, p);} - -#endif /* _Z_UTIL_H */ |