diff options
108 files changed, 10341 insertions, 9955 deletions
diff --git a/security/coreconf/.cshrc b/security/coreconf/.cshrc deleted file mode 100644 index 659e4f7aa..000000000 --- a/security/coreconf/.cshrc +++ /dev/null @@ -1,273 +0,0 @@ -#!/bin/csh -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# -# Startup file for csh and tcsh. It is meant to work on: -# -# SunOS 4.1.3_U1, -# Sun Solaris, -# Sun Solaris on Intel, -# SGI IRIX, -# SGI IRIX64, -# UNIX_SV, -# IBM AIX, -# Hewlett-Packard HP-UX, -# SCO_SV, -# FreeBSD, -# DEC OSF/1, -# Linux, -# and everything else. -# - -############################################### -# Set operating system name and release level # -############################################### - -set os_name=`uname -s` -set os_release=`uname -r` - -########################################################## -# Set environment variables based upon operating system # -########################################################## - -if ($os_name == "SunOS" && $os_release == "4.1.3_U1") then - ############################## - # SunOS 4.1.3_U1 - # - - setenv NO_MDUPDATE 1 - - set path = ( /tools/ns/soft/gcc-2.6.3/run/default/sparc_sun_sunos4.1.3_U1/bin \ - /tools/ns/bin \ - /sbin \ - /usr/bin \ - /usr/openwin/bin \ - /usr/openwin/include \ - /usr/ucb \ - /usr/local/bin \ - /etc \ - /usr/etc \ - /usr/etc/install \ - . ) - -else if ($os_name == "SunOS") then - ################################ - # Assume it is Sun Solaris - # - - # To build Navigator on Solaris 2.5, I must set the environment - # variable NO_MDUPDATE and use gcc-2.6.3. - setenv NO_MDUPDATE 1 - - set path = ( /share/builds/components/jdk/1.2.2_01/SunOS \ - /usr/ccs/bin \ - /usr/opt/bin \ - /tools/ns/bin \ - /usr/sbin \ - /sbin \ - /usr/bin \ - /usr/dt/bin \ - /usr/openwin/bin \ - /usr/openwin/include \ - /usr/ucb \ - /usr/opt/java/bin \ - /usr/local/bin \ - /etc \ - /usr/etc \ - /usr/etc/install \ - /opt/Acrobat3/bin \ - . ) - - # To get the native Solaris cc - if (`uname -m` == i86pc) then - set path = ( /h/solx86/export/home/opt/SUNWspro/SC3.0.1/bin \ - $path ) - else - set path = ( /tools/ns/workshop/bin \ - /tools/ns/soft/gcc-2.6.3/run/default/sparc_sun_solaris2.4/bin \ - $path ) - endif - - setenv LD_LIBRARY_PATH /share/builds/components/jdk/1.2.2_01/SunOS/lib/sparc/native_threads - - setenv MANPATH /usr/local/man:/usr/local/lib/mh/man:/usr/local/lib/rcscvs/man:/usr/local/lib/fvwm/man:/usr/local/lib/xscreensaver/man:/usr/share/man:/usr/openwin/man:/usr/opt/man - - # For Purify - setenv PURIFYHOME /usr/local-sparc-solaris/pure/purify-4.0-solaris2 - setenv PATH ${PURIFYHOME}:$PATH - setenv MANPATH $PURIFYHOME/man:$MANPATH - setenv LD_LIBRARY_PATH ${LD_LIBRARY_PATH}:$PURIFYHOME - setenv PURIFYOPTIONS "-max_threads=1000 -follow-child-processes=yes" - -else if ($os_name == "IRIX" || $os_name == "IRIX64") then - ############# - # SGI Irix - # - - set path = ( /share/builds/components/jdk/1.2.1/IRIX \ - /tools/ns/bin \ - /tools/contrib/bin \ - /usr/local/bin \ - /usr/sbin \ - /usr/bsd \ - /usr/bin \ - /bin \ - /etc \ - /usr/etc \ - /usr/bin/X11 \ - . ) - -else if ($os_name == "UNIX_SV") then - ################# - # UNIX_SV - # - - set path = ( /usr/local/bin \ - /tools/ns/bin \ - /bin \ - /usr/bin \ - /usr/bin/X11 \ - /X11/bin \ - /usr/X/bin \ - /usr/ucb \ - /usr/sbin \ - /sbin \ - /usr/ccs/bin \ - . ) - -else if ($os_name == "AIX") then - ################# - # IBM AIX - # - - set path = ( /share/builds/components/jdk/1.2.2/AIX \ - /usr/ucb/ \ - /tools/ns-arch/rs6000_ibm_aix4.1/bin \ - /tools/ns-arch/rs6000_ibm_aix3.2.5/bin \ - /share/tools/ns/soft/cvs-1.8/run/default/rs6000_ibm_aix3.2.5/bin \ - /bin \ - /usr/bin \ - /usr/ccs/bin \ - /usr/sbin \ - /usr/local/bin \ - /usr/bin/X11 \ - /usr/etc \ - /etc \ - /sbin \ - . ) - -else if ($os_name == "HP-UX") then - ################# - # HP UX - # - - set path = ( /share/builds/components/jdk/1.1.6/HP-UX \ - /usr/bin \ - /opt/ansic/bin \ - /usr/ccs/bin \ - /usr/contrib/bin \ - /opt/nettladm/bin \ - /opt/graphics/common/bin \ - /usr/bin/X11 \ - /usr/contrib/bin/X11 \ - /opt/upgrade/bin \ - /opt/CC/bin \ - /opt/aCC/bin \ - /opt/langtools/bin \ - /opt/imake/bin \ - /etc \ - /usr/etc \ - /usr/local/bin \ - /tools/ns/bin \ - /tools/contrib/bin \ - /usr/sbin \ - /usr/local/bin \ - /tools/ns/bin \ - /tools/contrib/bin \ - /usr/sbin \ - /usr/include/X11R5 \ - . ) - -else if ($os_name == "SCO_SV") then - ################# - # SCO - # - - set path = ( /bin \ - /usr/bin \ - /tools/ns/bin \ - /tools/contrib/bin \ - /usr/sco/bin \ - /usr/bin/X11 \ - /usr/local/bin \ - . ) - -else if ($os_name == "FreeBSD") then - ################# - # FreeBSD - # - - setenv PATH /usr/bin:/bin:/usr/sbin:/sbin:/usr/X11R6/bin:/usr/local/java/bin:/usr/local/bin:/usr/ucb:/usr/ccs/bin:/tools/contrib/bin:/tools/ns/bin:. - -else if ($os_name == "OSF1") then - ################# - # DEC OSF1 - # - - set path = ( /share/builds/components/jdk/1.2.2_3/OSF1 \ - /tools/ns-arch/alpha_dec_osf4.0/bin \ - /tools/ns-arch/soft/cvs-1.8.3/run/default/alpha_dec_osf2.0/bin \ - /usr/local-alpha-osf/bin \ - /usr3/local/bin \ - /usr/local/bin \ - /usr/sbin \ - /usr/bin \ - /bin \ - /usr/bin/X11 \ - /usr/ucb \ - . ) - -else if ($os_name == "Linux") then - ################# - # Linux - # - - set path = ( /share/builds/components/jdk/1.2.2/Linux \ - $path ) - -endif - -############################### -# Reset any "tracked" aliases # -############################### - -rehash diff --git a/security/coreconf/.profile b/security/coreconf/.profile deleted file mode 100644 index 5474405e2..000000000 --- a/security/coreconf/.profile +++ /dev/null @@ -1,216 +0,0 @@ -#!/bin/sh -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# -# Startup file for sh, ksh and bash. It is meant to work on: -# -# SunOS 4.1.3_U1, -# Sun Solaris, -# Sun Solaris on Intel, -# SGI IRIX, -# SGI IRIX64, -# UNIX_SV, -# IBM AIX, -# Hewlett-Packard HP-UX, -# SCO_SV, -# FreeBSD, -# DEC OSF/1, -# Linux, -# and everything else. -# - -############################################### -# Set operating system name and release level # -############################################### - -OS_NAME=`uname -s` -export OS_NAME - -OS_RELEASE=`uname -r` -export OS_RELEASE - -########################################################## -# Set environment variables based upon operating system # -########################################################## - -case $OS_NAME in - - SunOS) - ############################## - # Sun - # - - case $OS_RELEASE in - - 4.1.3_U1) - ############################## - # SunOS 4.1.3_U1 - # - - NO_MDUPDATE=1 - export NO_MDUPDATE - - PATH=/tools/ns/soft/gcc-2.6.3/run/default/sparc_sun_sunos4.1.3_U1/bin:tools/ns/bin:/sbin:/usr/bin:/usr/openwin/bin:/usr/openwin/include:/usr/ucb:/usr/local/bin:/etc:/usr/etc:/usr/etc/install:. - export PATH - ;; - - *) - ################################ - # Assume it is Sun Solaris - # - - # To build Navigator on Solaris 2.5, I must set the environment - # variable NO_MDUPDATE and use gcc-2.6.3. - NO_MDUPDATE=1 - export NO_MDUPDATE - - PATH=/share/builds/components/jdk/1.2.2_01/SunOS:/usr/ccs/bin:/usr/opt/bin:/tools/ns/bin:/usr/sbin:/sbin:/usr/bin:/usr/dt/bin:/usr/openwin/bin:/usr/openwin/include:/usr/ucb:/usr/opt/java/bin:/usr/local/bin:/etc:/usr/etc:/usr/etc/install:/opt/Acrobat3/bin:. - export PATH - - # To get the native Solaris cc - OS_TEST=`uname -m` - export OS_TEST - - case $OS_TEST in - - i86pc) - PATH=/h/solx86/export/home/opt/SUNWspro/SC3.0.1/bin:$PATH - export PATH - ;; - - *) - PATH=/tools/ns/workshop/bin:/tools/ns/soft/gcc-2.6.3/run/default/sparc_sun_solaris2.4/bin:$PATH - export PATH - ;; - esac - - LD_LIBRARY_PATH=/share/builds/components/jdk/1.2.2_01/SunOS/lib/sparc/native_threads - export LD_LIBRARY_PATH - - MANPATH=/usr/local/man:/usr/local/lib/mh/man:/usr/local/lib/rcscvs/man:/usr/local/lib/fvwm/man:/usr/local/lib/xscreensaver/man:/usr/share/man:/usr/openwin/man:/usr/opt/man - export MANPATH - - # For Purify - PURIFYHOME=/usr/local-sparc-solaris/pure/purify-4.0-solaris2 - export PURIFYHOME - PATH=/usr/local-sparc-solaris/pure/purify-4.0-solaris2:$PATH - export PATH - MANPATH=$PURIFYHOME/man:$MANPATH - export MANPATH - LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/local-sparc-solaris/pure/purify-4.0-solaris2 - export LD_LIBRARY_PATH - PURIFYOPTIONS="-max_threads=1000 -follow-child-processes=yes" - export PURIFYOPTIONS - ;; - esac - ;; - - IRIX | IRIX64) - ############# - # SGI Irix - # - - PATH=/share/builds/components/jdk/1.2.1/IRIX:/tools/ns/bin:/tools/contrib/bin:/usr/local/bin:/usr/sbin:/usr/bsd:/usr/bin:/bin:/etc:/usr/etc:/usr/bin/X11:. - export PATH - ;; - - UNIX_SV) - ################# - # UNIX_SV - # - - PATH=/usr/local/bin:/tools/ns/bin:/bin:/usr/bin:/usr/bin/X11:/X11/bin:/usr/X/bin:/usr/ucb:/usr/sbin:/sbin:/usr/ccs/bin:. - export PATH - ;; - - AIX) - ################# - # IBM AIX - # - - PATH=/share/builds/components/jdk/1.2.2/AIX:/usr/ucb/:/tools/ns-arch/rs6000_ibm_aix4.1/bin:/tools/ns-arch/rs6000_ibm_aix3.2.5/bin:/share/tools/ns/soft/cvs-1.8/run/default/rs6000_ibm_aix3.2.5/bin:/bin:/usr/bin:/usr/ccs/bin:/usr/sbin:/usr/local/bin:/usr/bin/X11:/usr/etc:/etc:/sbin:. - export PATH - ;; - - HP-UX) - ################# - # HP UX - # - - PATH=/share/builds/components/jdk/1.1.6/HP-UX:/usr/bin:/opt/ansic/bin:/usr/ccs/bin:/usr/contrib/bin:/opt/nettladm/bin:/opt/graphics/common/bin:/usr/bin/X11:/usr/contrib/bin/X11:/opt/upgrade/bin:/opt/CC/bin:/opt/aCC/bin:/opt/langtools/bin:/opt/imake/bin:/etc:/usr/etc:/usr/local/bin:/tools/ns/bin:/tools/contrib/bin:/usr/sbin:/usr/local/bin:/tools/ns/bin:/tools/contrib/bin:/usr/sbin:/usr/include/X11R5:. - export PATH - ;; - - SCO_SV) - ################# - # SCO - # - - PATH=/bin:/usr/bin:/tools/ns/bin:/tools/contrib/bin:/usr/sco/bin:/usr/bin/X11:/usr/local/bin:. - export PATH - ;; - - FreeBSD) - - ################# - # FreeBSD - # - - PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/X11R6/bin:/usr/local/java/bin:/usr/local/bin:/usr/ucb:/usr/ccs/bin:/tools/contrib/bin:/tools/ns/bin:. - export PATH - ;; - - OSF1) - ################# - # DEC OSF1 - # - - PATH=/share/builds/components/jdk/1.2.2_3/OSF1:/tools/ns-arch/alpha_dec_osf4.0/bin:/tools/ns-arch/soft/cvs-1.8.3/run/default/alpha_dec_osf2.0/bin:/usr/local-alpha-osf/bin:/usr3/local/bin:/usr/local/bin:/usr/sbin:/usr/bin:/bin:/usr/bin/X11:/usr/ucb:. - export PATH - ;; - - Linux) - - ################# - # Linux - # - - PATH=/share/builds/components/jdk/1.2.2/Linux:$PATH - export PATH - ;; -esac - -############################### -# Reset any "tracked" aliases # -############################### - -hash -r diff --git a/security/coreconf/AIX.mk b/security/coreconf/AIX.mk deleted file mode 100644 index 1f62cb0a3..000000000 --- a/security/coreconf/AIX.mk +++ /dev/null @@ -1,74 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# -# Config stuff for AIX. -# -include $(CORE_DEPTH)/coreconf/UNIX.mk - -# -# There are two implementation strategies available on AIX: -# pthreads, and pthreads-user. The default is pthreads. -# In both strategies, we need to use pthread_user.c, instead of -# aix.c. The fact that aix.c is never used is somewhat strange. -# -# So we need to do the following: -# - Default (PTHREADS_USER not defined in the environment or on -# the command line): -# Set PTHREADS_USER=1, USE_PTHREADS=1 -# - PTHREADS_USER=1 set in the environment or on the command line: -# Do nothing. -# -ifeq ($(PTHREADS_USER),1) - USE_PTHREADS = # just to be safe - IMPL_STRATEGY = _PTH_USER -else - USE_PTHREADS = 1 - PTHREADS_USER = 1 -endif - -DEFAULT_COMPILER = xlC_r - -CC = xlC_r -CCC = xlC_r - -CPU_ARCH = rs6000 - -RANLIB = ranlib - -OS_CFLAGS = -DAIX -DSYSV -ifeq ($(CC),xlC_r) - OS_CFLAGS += -qarch=com -endif - -AIX_WRAP = $(DIST)/lib/aixwrap.o -AIX_TMP = $(OBJDIR)/_aix_tmp.o -OS_LIBS += -lsvld diff --git a/security/coreconf/AIX3.2.mk b/security/coreconf/AIX3.2.mk deleted file mode 100644 index c93a00eef..000000000 --- a/security/coreconf/AIX3.2.mk +++ /dev/null @@ -1,35 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# -# Config stuff for AIX3.2.5 -# -include $(CORE_DEPTH)/coreconf/AIX.mk diff --git a/security/coreconf/AIX4.1.mk b/security/coreconf/AIX4.1.mk deleted file mode 100644 index ba93b4ce2..000000000 --- a/security/coreconf/AIX4.1.mk +++ /dev/null @@ -1,46 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# -# Config stuff for AIX4.1 -# - -include $(CORE_DEPTH)/coreconf/AIX.mk - - -AIX_LINK_OPTS += -bnso -berok -#AIX_LINK_OPTS += -bnso -berok -brename:.select,.wrap_select -brename:.poll,.wrap_poll -bI:/usr/lib/syscalls.exp - -# The AIX4.1 linker had a bug which always looked for a dynamic library -# with an extension of .a. AIX4.2 fixed this problem -DLL_SUFFIX = a - -OS_LIBS += -lsvld diff --git a/security/coreconf/AIX4.2.mk b/security/coreconf/AIX4.2.mk deleted file mode 100644 index 8be6ee6ce..000000000 --- a/security/coreconf/AIX4.2.mk +++ /dev/null @@ -1,44 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. - -# -# Config stuff for AIX4.2 -# - -include $(CORE_DEPTH)/coreconf/AIX.mk - -OS_CFLAGS += -DAIX4_2 -DSO_LDOPTS = -brtl -bM:SRE -bnoentry -bexpall -MKSHLIB = $(LD) $(DSO_LDOPTS) -lsvld -L/usr/lpp/xlC/lib -lc -lm - -OS_LIBS += -L/usr/lpp/xlC/lib -lc -lm - diff --git a/security/coreconf/AIX4.3.mk b/security/coreconf/AIX4.3.mk deleted file mode 100644 index 11ad35267..000000000 --- a/security/coreconf/AIX4.3.mk +++ /dev/null @@ -1,51 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# -# Config stuff for AIX4.3 -# - -include $(CORE_DEPTH)/coreconf/AIX.mk - - -ifeq ($(USE_64), 1) -# Next line replaced by generic name handling in arch.mk -# COMPILER_TAG = _64 - OS_CFLAGS += -O2 -DAIX_64BIT - OBJECT_MODE=64 - export OBJECT_MODE -endif -OS_CFLAGS += -DAIX4_3 -DSO_LDOPTS = -brtl -bM:SRE -bnoentry -bexpall -MKSHLIB = $(LD) $(DSO_LDOPTS) -lsvld -L/usr/lpp/xlC/lib -lc -lm - -OS_LIBS += -L/usr/lpp/xlC/lib -lc -lm - diff --git a/security/coreconf/FreeBSD2.mk b/security/coreconf/FreeBSD2.mk deleted file mode 100644 index 974ebe4fd..000000000 --- a/security/coreconf/FreeBSD2.mk +++ /dev/null @@ -1,65 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# -# Config stuff for FreeBSD2 -# - -include $(CORE_DEPTH)/coreconf/UNIX.mk - -DEFAULT_COMPILER = gcc -CC = gcc -CCC = g++ -RANLIB = ranlib - -OS_REL_CFLAGS = -mno-486 -Di386 -CPU_ARCH = x86 - -OS_CFLAGS = $(DSO_CFLAGS) $(OS_REL_CFLAGS) -ansi -Wall -pipe -DFREEBSD -DHAVE_STRERROR -DHAVE_BSD_FLOCK - -ifdef USE_PTHREADS - OS_LIBS = -lc_r - DEFINES += -D_PR_NEED_FAKE_POLL -else - OS_LIBS = -lc -endif - -ARCH = freebsd - -DSO_CFLAGS = -fPIC -DSO_LDOPTS = -Bshareable -DSO_LDFLAGS = - -MKSHLIB = $(LD) $(DSO_LDOPTS) - -G++INCLUDES = -I/usr/include/g++ - -INCLUDES += -I/usr/X11R6/include diff --git a/security/coreconf/HP-UX.mk b/security/coreconf/HP-UX.mk deleted file mode 100644 index 0c3d4440f..000000000 --- a/security/coreconf/HP-UX.mk +++ /dev/null @@ -1,70 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. - -# -# Config stuff for HP-UX -# - -include $(CORE_DEPTH)/coreconf/UNIX.mk - -DEFAULT_COMPILER = cc - -CPU_ARCH = hppa -DLL_SUFFIX = sl -CCC = CC -OS_CFLAGS += -Ae $(DSO_CFLAGS) -DHPUX -D$(CPU_ARCH) -D_HPUX_SOURCE - -ifeq ($(DEFAULT_IMPL_STRATEGY),_PTH) - USE_PTHREADS = 1 - ifeq ($(CLASSIC_NSPR),1) - USE_PTHREADS = - IMPL_STRATEGY = _CLASSIC - endif - ifeq ($(PTHREADS_USER),1) - USE_PTHREADS = - IMPL_STRATEGY = _PTH_USER - endif -endif - -ifdef PTHREADS_USER - OS_CFLAGS += -D_POSIX_C_SOURCE=199506L -endif - -MKSHLIB = $(LD) $(DSO_LDOPTS) - -DSO_LDOPTS = -b -DSO_LDFLAGS = - -# +Z generates position independent code for use in shared libraries. -DSO_CFLAGS = +Z - -HAVE_PURIFY = 1 diff --git a/security/coreconf/HP-UXA.09.03.mk b/security/coreconf/HP-UXA.09.03.mk deleted file mode 100644 index 7ac02ae2a..000000000 --- a/security/coreconf/HP-UXA.09.03.mk +++ /dev/null @@ -1,44 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. - -# -# On HP-UX 9, the default (and only) implementation strategy is -# classic nspr. -# -ifeq ($(OS_RELEASE),A.09.03) - DEFAULT_IMPL_STRATEGY = _CLASSIC -endif - -# -# Config stuff for HP-UXA.09.03 -# -include $(CORE_DEPTH)/coreconf/HP-UXA.09.mk diff --git a/security/coreconf/HP-UXA.09.07.mk b/security/coreconf/HP-UXA.09.07.mk deleted file mode 100644 index 9fcf4c826..000000000 --- a/security/coreconf/HP-UXA.09.07.mk +++ /dev/null @@ -1,43 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# -# On HP-UX 9, the default (and only) implementation strategy is -# classic nspr. -# -ifeq ($(OS_RELEASE),A.09.07) - DEFAULT_IMPL_STRATEGY = _CLASSIC -endif - -# -# Config stuff for HP-UXA.09.07 -# -include $(CORE_DEPTH)/coreconf/HP-UXA.09.mk diff --git a/security/coreconf/HP-UXA.09.mk b/security/coreconf/HP-UXA.09.mk deleted file mode 100644 index 813a16f40..000000000 --- a/security/coreconf/HP-UXA.09.mk +++ /dev/null @@ -1,38 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. - -# -# Config stuff for HP-UXA.09 -# -include $(CORE_DEPTH)/coreconf/HP-UX.mk - -OS_CFLAGS += -DHPUX9 diff --git a/security/coreconf/HP-UXB.10.01.mk b/security/coreconf/HP-UXB.10.01.mk deleted file mode 100644 index 718ee1184..000000000 --- a/security/coreconf/HP-UXB.10.01.mk +++ /dev/null @@ -1,40 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# -ifeq ($(OS_RELEASE),B.10.01) - DEFAULT_IMPL_STRATEGY = _CLASSIC -endif - -# -# Config stuff for HP-UXB.10.01 -# -include $(CORE_DEPTH)/coreconf/HP-UXB.10.mk diff --git a/security/coreconf/HP-UXB.10.10.mk b/security/coreconf/HP-UXB.10.10.mk deleted file mode 100644 index bb6f8cfb5..000000000 --- a/security/coreconf/HP-UXB.10.10.mk +++ /dev/null @@ -1,50 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# -# On HP-UX 10.10 and 10.20, the default implementation strategy is -# pthreads (actually DCE threads). Classic nspr is also available. -# - -ifeq ($(OS_RELEASE),B.10.10) - DEFAULT_IMPL_STRATEGY = _PTH -endif - -# -# Config stuff for HP-UXB.10.10 -# -include $(CORE_DEPTH)/coreconf/HP-UXB.10.mk - -OS_CFLAGS += -DHPUX10_10 - -ifeq ($(USE_PTHREADS),1) - OS_CFLAGS += -D_REENTRANT -D_PR_DCETHREADS -endif diff --git a/security/coreconf/HP-UXB.10.20.mk b/security/coreconf/HP-UXB.10.20.mk deleted file mode 100644 index eeae7cd3a..000000000 --- a/security/coreconf/HP-UXB.10.20.mk +++ /dev/null @@ -1,50 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# -# On HP-UX 10.10 and 10.20, the default implementation strategy is -# pthreads (actually DCE threads). Classic nspr is also available. -# - -ifeq ($(OS_RELEASE),B.10.20) - DEFAULT_IMPL_STRATEGY = _PTH -endif - -# -# Config stuff for HP-UXB.10.20 -# -include $(CORE_DEPTH)/coreconf/HP-UXB.10.mk - -OS_CFLAGS += -DHPUX10_20 - -ifeq ($(USE_PTHREADS),1) - OS_CFLAGS += -D_REENTRANT -D_PR_DCETHREADS -endif diff --git a/security/coreconf/HP-UXB.10.30.mk b/security/coreconf/HP-UXB.10.30.mk deleted file mode 100644 index ef52d1122..000000000 --- a/security/coreconf/HP-UXB.10.30.mk +++ /dev/null @@ -1,56 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# -# On HP-UX 10.30 and 11.00, the default implementation strategy is -# pthreads. Classic nspr and pthreads-user are also available. -# - -ifeq ($(OS_RELEASE),B.10.30) - DEFAULT_IMPL_STRATEGY = _PTH -endif - -# -# Config stuff for HP-UXB.10.30. -# -include $(CORE_DEPTH)/coreconf/HP-UXB.10.mk - -OS_CFLAGS += -DHPUX10_30 - -# -# To use the true pthread (kernel thread) library on 10.30 and -# 11.00, we should define _POSIX_C_SOURCE to be 199506L. -# The _REENTRANT macro is deprecated. -# - -ifdef USE_PTHREADS - OS_CFLAGS += -D_POSIX_C_SOURCE=199506L -endif diff --git a/security/coreconf/HP-UXB.10.mk b/security/coreconf/HP-UXB.10.mk deleted file mode 100644 index 77ca9bce7..000000000 --- a/security/coreconf/HP-UXB.10.mk +++ /dev/null @@ -1,38 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# -# Config stuff for HP-UXB.10 -# -include $(CORE_DEPTH)/coreconf/HP-UX.mk - -OS_CFLAGS += -DHPUX10 -OS_LIBS += -lpthread -lm diff --git a/security/coreconf/HP-UXB.11.00.mk b/security/coreconf/HP-UXB.11.00.mk deleted file mode 100644 index 0732202ae..000000000 --- a/security/coreconf/HP-UXB.11.00.mk +++ /dev/null @@ -1,55 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# -# On HP-UX 10.30 and 11.00, the default implementation strategy is -# pthreads. Classic nspr and pthreads-user are also available. -# - -ifeq ($(OS_RELEASE),B.11.00) -OS_CFLAGS += -DHPUX10 -DEFAULT_IMPL_STRATEGY = _PTH -endif - -# -# To use the true pthread (kernel thread) library on 10.30 and -# 11.00, we should define _POSIX_C_SOURCE to be 199506L. -# The _REENTRANT macro is deprecated. -# - -ifdef USE_PTHREADS - OS_CFLAGS += -D_POSIX_C_SOURCE=199506L -endif - -# -# Config stuff for HP-UXB.11.00. -# -include $(CORE_DEPTH)/coreconf/HP-UXB.11.mk diff --git a/security/coreconf/HP-UXB.11.mk b/security/coreconf/HP-UXB.11.mk deleted file mode 100644 index 7b5a631f4..000000000 --- a/security/coreconf/HP-UXB.11.mk +++ /dev/null @@ -1,56 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# -# Config stuff for HP-UXB.11 -# -include $(CORE_DEPTH)/coreconf/HP-UX.mk - -ifndef NS_USE_GCC - CCC = /opt/aCC/bin/aCC -ext - ifeq ($(USE_64), 1) - OS_CFLAGS += -Aa +e +DA2.0W +DS2.0 +DChpux -# Next line replaced by generic name handling in arch.mk -# COMPILER_TAG = _64 - else - ifdef USE_LONG_LONGS - OS_CFLAGS += -Aa +e +DA2.0 +DS2.0 - else - OS_CFLAGS += +DAportable +DS1.1 - endif - endif -else - CCC = aCC -endif - -OS_CFLAGS += -DHPUX11 -OS_LIBS += -lpthread -lm -lrt -HPUX11 = 1 diff --git a/security/coreconf/IRIX.mk b/security/coreconf/IRIX.mk deleted file mode 100644 index fe0f906b5..000000000 --- a/security/coreconf/IRIX.mk +++ /dev/null @@ -1,122 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# -# Config stuff for IRIX -# - -include $(CORE_DEPTH)/coreconf/UNIX.mk - -# -# The default implementation strategy for Irix is classic nspr. -# -ifeq ($(USE_PTHREADS),1) - ifeq ($(USE_N32),1) - IMPL_STRATEGY = _n32_PTH - else - IMPL_STRATEGY = _PTH - endif -endif - -DEFAULT_COMPILER = cc - -ifdef NS_USE_GCC - CC = gcc - AS = $(CC) -x assembler-with-cpp - ODD_CFLAGS = -Wall -Wno-format - ifdef BUILD_OPT - OPTIMIZER = -O6 - endif -else - CC = cc - CCC = CC - ODD_CFLAGS = -fullwarn -xansi - ifdef BUILD_OPT - ifeq ($(USE_N32),1) - OPTIMIZER = -O -OPT:Olimit=4000 - else - OPTIMIZER = -O -Olimit 4000 - endif - endif - - # For 6.x machines, include this flag - ifeq (6., $(findstring 6., $(OS_RELEASE))) - ifeq ($(USE_N32),1) - ODD_CFLAGS += -n32 -mips3 -exceptions - else - ODD_CFLAGS += -32 -multigot - endif - else - ODD_CFLAGS += -xgot - endif - ifeq ($(USE_N32),1) - OS_CFLAGS += -dollar - endif -endif - -ODD_CFLAGS += -DSVR4 -DIRIX - -CPU_ARCH = mips - -RANLIB = /bin/true -# For purify -# NOTE: should always define _SGI_MP_SOURCE -NOMD_OS_CFLAGS += $(ODD_CFLAGS) -D_SGI_MP_SOURCE - -ifndef NO_MDUPDATE - OS_CFLAGS += $(NOMD_OS_CFLAGS) -MDupdate $(DEPENDENCIES) -else - OS_CFLAGS += $(NOMD_OS_CFLAGS) -endif - -ifeq ($(USE_N32),1) - SHLIB_LD_OPTS += -n32 -mips3 -endif - -MKSHLIB += $(LD) $(SHLIB_LD_OPTS) -shared -soname $(@:$(OBJDIR)/%.so=%.so) - -HAVE_PURIFY = 1 - -DSO_LDOPTS = -elf -shared -all - -ifdef DSO_BACKEND - DSO_LDOPTS += -soname $(DSO_NAME) -endif - -# -# Revision notes: -# -# In the IRIX compilers prior to version 7.2, -n32 implied -mips3. -# Beginning in the 7.2 compilers, -n32 implies -mips4 when the compiler -# is running on a system with a mips4 CPU (e.g. R8K, R10K). -# We want our code to explicitly be mips3 code, so we now explicitly -# set -mips3 whenever we set -n32. -# diff --git a/security/coreconf/IRIX5.2.mk b/security/coreconf/IRIX5.2.mk deleted file mode 100644 index fbb4a137b..000000000 --- a/security/coreconf/IRIX5.2.mk +++ /dev/null @@ -1,35 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# -# Config stuff for IRIX 5.2 -# -include $(CORE_DEPTH)/coreconf/IRIX5.mk diff --git a/security/coreconf/IRIX5.3.mk b/security/coreconf/IRIX5.3.mk deleted file mode 100644 index b7134592b..000000000 --- a/security/coreconf/IRIX5.3.mk +++ /dev/null @@ -1,37 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# -# Config stuff for IRIX 5.3 -# -include $(CORE_DEPTH)/coreconf/IRIX5.mk - -OS_CFLAGS += -DIRIX5_3 diff --git a/security/coreconf/IRIX5.mk b/security/coreconf/IRIX5.mk deleted file mode 100644 index 56bfb0ea5..000000000 --- a/security/coreconf/IRIX5.mk +++ /dev/null @@ -1,40 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# -# Config stuff for IRIX 5 -# - -include $(CORE_DEPTH)/coreconf/IRIX.mk - -ifndef NS_USE_GCC - ODD_CFLAGS += -xgot -endif diff --git a/security/coreconf/IRIX6.2.mk b/security/coreconf/IRIX6.2.mk deleted file mode 100644 index e17a0c3b6..000000000 --- a/security/coreconf/IRIX6.2.mk +++ /dev/null @@ -1,43 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# -# Config stuff for IRIX 6.2 -# - - -# catch unresolved symbols - -SHLIB_LD_OPTS += -no_unresolved - -include $(CORE_DEPTH)/coreconf/IRIX6.mk - -OS_CFLAGS += -DIRIX6_2 diff --git a/security/coreconf/IRIX6.3.mk b/security/coreconf/IRIX6.3.mk deleted file mode 100644 index a684a1e11..000000000 --- a/security/coreconf/IRIX6.3.mk +++ /dev/null @@ -1,42 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# -# Config stuff for IRIX 6.3 -# - -# catch unresolved symbols - -SHLIB_LD_OPTS += -no_unresolved - -include $(CORE_DEPTH)/coreconf/IRIX6.mk - -OS_CFLAGS += -DIRIX6_3 diff --git a/security/coreconf/IRIX6.5.mk b/security/coreconf/IRIX6.5.mk deleted file mode 100644 index 7f68d82cb..000000000 --- a/security/coreconf/IRIX6.5.mk +++ /dev/null @@ -1,42 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# -# Config stuff for IRIX 6.5 -# - -# catch unresolved symbols - -SHLIB_LD_OPTS += -no_unresolved - -include $(CORE_DEPTH)/coreconf/IRIX6.mk - -OS_CFLAGS += -DIRIX6_5 -mips3 diff --git a/security/coreconf/IRIX6.mk b/security/coreconf/IRIX6.mk deleted file mode 100644 index a401dc6f3..000000000 --- a/security/coreconf/IRIX6.mk +++ /dev/null @@ -1,47 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# -# Config stuff for IRIX 6 -# - -include $(CORE_DEPTH)/coreconf/IRIX.mk - -ifndef NS_USE_GCC - ifneq ($(USE_N32),1) - OS_CFLAGS += -32 - endif - ODD_CFLAGS += -multigot -endif - -ifeq ($(USE_PTHREADS),1) -OS_LIBS += -lpthread -endif diff --git a/security/coreconf/Linux.mk b/security/coreconf/Linux.mk deleted file mode 100644 index 444f4b272..000000000 --- a/security/coreconf/Linux.mk +++ /dev/null @@ -1,97 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# -# Config stuff for Linux -# - -include $(CORE_DEPTH)/coreconf/UNIX.mk - -# -# The default implementation strategy for Linux is now pthreads -# -USE_PTHREADS = 1 - -ifeq ($(USE_PTHREADS),1) - IMPL_STRATEGY = _PTH -endif - -CC = gcc -CCC = g++ -RANLIB = ranlib - -DEFAULT_COMPILER = gcc - -ifeq ($(OS_TEST),ppc) - OS_REL_CFLAGS = -DMACLINUX -DLINUX1_2 - CPU_ARCH = ppc -else -ifeq ($(OS_TEST),alpha) - OS_REL_CFLAGS = -D_ALPHA_ -DLINUX1_2 -D_XOPEN_SOURCE - CPU_ARCH = alpha -else - OS_REL_CFLAGS = -mno-486 -DLINUX1_2 -Di386 -D_XOPEN_SOURCE - CPU_ARCH = x86 -endif -endif - - -LIBC_TAG = _glibc - -ifeq ($(OS_RELEASE),2.0) - OS_REL_CFLAGS += -DLINUX2_0 - MKSHLIB = $(CC) -shared -Wl,-soname -Wl,$(@:$(OBJDIR)/%.so=%.so) - ifdef BUILD_OPT - OPTIMIZER = -O2 - endif -endif - -ifeq ($(USE_PTHREADS),1) -OS_PTHREAD = -lpthread -endif - -OS_CFLAGS = $(DSO_CFLAGS) $(OS_REL_CFLAGS) -ansi -Wall -pipe -DLINUX -Dlinux -D_POSIX_SOURCE -D_BSD_SOURCE -DHAVE_STRERROR -OS_LIBS = -L/lib $(OS_PTHREAD) -ldl -lc - -ifdef USE_PTHREADS - DEFINES += -D_REENTRANT -D_PR_NEED_FAKE_POLL -else - DEFINES += -D_PR_LOCAL_THREADS_ONLY -endif - -ARCH = linux - -DSO_CFLAGS = -fPIC -DSO_LDOPTS = -shared -DSO_LDFLAGS = - -# INCLUDES += -I/usr/include -Y/usr/include/linux -G++INCLUDES = -I/usr/include/g++ diff --git a/security/coreconf/Linux2.1.mk b/security/coreconf/Linux2.1.mk deleted file mode 100644 index bfbfe6b90..000000000 --- a/security/coreconf/Linux2.1.mk +++ /dev/null @@ -1,44 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# -# Config stuff for Linux 2.1 (ELF) -# - -include $(CORE_DEPTH)/coreconf/Linux.mk -ifeq ($(OS_RELEASE),2.1) - OS_REL_CFLAGS += -DLINUX2_1 - MKSHLIB = $(CC) -shared -Wl,-soname -Wl,$(@:$(OBJDIR)/%.so=%.so) - ifdef BUILD_OPT - OPTIMIZER = -O2 - endif -endif - diff --git a/security/coreconf/Linux2.2.mk b/security/coreconf/Linux2.2.mk deleted file mode 100644 index c552c1d76..000000000 --- a/security/coreconf/Linux2.2.mk +++ /dev/null @@ -1,43 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# -# Config stuff for Linux 2.2 (ELF) -# - -include $(CORE_DEPTH)/coreconf/Linux.mk - -OS_REL_CFLAGS += -DLINUX2_1 -MKSHLIB = $(CC) -shared -Wl,-soname -Wl,$(@:$(OBJDIR)/%.so=%.so) -ifdef BUILD_OPT - OPTIMIZER = -O2 -endif - diff --git a/security/coreconf/LinuxELF1.2.mk b/security/coreconf/LinuxELF1.2.mk deleted file mode 100644 index 860787958..000000000 --- a/security/coreconf/LinuxELF1.2.mk +++ /dev/null @@ -1,36 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# -# Config stuff for Linux 1.2 (ELF) -# - -include $(CORE_DEPTH)/coreconf/Linux.mk diff --git a/security/coreconf/LinuxELF2.0.mk b/security/coreconf/LinuxELF2.0.mk deleted file mode 100644 index a85dfafa9..000000000 --- a/security/coreconf/LinuxELF2.0.mk +++ /dev/null @@ -1,36 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# -# Config stuff for Linux 2.0 (ELF) -# - -include $(CORE_DEPTH)/coreconf/Linux.mk diff --git a/security/coreconf/Makefile b/security/coreconf/Makefile deleted file mode 100644 index 9f6fd6078..000000000 --- a/security/coreconf/Makefile +++ /dev/null @@ -1,43 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# -DEPTH = .. -CORE_DEPTH = .. - -MODULE = coreconf - -DIRS = nsinstall mkdepend md - -include $(DEPTH)/coreconf/config.mk -include $(DEPTH)/coreconf/rules.mk - -export:: libs diff --git a/security/coreconf/NCR3.0.mk b/security/coreconf/NCR3.0.mk deleted file mode 100644 index 8193bd1f5..000000000 --- a/security/coreconf/NCR3.0.mk +++ /dev/null @@ -1,90 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# -# Config stuff for NCR SysVr4 v 3.0 -# - -include $(CORE_DEPTH)/coreconf/UNIX.mk - -DEFAULT_COMPILER = cc - -### -NS_USE_NATIVE = 1 - -# NS_USE_GCC = 1 - -export PATH:=$(PATH):/opt/ncc/bin -### - -RANLIB = true -GCC_FLAGS_EXTRA += -pipe - -DEFINES += -DSVR4 -DSYSV -DHAVE_STRERROR -DNCR - -OS_CFLAGS += -Hnocopyr -DSVR4 -DSYSV -DHAVE_STRERROR -DNCR -DPRFSTREAMS_BROKEN - -ifdef NS_USE_NATIVE - CC = cc - CCC = ncc - CXX = ncc -# OS_LIBS += -L/opt/ncc/lib -else -# OS_LIBS += -endif - -#OS_LIBS += -lsocket -lnsl -ldl -lc - -MKSHLIB += $(LD) $(DSO_LDOPTS) -#DSO_LDOPTS += -G -z defs -DSO_LDOPTS += -G - -CPU_ARCH = x86 -ARCH = ncr - -NOSUCHFILE = /solaris-rm-f-sucks - -# now take care of default GCC (rus@5/5/97) - -ifdef NS_USE_GCC - # if gcc-settings are redefined already - don't touch it - # - ifeq (,$(findstring gcc, $(CC))) - CC = gcc - CCC = g++ - CXX = g++ - # always use -fPIC - some makefiles are still broken and don't distinguish - # situation when they build shared and static libraries - CFLAGS += -fPIC -Wall $(GCC_FLAGS_EXTRA) -# OS_LIBS += -L/usr/local/lib -lstdc++ -lg++ -lgcc - endif -endif -### diff --git a/security/coreconf/NEC4.2.mk b/security/coreconf/NEC4.2.mk deleted file mode 100644 index 8e635f1ca..000000000 --- a/security/coreconf/NEC4.2.mk +++ /dev/null @@ -1,61 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# -# Config stuff for NEC Mips SYSV -# - -include $(CORE_DEPTH)/coreconf/UNIX.mk - -DEFAULT_COMPILER = $(CORE_DEPTH)/build/hcc - -CPU_ARCH = mips - -ifdef NS_USE_GCC -CC = gcc -CCC = g++ -else -CC = $(CORE_DEPTH)/build/hcc -OS_CFLAGS = -Xa -KGnum=0 -KOlimit=4000 -CCC = g++ -endif - -MKSHLIB = $(LD) $(DSO_LDOPTS) - -RANLIB = /bin/true - -OS_CFLAGS += $(ODD_CFLAGS) -DSVR4 -D__SVR4 -DNEC -Dnec_ews -DHAVE_STRERROR -OS_LIBS = -lsocket -lnsl -ldl $(LDOPTIONS) -LDOPTIONS = -lc -L/usr/ucblib -lucb - -NOSUCHFILE = /nec-rm-f-sucks - -DSO_LDOPTS = -G diff --git a/security/coreconf/OS2.mk b/security/coreconf/OS2.mk deleted file mode 100644 index c3b7c83c2..000000000 --- a/security/coreconf/OS2.mk +++ /dev/null @@ -1,162 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -MOZ_WIDGET_TOOLKIT = os2 - -# Specify toolset. Default to EMX. -ifeq ($(MOZ_OS2_TOOLS),VACPP) -XP_OS2_VACPP = 1 -else -ifeq ($(MOZ_OS2_TOOLS),PGCC) -XP_OS2_EMX = 1 -else -MOZ_OS2_TOOLS = EMX -XP_OS2_EMX = 1 -endif -endif - -# XP_PC is for Window and OS2 on Intel X86 -# XP_OS2 is strictly for OS2 only -XP_DEFINE += -DXP_PC=1 -DXP_OS2=1 - -# Override suffix in suffix.mk -LIB_SUFFIX = lib -DLL_SUFFIX = dll -OBJ_SUFFIX = .obj -ASM_SUFFIX = .asm -PROG_SUFFIX = .exe - - -# -# On OS/2 we proudly support gbash... -# -SHELL = GBASH.EXE -CCC = icc -q -DXP_OS2 -DOS2=4 -N10 -LINK = ilink -AR = emxomfar -p256 r $@ -# Keep AR_FLAGS blank so that we do not have to change rules.mk -AR_FLAGS = -RANLIB = @echo OS2 RANLIB -BSDECHO = @echo OS2 BSDECHO - -ifndef NO_SHARED_LIB -WRAP_MALLOC_LIB = -WRAP_MALLOC_CFLAGS = -DSO_CFLAGS = -DSO_PIC_CFLAGS = -MKSHLIB = $(CXX) $(CXXFLAGS) $(DSO_LDOPTS) -o $@ -MKCSHLIB = $(CC) $(CFLAGS) $(DSO_LDOPTS) -o $@ -MKSHLIB_FORCE_ALL = -MKSHLIB_UNFORCE_ALL = -DSO_LDOPTS = -Zomf -Zdll -Zmt -Zcrtdll -Zlinker /NOO -# DLL_SUFFIX = .dll -SHLIB_LDSTARTFILE = -SHLIB_LDENDFILE = -endif - -# HCT Include from Mozilla client build. -INCLUDES = -I$(CORE_DEPTH)/../dist/include -I$(CORE_DEPTH)/../include - -# This is where Mozilla Client build DIST & INCLUDE. -# while DIST is where Security build put it LIB & INCLUDE -MOZ_DIST = $(CORE_DEPTH)/../dist -MOZ_LIB = $(CORE_DEPTH)/../dist/lib - -OS_CFLAGS = -Wall -W -Wno-unused -Wpointer-arith -Wcast-align -Zmtd -Zomf -Zmt -DDEBUG -DDEBUG_wintrinh -DTRACING -g - -# Where the libraries are -MOZ_COMPONENT_NSPR_LIBS=-L$(DIST)/lib $(NSPR_LIBS) -NSPR_LIBS = -lplds4 -lplc4 -lnspr4 -NSPR_INCLUDE_DIR = - - - -ifdef BUILD_OPT -OPTIMIZER = -O+ -Oi -DEFINES += -UDEBUG -U_DEBUG -DNDEBUG -DLLFLAGS = -DLL -OUT:$@ -MAP:$(@:.dll=.map) -EXEFLAGS = -PMTYPE:VIO -OUT:$@ -MAP:$(@:.exe=.map) -nologo -NOE -OBJDIR_TAG = _OPT -else -#OPTIMIZER = -O+ -Oi -DEFINES += -DDEBUG -D_DEBUG -DDEBUGPRINTS #HCT Need += to avoid overidding manifest.mn -DLLFLAGS = -DEBUG -DLL -OUT:$@ -MAP:$(@:.dll=.map) -EXEFLAGS = -DEBUG -PMTYPE:VIO -OUT:$@ -MAP:$(@:.exe=.map) -nologo -NOE -OBJDIR_TAG = _DBG -LDFLAGS = -DEBUG -endif - -# OS/2 use nsinstall that is included in the toolkit. -# since we do not wish to support and maintain 3 version of nsinstall in mozilla, nspr and nss - -NSINSTALL_DIR = $(CORE_DEPTH)/coreconf/nsinstall -# NSINSTALL = $(NSINSTALL_DIR)/$(OBJDIR_NAME)/nsinstall -NSINSTALL = nsinstall # HCT4OS2 -INSTALL = $(NSINSTALL) - -MKDEPEND_DIR = $(CORE_DEPTH)/coreconf/mkdepend -MKDEPEND = $(MKDEPEND_DIR)/$(OBJDIR_NAME)/mkdepend -MKDEPENDENCIES = $(OBJDIR_NAME)/depend.mk - -#################################################################### -# -# One can define the makefile variable NSDISTMODE to control -# how files are published to the 'dist' directory. If not -# defined, the default is "install using relative symbolic -# links". The two possible values are "copy", which copies files -# but preserves source mtime, and "absolute_symlink", which -# installs using absolute symbolic links. The "absolute_symlink" -# option requires NFSPWD. -# - THIS IS NOT PART OF THE NEW BINARY RELEASE PLAN for 9/30/97 -# - WE'RE KEEPING IT ONLY FOR BACKWARDS COMPATIBILITY -#################################################################### - -ifeq ($(NSDISTMODE),copy) - # copy files, but preserve source mtime - INSTALL = $(NSINSTALL) - INSTALL += -t -else - ifeq ($(NSDISTMODE),absolute_symlink) - # install using absolute symbolic links - INSTALL = $(NSINSTALL) - INSTALL += -L `$(NFSPWD)` - else - # install using relative symbolic links - INSTALL = $(NSINSTALL) - INSTALL += -R - endif -endif - -define MAKE_OBJDIR -if test ! -d $(@D); then rm -rf $(@D); $(NSINSTALL) -D $(@D); fi -endef diff --git a/security/coreconf/OSF1.mk b/security/coreconf/OSF1.mk deleted file mode 100644 index 37484fcb9..000000000 --- a/security/coreconf/OSF1.mk +++ /dev/null @@ -1,70 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# -# Config stuff for DEC OSF/1 -# - -# -# The Bourne shell (sh) on OSF1 doesn't handle "set -e" correctly, -# which we use to stop LOOP_OVER_DIRS submakes as soon as any -# submake fails. So we use the Korn shell instead. -# -SHELL = /usr/bin/ksh - -include $(CORE_DEPTH)/coreconf/UNIX.mk - -DEFAULT_COMPILER = cc - -CC = cc -OS_CFLAGS += $(NON_LD_FLAGS) -std1 -CCC = cxx -RANLIB = /bin/true -CPU_ARCH = alpha - -ifdef BUILD_OPT - OPTIMIZER += -Olimit 4000 -endif - -NON_LD_FLAGS += -ieee_with_inexact -OS_CFLAGS += -DOSF1 -D_REENTRANT - -ifeq ($(USE_PTHREADS),1) - OS_CFLAGS += -pthread -endif - -ifeq ($(USE_IPV6),1) - OS_CFLAGS += -D_PR_INET6 -endif - -# The command to build a shared library on OSF1. -MKSHLIB += ld -shared -all -expect_unresolved "*" -DSO_LDOPTS += -shared diff --git a/security/coreconf/OSF1V2.0.mk b/security/coreconf/OSF1V2.0.mk deleted file mode 100644 index de7dab643..000000000 --- a/security/coreconf/OSF1V2.0.mk +++ /dev/null @@ -1,35 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# -# Config stuff for DEC OSF/1 V2.0 -# -include $(CORE_DEPTH)/coreconf/OSF1.mk diff --git a/security/coreconf/OSF1V3.0.mk b/security/coreconf/OSF1V3.0.mk deleted file mode 100644 index 623b2f971..000000000 --- a/security/coreconf/OSF1V3.0.mk +++ /dev/null @@ -1,35 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# -# Config stuff for DEC OSF/1 V3.0 -# -include $(CORE_DEPTH)/coreconf/OSF1.mk diff --git a/security/coreconf/OSF1V3.2.mk b/security/coreconf/OSF1V3.2.mk deleted file mode 100644 index 9d584b37b..000000000 --- a/security/coreconf/OSF1V3.2.mk +++ /dev/null @@ -1,44 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# -# On OSF1 V3.2, classic nspr is the default (and only) implementation -# strategy. -# - -# -# Config stuff for DEC OSF/1 V3.2 -# -include $(CORE_DEPTH)/coreconf/OSF1.mk - -ifeq ($(OS_RELEASE),V3.2) - OS_CFLAGS += -DOSF1V3 -endif diff --git a/security/coreconf/OSF1V4.0.mk b/security/coreconf/OSF1V4.0.mk deleted file mode 100644 index 164a6613a..000000000 --- a/security/coreconf/OSF1V4.0.mk +++ /dev/null @@ -1,51 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# -# On OSF1 V4.0, pthreads is the default implementation strategy. -# Classic nspr is also available. -# -ifneq ($(OS_RELEASE),V3.2) - USE_PTHREADS = 1 - ifeq ($(CLASSIC_NSPR), 1) - USE_PTHREADS = - IMPL_STRATEGY := _CLASSIC - endif -endif - -# -# Config stuff for DEC OSF/1 V4.0 -# -include $(CORE_DEPTH)/coreconf/OSF1.mk - -ifeq ($(OS_RELEASE),V4.0) - OS_CFLAGS += -DOSF1V4 -endif diff --git a/security/coreconf/OSF1V4.0B.mk b/security/coreconf/OSF1V4.0B.mk deleted file mode 100644 index 73f357d17..000000000 --- a/security/coreconf/OSF1V4.0B.mk +++ /dev/null @@ -1,35 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# -# Config stuff for DEC OSF/1 V4.0B -# -include $(CORE_DEPTH)/coreconf/OSF1V4.0.mk diff --git a/security/coreconf/OSF1V4.0D.mk b/security/coreconf/OSF1V4.0D.mk deleted file mode 100644 index 515c76d5f..000000000 --- a/security/coreconf/OSF1V4.0D.mk +++ /dev/null @@ -1,39 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# -# Config stuff for DEC OSF/1 V4.0D -# -include $(CORE_DEPTH)/coreconf/OSF1V4.0.mk -DEFINES += -DOSF1V4D - -OS_LIBS += -lpthread -lrt - diff --git a/security/coreconf/README b/security/coreconf/README deleted file mode 100644 index f769ee56d..000000000 --- a/security/coreconf/README +++ /dev/null @@ -1,568 +0,0 @@ -OVERVIEW of "ns/coreconf": - - This README file is an attempt to provide the reader with a simple - synopsis of the "ns/coreconf" build system which was originally - fundamentally designed and built to accomodate Netscape's binary - release model. Wherever possible, an attempt has been made to - comply with the NSPR 2.0 build system, including mimicing the - compiler/linker flags, and directory naming structure. The reader - should keep in mind that the system builds binary releases of - header files, class files, libraries, and executables on numerous - flavors of UNIX and Windows operating systems. Unfortunately, - no serious attempt has ever been made to incorporate an ability to - generate cross-platform binaries on an Apple MacIntosh platform. - - Note that this file will not attempt to redefine or document the - architecture of this system. However, documents on this subject - are available at the following URL: - - http://warp/hardcore/prj-ttools/specs/release/index.html - - - -DEPENDENCIES of "ns/coreconf": - - The "ns/coreconf" build system requires the specified versions of - the following platform-dependent tools: - - UNIX Platforms: - -------------- - gmake (version 3.74 or later) - perl 4.0 (NOTE: perl 5.003 or later recommended) - uname - - Windows Platforms: - ----------------- - gmake 3.74 (must use hacked Netscape version) - shmsdos.exe (contained in Netscape gmake.exe) - nsinstall.exe (contained in Netscape gmake.exe) - perl.exe (version 4.0 for everything except testing; - NOTE: MKS toolkit perl 5.002 is broken) - perl5.exe (for testing; - NOTE: perl 5.003 or later recommended; - MKS toolkit perl 5.002 is broken) - uname.exe (use nstools version) - -ENHANCEMENTS to "ns/coreconf": - - With the advent of Certificate Server 4.0 using the ns/coreconf - build system, several changes had to be made to enhance - ns/coreconf support for building Java/JNI classes/programs, as - well as libraries slated to be released as binaries. While the - following may not represent an exhaustive list of these changes, - it does attempt to be at least somewhat comprehensive: - - (1) During the course of these enhancements, a total of - four files have been modified, and four new files have - been added. - - The following files have been modified: - - - command.mk: removed old definition of JAR - - - config.mk: added include statement of new - "jdk.mk" file - - - ruleset.mk: allowed the $(MKPROG) variable to be - overridden by supplying it with a - default value of $(CC); augmented - numerous definitions to enhance - ability of ns/coreconf to produce - a more robust set of libraries; - added some JNI definitions; PACKAGE - definition may be overridden by new - "jdk.mk" file - - - rules.mk: separated the compile phase of a - program from the link phase of a - program such that a developer can - now strictly override program linkage - by simply supplying a $(MKPROG) - variable; augmented NETLIBDEPTH - to use CORE_DEPTH but retain backward - compatibility; added JNI section; - modified .PRECIOUS rule; - - The following files have been added: - - - README: this file; an ASCII-based text - document used to summarize the - ns/coreconf build system and - suitable (paginated) for printing - - - jdk.mk: a file comprising most (if not all) - of the default Java related build - information; the definitions in this - file are only included if NS_USE_JDK - has been defined - - - jniregen.pl: a perl script used to create a - dependency for when JNI files should - be regenerated (based upon any change - to the ".class" file from which the - ".h" file was originally generated) - - - outofdate.pl: a perl script used to create a - dependency for when ".class" files - should be regenerated (based upon - any change to the ".java" file - from which the ".class" file was - originally generated) - - (2) As stated above, the ns/coreconf build system now separates - the link phase of a program from its compilation phase. - While ns/coreconf still works exactly as it used to because - the $(MKPROG) variable is assigned $(CC) by default, a developer - may now override this behavior by simply supplying their - own unique value for $(MKPROG) on every platform. This allows - a program compiled with $(CC) to link with external libraries - that may contain "C++" linkage. Before this change, a - programmer would need to reference their own local copy of - rules.mk (see the ns/sectools/cmd/pk12util program for - an example of how this used to be accomplished). - - (3) Currently, the ns/coreconf build system differs from the - NSPR 2.0 build system which utilizes an "_s" to denote - static libraries from import libraries. In fact, the - ns/coreconf build system adds no prefixes or suffixes to - distinguish one version of static libraries from another. - Note that both the ns/coreconf build system as well as the - NSPR 2.0 build system do nothing to provide a method of - distinguishing 16-bit from 32-bit static libraries on the - same machine, either, since: - - a) this might only provide difficulty during - development, since static libraries always - need to be embedded within a program - (note this is highly unlikely, since libraries - for different platforms are subdivided via - a well-known subdirectory structure, and - a developer may use multiple trees for - development), - - b) this maintains backwards compatibility, - something very important since no legacy - programs will need to change their link phase, and - - c) Netscape as a company has dropped any plans - of future development of 16-bit products. - - (4) Since several members of the Hardcore Security group did - not favor NSPR 2.0's solution of adding an "_s" to static - libraries on Windows platforms as a method to distinguish - them from their import library cousins, a different solution - was proposed and has been recently implemented for ns/coreconf: - - - a 16 has been added as a suffix to both dynamic and - import libraries built on 16-bit Windows platforms - - - a 32 has been added as a suffix to both dynamic and - import libraries built on 32-bit Windows platforms - - Since, the HCL release process currently only contains a - single instance of building a dynamic library, - ns/security/lib/fortcrypt/fort12.dll, the impact of this - change should be relatively small. - - It should be noted that although this would additionally - limit the 8.3 namespace on 16-bit platforms, it is highly - unlikely that any future development will be performed on - this platform. - - (5) The $(LIBRARY_VERSION) tag has been added to all non-static - libraries created on UNIX operating systems to alleviate - any future confusion for binary releases which utilize this - tag. Again, it should be noted that this tag is only - utilized on non-static libraries, since more than one - version of the library may need to exist simultaneously - if multiple products are utilized. - - Currently, only one HCL released library utilizes this tag: - - ns/security/lib/fortcrypt/fort12.a - (e. g. - in this library, the tag has been set to '12') - - Again, it should be noted that although this would - additionally limit the 8.3 namespace on 16-bit platforms, - it is highly unlikely that any future development will be - performed on this platform. - - (6) The $(JDK_DEBUG_SUFFIX) extension has been added to all - library and program names to support debug versions of - Java programs (e. g. - java_g, javac_g, etc). - - Once again, it should be noted that although this would - additionally limit the 8.3 namespace on 16-bit platforms, - it is highly unlikely that any future Java development - will be performed on this platform. - - (7) Most (if not all) default definitions for java have been - encapsulated within their own file, jdk.mk, which is - always included by default in ns/coreconf/config.mk. - However, the definitions within this file are only ever - activated if NS_USE_JDK has been set to be 1. - - - (8) Two perl scripts (jniregen.pl and outofdate.pl) have been - added to the system to foster a more robust development - environment for composing Java and JNI programs - utilizing the ns/coreconf build system. Both of these - perl scripts are related to resolving dependencies which - can not be accomplished through normal makefile dependencies. - - (9) This file, README, was created in an attempt to allow - developers who have familiarity with ns/coreconf a simple - roadmap for what has changed, as well as a top-level view of - what comprises ns/coreconf. This file was written in - ASCII (rather than HTML) primarily to promote simple - paginated printing. - -OVERVIEW of "config.mk": - - This file contains the configuration information necessary to - build each "Core Components" source module: - - include file name Purpose - =================== ======================================= - arch.mk source and release <architecture> tags - - command.mk default command macros - (NOTE: may be overridden in $(OS_CONFIG).mk) - - $(OS_CONFIG).mk <architecture>-specific macros - (dependent upon <architecture> tags) - - platform.mk source and release <platform> tags - (dependent upon <architecture> tags) - - tree.mk release <tree> tags - (dependent upon <architecture> tags) - - module.mk source and release <component> tags - (NOTE: A component is also called a module - or a subsystem. This file is dependent upon - $(MODULE) being defined on the command - line, as an environment variable, or in - individual makefiles, or more - appropriately, manifest.mn) - - version.mk release <version> tags - (dependent upon $(MODULE) being defined on - the command line, as an environment variable, - or in individual makefiles, or more - appropriately, manifest.mn) - - location.mk macros to figure out binary code location - (dependent upon <platform> tags) - - source.mk <component>-specific source path - (dependent upon <user_source_tree>, - <source_component>, <version>, and - <platform> tags) - - headers.mk include switch for support header files - (dependent upon <tree>, <component>, <version>, - and <platform> tags) - - prefix.mk compute program prefixes - - suffix.mk compute program suffixes - (dependent upon <architecture> tags) - - jdk.mk define JDK - (dependent upon <architecture>, - <source>, and <suffix> tags) - - ruleset.mk Master "Core Components" rule set - (should always be the last file - included by config.mk) - - - -OVERVIEW of "rules.mk": - - The "rules.mk" file consists of four sections. The first section - contains the "master" build rules for all binary releases. While - this section can (and should) largely be thought of as "language" - independent, it does utilize the "perl" scripting language to - perform both the "import" and "release" of binary modules. - - The rules which dwell in this section and their purpose: - - - CATEGORY/rule:: Purpose - =================== ======================================= - - GENERAL - ------- - all:: "default" all-encompassing rule which - performs "export libs program install" - - export:: recursively copy specified - cross-platform header files to the - $(SOURCE_XPHEADERS_DIR) directory; - recursively copy specified - machine-dependent header files to the - $(SOURCE_MDHEADERS_DIR) directory; - although all rules can be written to - repetively "chain" into other sections, - this rule is the most commonly used - rule to "chain" into other sections - such as Java providing a simple - mechanism which allows no need for - developers to memorize specialized - rules - - libs:: recursively build - static (archival) $(LIBRARY), shared - (dynamic link) $(SHARED_LIBRARY), - import $(IMPORT_LIBRARY), and/or - "purified" $(PURE_LIBRARY) - libraries - - program:: recursively build $(PROGRAM) - executable - - install:: recursively copy all libraries to - $(SOURCE_LIB_DIR) directory; - recursively copy all executables to - $(SOURCE_BIN_DIR) directory - - clean:: remove all files specified in the - $(ALL_TRASH) variable - - clobber:: synonym for "clean::" rule - - realclean:: remove all files specified by - $(wildcard *.OBJ), dist, and in - the $(ALL_TRASH) variable - - clobber_all:: synonym for "realclean::" rule - - private_export:: recursively copy specified - cross-platform header files to the - $(SOURCE_XPPRIVATE_DIR) directory - - - IMPORT - ------ - import:: uses perl script to retrieve specified - VERSION of the binary release from - $(RELEASE_TREE) - - RELEASE - ------- - release_clean:: remove all files from the - $(SOURCE_RELEASE_PREFIX) directory - - release:: place specified VERSION of the - binary release in the appropriate - $(RELEASE_TREE) directory - - release_export:: recursively copy specified - cross-platform header files to the - $(SOURCE_XPHEADERS_DIR)/include - directory - - release_md:: recursively copy all libraries to - $(SOURCE_RELEASE_PREFIX)/ - $(SOURCE_RELEASE_LIB_DIR) directory; - recursively copy all executables to - $(SOURCE_RELEASE_PREFIX)/ - $(SOURCE_RELEASE_BIN_DIR) directory - - release_jars:: use perl script to package appropriate - files in the $(XPCLASS_JAR), - $(XPHEADER_JAR), $(MDHEADER_JAR), and - $(MDBINARY_JAR) jar files - - release_cpdistdir:: use perl script to copy the - $(XPCLASS_JAR), $(XPHEADER_JAR), - $(MDHEADER_JAR), and $(MDBINARY_JAR) - jar files to the specified VERSION - of the $(RELEASE_TREE) directory - - - - TOOLS and AUTOMATION - -------------------- - platform:: tool used to display the platform name - as composed within the "arch.mk" file - - autobuild:: automation rule used by "Bonsai" and - "Tinderbox" to automatically generate - binary releases on various platforms - - tests:: automation tool used to run the - "regress" and "reporter" tools - on various regression test suites - - The second section of "rules.mk" primarily contains several - "language" dependent build rules for binary releases. These are - generally "computed" rules (created on the "fly"), and include - rules used by "C", "C++", assembly, the preprocessor, perl, and - the shell. - - The rules which dwell in this section and their purpose: - - - CATEGORY/rule:: Purpose - =================== ============================= - - LIBRARIES - --------- - $(LIBRARY): build the static library - specified by the $(LIBRARY) - variable - - $(IMPORT_LIBRARY): build the import library - specified by the - $(IMPORT_LIBRARY) variable - - $(SHARED_LIBRARY): build the shared - (dynamic link) library - specified by the - $(SHARED_LIBRARY) variable - - $(PURE_LIBRARY): build the "purified" library - specified by the - $(PURE_LIBRARY) variable - - - PROGRAMS - -------- - $(PROGRAM): build the binary executable - specified by the $(PROGRAM) - rule - - $(OBJDIR)/ - $(PROG_PREFIX)%.pure: build the "purified" binary - executable specified by this - rule - - - OBJECTS - ------- - $(OBJDIR)/ - $(PROG_PREFIX)%$(OBJ_SUFFIX): build the object file - associated with the - makefile rule dependency: - - %.c = C file - %.cpp = C++ file - %.cc = C++ file - %.s = assembly file - %.S = assembly file - - $(OBJDIR)/ - $(PROG_PREFIX)%: (NOTE: deprecated rule) - build the object file - associated with the - makefile rule dependency: - - %.cpp = C++ file - - MISCELLANEOUS - ------------- - $(DIRS):: specifies a helper method - used by $(LOOP_THROUGH_DIRS) - to recursively change - directories and invoke - $(MAKE) - - %.i: build the preprocessor file - associated with the - makefile rule dependency: - - %.c = C file - %.cpp = C++ file - - %: process the specified file - using the method associated - with the makefile rule - dependency: - - %.pl = perl script - %.sh = shell script - - alltags: tool used to recursively - create a "ctags"-style - file for reference - - The third section of "rules.mk' primarily contains several JAVA - "language" build rules for binary releases. These are also - generally "computed" rules (created on the "fly"). - - The rules which dwell in this section and their purpose: - - - CATEGORY/rule:: Purpose - =================== ============================= - $(JAVA_DESTPATH):: create directory specified - as the Java destination path - for where classes are - deposited - - $(JAVA_DESTPATH)/$(PACKAGE):: create directories specified - within the $(PACKAGE) - variable - - $(JMCSRCDIR):: create directory specified - as the JMC destination path - - $(JRI_HEADER_CFILES): used to generate/regenerate - JRI header files for "C" - - $(JRI_STUB_CFILES): used to generate/regenerate - JRI stub files for "C" - - $(JNI_HEADERS): used to generate/regenerate - JNI header files for "C" - - The fourth section of "rules.mk" primarily contains miscellaneous - build rules for binary releases. Many of these rules are here to - create new subdirectories, manage dependencies, and/or override - standard gmake "Makefile" rules. - - The rules which dwell in this section and their purpose: - - - CATEGORY/rule:: Purpose - =================== ============================= - - $(PUBLIC_EXPORT_DIR):: create directory used to - house public "C" header files - - $(PRIVATE_EXPORT_DIR):: create directory used to - house private "C" header - files - - $(SOURCE_XP_DIR)/ - release/include:: create directory used to - house "C" header files - contained in a release - - $(MKDEPENDENCIES):: for UNIX systems, create - a directory used to house - dependencies and utilize - the $(MKDEPEND) rule to - create them - - $(MKDEPEND):: cd to the dependency - directory and create them - - depend:: if $(OBJS) exist, perform the - $(MKDEPEND) rule followed by - the $(MKDEPENDENCIES) rule - - dependclean:: remove all files contained - in the dependency repository - - .DEFAULT: standard gmake rule - - .SUFFIXES: standard gmake rule - - .PRECIOUS: standard gmake rule - - .PHONY: standard gmake rule - diff --git a/security/coreconf/ReliantUNIX.mk b/security/coreconf/ReliantUNIX.mk deleted file mode 100644 index 476dcabc1..000000000 --- a/security/coreconf/ReliantUNIX.mk +++ /dev/null @@ -1,84 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# -# Config stuff for ReliantUNIX -# - -include $(CORE_DEPTH)/coreconf/UNIX.mk - -DEFAULT_COMPILER = cc - -ifdef NS_USE_GCC - ## gcc-2.7.2 homebrewn - CC = gcc - CCC = g++ - AS = $(CC) - ASFLAGS += -x assembler-with-cpp - LD = gld - ODD_CFLAGS = -pipe -Wall -Wno-format - ifdef BUILD_OPT - OPTIMIZER += -O6 - endif - MKSHLIB = $(LD) - MKSHLIB += -G -h $(@:$(OBJDIR)/%.so=%.so) - DSO_LDOPTS += -G -Xlinker -Blargedynsym -else - ## native compiler (CDS++ 1.0) -# CC = /usr/bin/cc - CC = cc - CCC = /usr/bin/CC - AS = /usr/bin/cc - ODD_CFLAGS = - ifdef BUILD_OPT - OPTIMIZER += -O -F Olimit,4000 - endif - MKSHLIB = $(CC) - MKSHLIB += -G -h $(@:$(OBJDIR)/%.so=%.so) - DSO_LDOPTS += -G -W l,-Blargedynsym -endif - -NOSUCHFILE = /sni-rm-f-sucks -ODD_CFLAGS += -DSVR4 -DSNI -DRELIANTUNIX -CPU_ARCH = mips -RANLIB = /bin/true - -# For purify -NOMD_OS_CFLAGS += $(ODD_CFLAGS) - -# we do not have -MDupdate ... -OS_CFLAGS += $(NOMD_OS_CFLAGS) -OS_LIBS += -lsocket -lnsl -lresolv -lgen -ldl -lc /usr/ucblib/libucb.a -HAVE_PURIFY = 0 - -ifdef DSO_BACKEND - DSO_LDOPTS += -h $(DSO_NAME) -endif diff --git a/security/coreconf/ReliantUNIX5.4.mk b/security/coreconf/ReliantUNIX5.4.mk deleted file mode 100644 index a5bca60a3..000000000 --- a/security/coreconf/ReliantUNIX5.4.mk +++ /dev/null @@ -1,35 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# -# Config stuff for ReliantUNIX5.4 -# -include $(CORE_DEPTH)/coreconf/ReliantUNIX.mk diff --git a/security/coreconf/SCOOS5.0.mk b/security/coreconf/SCOOS5.0.mk deleted file mode 100644 index b3370a1fd..000000000 --- a/security/coreconf/SCOOS5.0.mk +++ /dev/null @@ -1,36 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# -# Config stuff for SCO OpenServer 5.0 for x86. -# - -include $(CORE_DEPTH)/coreconf/SCO_SV3.2.mk diff --git a/security/coreconf/SCO_SV3.2.mk b/security/coreconf/SCO_SV3.2.mk deleted file mode 100644 index e9d13b30c..000000000 --- a/security/coreconf/SCO_SV3.2.mk +++ /dev/null @@ -1,86 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# -# Config stuff for SCO Unix for x86. -# - -include $(CORE_DEPTH)/coreconf/UNIX.mk - -DEFAULT_COMPILER = cc - -CC = cc -OS_CFLAGS += -b elf -KPIC -CCC = g++ -CCC += -b elf -DPRFSTREAMS_BROKEN -I/usr/local/lib/g++-include -# CCC = $(CORE_DEPTH)/build/hcpp -# CCC += +.cpp +w -RANLIB = /bin/true - -# -# -DSCO_PM - Policy Manager AKA: SCO Licensing -# -DSCO - Changes to Netscape source (consistent with AIX, LINUX, etc..) -# -Dsco - Needed for /usr/include/X11/* -# -OS_CFLAGS += -DSCO_SV -DSYSV -D_SVID3 -DHAVE_STRERROR -DSW_THREADS -DSCO_PM -DSCO -Dsco -#OS_LIBS += -lpmapi -lsocket -lc -MKSHLIB = $(LD) -MKSHLIB += $(DSO_LDOPTS) -XINC = /usr/include/X11 -MOTIFLIB += -lXm -INCLUDES += -I$(XINC) -CPU_ARCH = x86 -GFX_ARCH = x -ARCH = sco -LOCALE_MAP = $(CORE_DEPTH)/cmd/xfe/intl/sco.lm -EN_LOCALE = C -DE_LOCALE = de_DE.ISO8859-1 -FR_LOCALE = fr_FR.ISO8859-1 -JP_LOCALE = ja -SJIS_LOCALE = ja_JP.SJIS -KR_LOCALE = ko_KR.EUC -CN_LOCALE = zh -TW_LOCALE = zh -I2_LOCALE = i2 -LOC_LIB_DIR = /usr/lib/X11 -NOSUCHFILE = /solaris-rm-f-sucks -BSDECHO = /bin/echo - -# -# These defines are for building unix plugins -# -BUILD_UNIX_PLUGINS = 1 -#DSO_LDOPTS += -b elf -G -z defs -DSO_LDOPTS += -b elf -G -DSO_LDFLAGS += -nostdlib -L/lib -L/usr/lib -lXm -lXt -lX11 -lgen - -# Used for Java compiler -EXPORT_FLAGS += -W l,-Bexport diff --git a/security/coreconf/SunOS4.1.3_U1.mk b/security/coreconf/SunOS4.1.3_U1.mk deleted file mode 100644 index 94be22508..000000000 --- a/security/coreconf/SunOS4.1.3_U1.mk +++ /dev/null @@ -1,59 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# -# Config stuff for SunOS4.1 -# - -include $(CORE_DEPTH)/coreconf/UNIX.mk - -DEFAULT_COMPILER = cc - -INCLUDES += -I/usr/dt/include -I/usr/openwin/include -I/home/motif/usr/include - -# SunOS 4 _requires_ that shared libs have a version number. -# XXX FIXME: Version number should use NSPR_VERSION_NUMBER? -DLL_SUFFIX = so.1.0 -CC = gcc -RANLIB = ranlib -CPU_ARCH = sparc - -# Purify doesn't like -MDupdate -NOMD_OS_CFLAGS += -Wall -Wno-format -DSUNOS4 -OS_CFLAGS += $(DSO_CFLAGS) $(NOMD_OS_CFLAGS) -MDupdate $(DEPENDENCIES) -MKSHLIB = $(LD) -MKSHLIB += $(DSO_LDOPTS) -HAVE_PURIFY = 1 -NOSUCHFILE = /solaris-rm-f-sucks -DSO_LDOPTS = - -# -fPIC generates position-independent code for use in a shared library. -DSO_CFLAGS += -fPIC diff --git a/security/coreconf/SunOS5.3.mk b/security/coreconf/SunOS5.3.mk deleted file mode 100644 index e103d9f57..000000000 --- a/security/coreconf/SunOS5.3.mk +++ /dev/null @@ -1,38 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# -# Config stuff for SunOS5.3 -# - -SOL_CFLAGS = - -include $(CORE_DEPTH)/coreconf/SunOS5.mk diff --git a/security/coreconf/SunOS5.4.mk b/security/coreconf/SunOS5.4.mk deleted file mode 100644 index fe24c33e0..000000000 --- a/security/coreconf/SunOS5.4.mk +++ /dev/null @@ -1,38 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# -# Config stuff for SunOS5.4 -# - -SOL_CFLAGS = - -include $(CORE_DEPTH)/coreconf/SunOS5.mk diff --git a/security/coreconf/SunOS5.4_i86pc.mk b/security/coreconf/SunOS5.4_i86pc.mk deleted file mode 100644 index bed9893ed..000000000 --- a/security/coreconf/SunOS5.4_i86pc.mk +++ /dev/null @@ -1,68 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# -# Config stuff for Solaris 2.4 on x86 -# - -include $(CORE_DEPTH)/coreconf/UNIX.mk - -DEFAULT_COMPILER = cc - -ifdef NS_USE_GCC - CC = gcc - OS_CFLAGS += -Wall -Wno-format - CCC = g++ - CCC += -Wall -Wno-format - ASFLAGS += -x assembler-with-cpp - ifdef NO_MDUPDATE - OS_CFLAGS += $(NOMD_OS_CFLAGS) - else - OS_CFLAGS += $(NOMD_OS_CFLAGS) -MDupdate $(DEPENDENCIES) - endif -else - CC = cc - CCC = CC - ASFLAGS += -Wa,-P - OS_CFLAGS += $(NOMD_OS_CFLAGS) -endif - -CPU_ARCH = x86 - -MKSHLIB = $(LD) -MKSHLIB += $(DSO_LDOPTS) -NOSUCHFILE = /solx86-rm-f-sucks -RANLIB = echo - -# for purify -NOMD_OS_CFLAGS += -DSVR4 -DSYSV -D_REENTRANT -DSOLARIS -D__svr4__ -Di386 - -DSO_LDOPTS += -G diff --git a/security/coreconf/SunOS5.5.1.mk b/security/coreconf/SunOS5.5.1.mk deleted file mode 100644 index f85932b59..000000000 --- a/security/coreconf/SunOS5.5.1.mk +++ /dev/null @@ -1,44 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# -# Config stuff for SunOS5.5.1 -# - -SOL_CFLAGS += -D_SVID_GETTOD - -include $(CORE_DEPTH)/coreconf/SunOS5.mk - -ifeq ($(OS_RELEASE),5.5.1) - OS_DEFINES += -DSOLARIS2_5 -endif - -OS_LIBS += -lthread -lnsl -lsocket -lposix4 -ldl -lc diff --git a/security/coreconf/SunOS5.5.mk b/security/coreconf/SunOS5.5.mk deleted file mode 100644 index e83356f15..000000000 --- a/security/coreconf/SunOS5.5.mk +++ /dev/null @@ -1,42 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# -# Config stuff for SunOS5.5 -# - -SOL_CFLAGS += -D_SVID_GETTOD - -include $(CORE_DEPTH)/coreconf/SunOS5.mk - -ifeq ($(OS_RELEASE),5.5) - OS_DEFINES += -DSOLARIS2_5 -endif diff --git a/security/coreconf/SunOS5.6.mk b/security/coreconf/SunOS5.6.mk deleted file mode 100644 index 774d2b7a6..000000000 --- a/security/coreconf/SunOS5.6.mk +++ /dev/null @@ -1,44 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# -# Config stuff for SunOS5.6 -# - -SOL_CFLAGS += -D_SVID_GETTOD - -include $(CORE_DEPTH)/coreconf/SunOS5.mk - -ifeq ($(OS_RELEASE),5.6) - OS_DEFINES += -DSOLARIS2_6 -endif - -OS_LIBS += -lthread -lnsl -lsocket -lposix4 -ldl -lc diff --git a/security/coreconf/SunOS5.6_i86pc.mk b/security/coreconf/SunOS5.6_i86pc.mk deleted file mode 100644 index 286ff3505..000000000 --- a/security/coreconf/SunOS5.6_i86pc.mk +++ /dev/null @@ -1,45 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# -# Config stuff for Solaris 2.6 on x86 -# - -SOL_CFLAGS = -D_SVID_GETTOD - -include $(CORE_DEPTH)/coreconf/SunOS5.mk - -CPU_ARCH = x86 -OS_DEFINES += -Di386 - -ifeq ($(OS_RELEASE),5.6_i86pc) - OS_DEFINES += -DSOLARIS2_6 -endif diff --git a/security/coreconf/SunOS5.7.mk b/security/coreconf/SunOS5.7.mk deleted file mode 100644 index dd676e2a9..000000000 --- a/security/coreconf/SunOS5.7.mk +++ /dev/null @@ -1,44 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# -# Config stuff for SunOS5.7 -# - -SOL_CFLAGS += -D_SVID_GETTOD - -include $(CORE_DEPTH)/coreconf/SunOS5.mk - -ifeq ($(OS_RELEASE),5.7) - OS_DEFINES += -DSOLARIS2_7 -endif - -OS_LIBS += -lthread -lnsl -lsocket -lposix4 -ldl -lc diff --git a/security/coreconf/SunOS5.8.mk b/security/coreconf/SunOS5.8.mk deleted file mode 100644 index 95fc01090..000000000 --- a/security/coreconf/SunOS5.8.mk +++ /dev/null @@ -1,44 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# -# Config stuff for SunOS5.8 -# - -SOL_CFLAGS += -D_SVID_GETTOD - -include $(CORE_DEPTH)/coreconf/SunOS5.mk - -ifeq ($(OS_RELEASE),5.8) - OS_DEFINES += -DSOLARIS2_8 -endif - -OS_LIBS += -lthread -lnsl -lsocket -lposix4 -ldl -lc diff --git a/security/coreconf/SunOS5.mk b/security/coreconf/SunOS5.mk deleted file mode 100644 index 388679d1c..000000000 --- a/security/coreconf/SunOS5.mk +++ /dev/null @@ -1,133 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# -# Config stuff for SunOS5.x -# - -include $(CORE_DEPTH)/coreconf/UNIX.mk - -ifeq ($(USE_64), 1) - ARCHFLAG=-xarch=v9 - LD=/usr/ccs/bin/ld -else - ARCHFLAG=-xarch=v8 -endif - -# -# Temporary define for the Client; to be removed when binary release is used -# -ifdef MOZILLA_CLIENT - LOCAL_THREADS_ONLY = 1 - ifndef NS_USE_NATIVE - NS_USE_GCC = 1 - endif -endif - -# -# The default implementation strategy for Solaris is classic nspr. -# -ifeq ($(USE_PTHREADS),1) - IMPL_STRATEGY = _PTH -else - ifeq ($(LOCAL_THREADS_ONLY),1) - IMPL_STRATEGY = _LOCAL - DEFINES += -D_PR_LOCAL_THREADS_ONLY - else - DEFINES += -D_PR_GLOBAL_THREADS_ONLY - endif -endif - -# -# Temporary define for the Client; to be removed when binary release is used -# -ifdef MOZILLA_CLIENT - IMPL_STRATEGY = -endif - -DEFAULT_COMPILER = cc - -ifdef NS_USE_GCC - CC = gcc - OS_CFLAGS += -Wall -Wno-format - CCC = g++ - CCC += -Wall -Wno-format - ASFLAGS += -x assembler-with-cpp - ifdef NO_MDUPDATE - OS_CFLAGS += $(NOMD_OS_CFLAGS) - else - OS_CFLAGS += $(NOMD_OS_CFLAGS) -MDupdate $(DEPENDENCIES) - endif -else - CC = cc - CCC = CC - ASFLAGS += -Wa,-P - OS_CFLAGS += $(NOMD_OS_CFLAGS) $(ARCHFLAG) - ifndef BUILD_OPT - OS_CFLAGS += -xs -# else -# OPTIMIZER += -fast - endif - -endif - -INCLUDES += -I/usr/dt/include -I/usr/openwin/include - -RANLIB = echo -CPU_ARCH = sparc -OS_DEFINES += -DSVR4 -DSYSV -D__svr4 -D__svr4__ -DSOLARIS - -ifneq ($(LOCAL_THREADS_ONLY),1) - OS_DEFINES += -D_REENTRANT -endif - -# Purify doesn't like -MDupdate -NOMD_OS_CFLAGS += $(DSO_CFLAGS) $(OS_DEFINES) $(SOL_CFLAGS) - -MKSHLIB = $(LD) -MKSHLIB += $(DSO_LDOPTS) - -# ld options: -# -G: produce a shared object -# -z defs: no unresolved symbols allowed -DSO_LDOPTS += -G - -# -KPIC generates position independent code for use in shared libraries. -# (Similarly for -fPIC in case of gcc.) -ifdef NS_USE_GCC - DSO_CFLAGS += -fPIC -else - DSO_CFLAGS += -KPIC -endif - -HAVE_PURIFY = 1 -NOSUCHFILE = /solaris-rm-f-sucks - diff --git a/security/coreconf/UNIX.mk b/security/coreconf/UNIX.mk deleted file mode 100644 index cbeac85fd..000000000 --- a/security/coreconf/UNIX.mk +++ /dev/null @@ -1,87 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -XP_DEFINE += -DXP_UNIX -LIB_SUFFIX = a -DLL_SUFFIX = so -AR = ar -AR += cr $@ -LDOPTS += -L$(SOURCE_LIB_DIR) - -ifdef BUILD_OPT - OPTIMIZER += -O - DEFINES += -UDEBUG -DNDEBUG -else - OPTIMIZER += -g - DEFINES += -DDEBUG -UNDEBUG -DDEBUG_$(shell whoami) -endif - -NSINSTALL_DIR = $(CORE_DEPTH)/coreconf/nsinstall -NSINSTALL = $(NSINSTALL_DIR)/$(OBJDIR_NAME)/nsinstall - -MKDEPEND_DIR = $(CORE_DEPTH)/coreconf/mkdepend -MKDEPEND = $(MKDEPEND_DIR)/$(OBJDIR_NAME)/mkdepend -MKDEPENDENCIES = $(OBJDIR_NAME)/depend.mk - -#################################################################### -# -# One can define the makefile variable NSDISTMODE to control -# how files are published to the 'dist' directory. If not -# defined, the default is "install using relative symbolic -# links". The two possible values are "copy", which copies files -# but preserves source mtime, and "absolute_symlink", which -# installs using absolute symbolic links. The "absolute_symlink" -# option requires NFSPWD. -# - THIS IS NOT PART OF THE NEW BINARY RELEASE PLAN for 9/30/97 -# - WE'RE KEEPING IT ONLY FOR BACKWARDS COMPATIBILITY -#################################################################### - -ifeq ($(NSDISTMODE),copy) - # copy files, but preserve source mtime - INSTALL = $(NSINSTALL) - INSTALL += -t -else - ifeq ($(NSDISTMODE),absolute_symlink) - # install using absolute symbolic links - INSTALL = $(NSINSTALL) - INSTALL += -L `$(NFSPWD)` - else - # install using relative symbolic links - INSTALL = $(NSINSTALL) - INSTALL += -R - endif -endif - -define MAKE_OBJDIR -if test ! -d $(@D); then rm -rf $(@D); $(NSINSTALL) -D $(@D); fi -endef diff --git a/security/coreconf/UNIXWARE2.1.mk b/security/coreconf/UNIXWARE2.1.mk deleted file mode 100644 index b9bd69900..000000000 --- a/security/coreconf/UNIXWARE2.1.mk +++ /dev/null @@ -1,51 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -# -# Config stuff for SCO Unixware 2.1 -# - -include $(CORE_DEPTH)/coreconf/UNIX.mk - -DEFAULT_COMPILER = $(CORE_DEPTH)/build/hcc - -CC = $(CORE_DEPTH)/build/hcc -CCC = $(CORE_DEPTH)/build/hcpp -RANLIB = true -OS_CFLAGS = -KPIC -DSVR4 -DSYSV -DUNIXWARE -MKSHLIB = $(LD) -MKSHLIB += $(DSO_LDOPTS) -DSO_LDOPTS += -G -CPU_ARCH = x86 -ARCH = sco -NOSUCHFILE = /solaris-rm-f-sucks diff --git a/security/coreconf/WIN16.mk b/security/coreconf/WIN16.mk deleted file mode 100644 index 68832d21c..000000000 --- a/security/coreconf/WIN16.mk +++ /dev/null @@ -1,117 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -# -# win16_3.11.mk -- Make configuration for Win16 -# -# This file configures gmake to build the Win16 variant of -# NSPR 2.0. This file has the function of two files commonly -# used on other platforms, for example: winnt.mk and -# winnt4.0.mk. ... The packaging is easier and there is only -# one variant of the Win16 target. -# -# Win16 is built using the Watcom C/C++ version 11.0 -# compiler. You gotta set up the compiler first. -# The Watcom compiler depends on a few environment -# variables; these environment variables define where the -# compiler components are installed; they must be set before -# running the make. -# -# Notes: -# OS_CFLAGS is the command line options for the compiler when -# building the .DLL object files. -# OS_EXE_CFLAGS is the command line options for the compiler -# when building the .EXE object files; this is for the test -# programs. -# the macro OS_CFLAGS is set to OS_EXE_CFLAGS inside of the -# makefile for the pr/tests directory. ... Hack. -# -# -# -# - -# -- configuration ----------------------------------------- - -DEFAULT_COMPILER = wcc - -CC = wcc -CCC = wcl -LINK = wlink -AR = wlib -AR += -q $@ -RC = wrc.exe -RC += /r /dWIN16=1 /bt=windows -RANLIB = echo -BSDECHO = echo -NSINSTALL_DIR = $(CORE_DEPTH)/coreconf/nsinstall -NSINSTALL = nsinstall -INSTALL = $(NSINSTALL) -MAKE_OBJDIR = mkdir -MAKE_OBJDIR += $(OBJDIR) -XP_DEFINE += -DXP_PC -LIB_SUFFIX = lib -DLL_SUFFIX = dll - -ifdef BUILD_OPT - OPTIMIZER = -oneatx -oh -oi -ei -3 -fpi87 -fp3 -else - OPTIMIZER += -d2 -hc -DDEBUG -# OPTIMIZER += -d2 -hw -DDEBUG -# LDFLAGS += -DEBUG -DEBUGTYPE:CV -endif - -# -# $(CPU_ARCH) has been commented out so that its contents -# are not added to the WIN16_?.OBJ names thus expanding -# them beyond the 8.3 character limit for this platform. -# -#CPU_ARCH = x386 -# -# added "-s" to avoid dependency on watcom's libs (e.g. on _STK) -# added "-zt3" for compatibility with MSVC's "/Gt3" option -# -OS_CFLAGS += -ml -3 -bd -zc -zu -bt=windows -s -zt3 -d_X86_ -dWIN16 -d_WINDLL -#OS_EXE_CFLAGS += -ml -3 -bt=windows -d_X86_ -dWIN16 -OS_LIB_FLAGS = -c -iro - -# Name of the binary code directories -OS_DLL_OPTION = CASEEXACT -OS_DLLFLAGS = -OS_LIBS = -W16_EXPORTS = # - -# -# The following is NOT needed for the NSPR 2.0 library. -# - -OS_CFLAGS += -d_WINDOWS -d_MSC_VER=700 diff --git a/security/coreconf/WIN32.mk b/security/coreconf/WIN32.mk deleted file mode 100644 index 61563e49a..000000000 --- a/security/coreconf/WIN32.mk +++ /dev/null @@ -1,100 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -# -# Configuration common to all versions of Windows NT -# and Windows 95 -# - -DEFAULT_COMPILER = cl - -CC = cl -CCC = cl -LINK = link -AR = lib -AR += -NOLOGO -OUT:"$@" -RANLIB = echo -BSDECHO = echo - -NSINSTALL_DIR = $(CORE_DEPTH)/coreconf/nsinstall -NSINSTALL = nsinstall - -MKDEPEND_DIR = $(CORE_DEPTH)/coreconf/mkdepend -MKDEPEND = $(MKDEPEND_DIR)/$(OBJDIR_NAME)/mkdepend.exe -# Note: MKDEPENDENCIES __MUST__ be a relative pathname, not absolute. -# If it is absolute, gmake will crash unless the named file exists. -MKDEPENDENCIES = $(OBJDIR_NAME)/depend.mk - -INSTALL = $(NSINSTALL) -MAKE_OBJDIR = mkdir -MAKE_OBJDIR += $(OBJDIR) -RC = rc.exe -GARBAGE += $(OBJDIR)/vc20.pdb $(OBJDIR)/vc40.pdb -XP_DEFINE += -DXP_PC -LIB_SUFFIX = lib -DLL_SUFFIX = dll - -ifdef BUILD_OPT - OS_CFLAGS += -MD - OPTIMIZER += -O2 - DEFINES += -UDEBUG -U_DEBUG -DNDEBUG - DLLFLAGS += -OUT:"$@" -else - # - # Define USE_DEBUG_RTL if you want to use the debug runtime library - # (RTL) in the debug build - # - ifdef USE_DEBUG_RTL - OS_CFLAGS += -MDd - else - OS_CFLAGS += -MD - endif - OPTIMIZER += -Od -Z7 - #OPTIMIZER += -Zi -Fd$(OBJDIR)/ -Od - DEFINES += -DDEBUG -D_DEBUG -UNDEBUG -DDEBUG_$(USERNAME) - DLLFLAGS += -DEBUG -DEBUGTYPE:CV -OUT:"$@" - LDFLAGS += -DEBUG -DEBUGTYPE:CV -endif - -DEFINES += -DWIN32 - -# -# The following is NOT needed for the NSPR 2.0 library. -# - -DEFINES += -D_WINDOWS - -# override default, which is ASFLAGS = CFLAGS -AS = ml.exe -ASFLAGS = -Cp -Sn -Zi -coff $(INCLUDES) - diff --git a/security/coreconf/WIN954.0.mk b/security/coreconf/WIN954.0.mk deleted file mode 100644 index 68b3b7e4f..000000000 --- a/security/coreconf/WIN954.0.mk +++ /dev/null @@ -1,63 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -# -# Config stuff for WIN95 -# -# This makefile defines the following variables: -# CPU_ARCH, OS_CFLAGS, and OS_DLLFLAGS. -# PROCESSOR is an internal variable. - -include $(CORE_DEPTH)/coreconf/WIN32.mk - -PROCESSOR := $(shell uname -p) -ifeq ($(PROCESSOR), I386) - CPU_ARCH = x386 - OS_CFLAGS += -W3 -nologo -D_X86_ -else - ifeq ($(PROCESSOR), MIPS) - CPU_ARCH = MIPS - #OS_CFLAGS += -W3 -nologo -D_MIPS_ - OS_CFLAGS += -W3 -nologo - else - ifeq ($(PROCESSOR), ALPHA) - CPU_ARCH = ALPHA - OS_CFLAGS += -W3 -nologo -D_ALPHA_=1 - else - CPU_ARCH = processor_is_undefined - endif - endif -endif - -OS_DLLFLAGS += -nologo -DLL -SUBSYSTEM:WINDOWS -PDB:NONE -DEFINES += -DWIN95 diff --git a/security/coreconf/WINNT3.51.mk b/security/coreconf/WINNT3.51.mk deleted file mode 100644 index 606e7a3b1..000000000 --- a/security/coreconf/WINNT3.51.mk +++ /dev/null @@ -1,70 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -# -# Config stuff for WINNT 3.51 -# -# This makefile defines the following variables: -# CPU_ARCH, OS_CFLAGS, and OS_DLLFLAGS. -# It has the following internal variables: -# OS_PROC_CFLAGS and OS_WIN_CFLAGS. - -include $(CORE_DEPTH)/coreconf/WIN32.mk - -PROCESSOR := $(shell uname -p) -ifeq ($(PROCESSOR), I386) - CPU_ARCH = x386 - OS_PROC_CFLAGS += -D_X86_ -else - ifeq ($(PROCESSOR), MIPS) - CPU_ARCH = MIPS - OS_PROC_CFLAGS += -D_MIPS_ - else - ifeq ($(PROCESSOR), ALPHA) - CPU_ARCH = ALPHA - OS_PROC_CFLAGS += -D_ALPHA_ - else - CPU_ARCH = processor_is_undefined - endif - endif -endif - -OS_WIN_CFLAGS += -W3 -OS_CFLAGS += -nologo $(OS_WIN_CFLAGS) $(OS_PROC_CFLAGS) -#OS_DLLFLAGS += -nologo -DLL -PDB:NONE -SUBSYSTEM:WINDOWS -OS_DLLFLAGS += -nologo -DLL -PDB:NONE -SUBSYSTEM:WINDOWS -# -# Win NT needs -GT so that fibers can work -# -OS_CFLAGS += -GT -OS_CFLAGS += -DWINNT diff --git a/security/coreconf/WINNT4.0.mk b/security/coreconf/WINNT4.0.mk deleted file mode 100644 index 204b790a8..000000000 --- a/security/coreconf/WINNT4.0.mk +++ /dev/null @@ -1,69 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -# -# Config stuff for WINNT 4.0 -# -# This makefile defines the following variables: -# CPU_ARCH, OS_CFLAGS, and OS_DLLFLAGS. -# PROCESSOR is an internal variable. - -include $(CORE_DEPTH)/coreconf/WIN32.mk - -PROCESSOR := $(shell uname -p) -ifeq ($(PROCESSOR), I386) - CPU_ARCH = x386 - OS_CFLAGS += -W3 -nologo -D_X86_ -else - ifeq ($(PROCESSOR), MIPS) - CPU_ARCH = MIPS - #OS_CFLAGS += -W3 -nologo -D_MIPS_ - OS_CFLAGS += -W3 -nologo - else - ifeq ($(PROCESSOR), ALPHA) - CPU_ARCH = ALPHA - OS_CFLAGS += -W3 -nologo -D_ALPHA_=1 - else - CPU_ARCH = processor_is_undefined - endif - endif -endif - -OS_DLLFLAGS += -nologo -DLL -SUBSYSTEM:WINDOWS -PDB:NONE -# -# Win NT needs -GT so that fibers can work -# -OS_CFLAGS += -GT -OS_CFLAGS += -DWINNT - -NSPR31_LIB_PREFIX = lib diff --git a/security/coreconf/arch.mk b/security/coreconf/arch.mk deleted file mode 100644 index 57af21a2d..000000000 --- a/security/coreconf/arch.mk +++ /dev/null @@ -1,301 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -####################################################################### -# Master "Core Components" macros for getting the OS architecture # -####################################################################### - -# -# Macros for getting the OS architecture -# - -ifeq ($(USE_64), 1) - 64BIT_TAG=_64 -else - 64BIT_TAG= -endif - -OS_ARCH := $(subst /,_,$(shell uname -s)) - -# -# Attempt to differentiate between sparc and x86 Solaris -# - -OS_TEST := $(shell uname -m) -ifeq ($(OS_TEST),i86pc) - OS_RELEASE := $(shell uname -r)_$(OS_TEST) -else - OS_RELEASE := $(shell uname -r) -endif - -# -# Force the IRIX64 machines to use IRIX. -# - -ifeq ($(OS_ARCH),IRIX64) - OS_ARCH = IRIX -endif - -# -# Force the newer BSDI versions to use the old arch name. -# - -ifeq ($(OS_ARCH),BSD_OS) - OS_ARCH = BSD_386 -endif - -# -# Catch Deterim if SVR4 is NCR or UNIXWARE -# - -ifeq ($(OS_ARCH),UNIX_SV) - ifneq ($(findstring NCR, $(shell grep NCR /etc/bcheckrc | head -1 )),) - OS_ARCH = NCR - else - # Make UnixWare something human readable - OS_ARCH = UNIXWARE - endif - - # Get the OS release number, not 4.2 - OS_RELEASE := $(shell uname -v) -endif - -ifeq ($(OS_ARCH),UNIX_System_V) - OS_ARCH = NEC -endif - -ifeq ($(OS_ARCH),AIX) - OS_RELEASE := $(shell uname -v).$(shell uname -r) -endif - -# -# Distinguish between OSF1 V4.0B and V4.0D -# - -ifeq ($(OS_ARCH)$(OS_RELEASE),OSF1V4.0) - OS_VERSION := $(shell uname -v) - ifeq ($(OS_VERSION),564) - OS_RELEASE := V4.0B - endif - ifeq ($(OS_VERSION),878) - OS_RELEASE := V4.0D - endif -endif - -# -# SINIX changes name to ReliantUNIX with 5.43 -# - -ifeq ($(OS_ARCH),ReliantUNIX-N) - OS_ARCH = ReliantUNIX - OS_RELEASE = 5.4 -endif - -ifeq ($(OS_ARCH),SINIX-N) - OS_ARCH = ReliantUNIX - OS_RELEASE = 5.4 -endif - -# -# Handle FreeBSD 2.2-STABLE and Linux 2.0.30-osfmach3 -# - -ifeq (,$(filter-out Linux FreeBSD,$(OS_ARCH))) -OS_RELEASE := $(shell echo $(OS_RELEASE) | sed 's/-.*//') -endif - -ifeq ($(OS_ARCH),Linux) - OS_RELEASE := $(basename $(OS_RELEASE)) -endif - -####################################################################### -# Master "Core Components" macros for getting the OS target # -####################################################################### - -# -# Note: OS_TARGET should be specified on the command line for gmake. -# When OS_TARGET=WIN95 is specified, then a Windows 95 target is built. -# The difference between the Win95 target and the WinNT target is that -# the WinNT target uses Windows NT specific features not available -# in Windows 95. The Win95 target will run on Windows NT, but (supposedly) -# at lesser performance (the Win95 target uses threads; the WinNT target -# uses fibers). -# -# When OS_TARGET=WIN16 is specified, then a Windows 3.11 (16bit) target -# is built. See: win16_3.11.mk for lots more about the Win16 target. -# -# If OS_TARGET is not specified, it defaults to $(OS_ARCH), i.e., no -# cross-compilation. -# - -# -# The following hack allows one to build on a WIN95 machine (as if -# s/he were cross-compiling on a WINNT host for a WIN95 target). -# It also accomodates for MKS's uname.exe. If you never intend -# to do development on a WIN95 machine, you don't need this. It doesn't -# work any more anyway. -# -ifeq ($(OS_ARCH),WIN95) - OS_ARCH = WINNT - OS_TARGET = WIN95 -endif -ifeq ($(OS_ARCH),Windows_95) - OS_ARCH = Windows_NT - OS_TARGET = WIN95 -endif - -# -# On WIN32, we also define the variable CPU_ARCH. -# - -ifeq ($(OS_ARCH), WINNT) - CPU_ARCH := $(shell uname -p) - ifeq ($(CPU_ARCH),I386) - CPU_ARCH = x386 - endif -else -# -# If uname -s returns "Windows_NT", we assume that we are using -# the uname.exe in MKS toolkit. -# -# The -r option of MKS uname only returns the major version number. -# So we need to use its -v option to get the minor version number. -# Moreover, it doesn't have the -p option, so we need to use uname -m. -# -ifeq ($(OS_ARCH), Windows_NT) - OS_ARCH = WINNT - OS_MINOR_RELEASE := $(shell uname -v) - ifeq ($(OS_MINOR_RELEASE),00) - OS_MINOR_RELEASE = 0 - endif - OS_RELEASE = $(OS_RELEASE).$(OS_MINOR_RELEASE) - CPU_ARCH := $(shell uname -m) - # - # MKS's uname -m returns "586" on a Pentium machine. - # - ifneq (,$(findstring 86,$(CPU_ARCH))) - CPU_ARCH = x386 - endif -endif -endif - -ifndef OS_TARGET - OS_TARGET = $(OS_ARCH) -endif - -ifeq ($(OS_TARGET), WIN95) - OS_RELEASE = 4.0 -endif - -ifeq ($(OS_TARGET), WIN16) - OS_RELEASE = -# OS_RELEASE = _3.11 -endif - -# -# This variable is used to get OS_CONFIG.mk. -# - -OS_CONFIG = $(OS_TARGET)$(OS_RELEASE) - -# -# OBJDIR_TAG depends on the predefined variable BUILD_OPT, -# to distinguish between debug and release builds. -# - -ifdef BUILD_OPT - ifeq ($(OS_TARGET),WIN16) - OBJDIR_TAG = _O - else - OBJDIR_TAG = $(64BIT_TAG)_OPT - endif -else - ifdef BUILD_IDG - ifeq ($(OS_TARGET),WIN16) - OBJDIR_TAG = _I - else - OBJDIR_TAG = $(64BIT_TAG)_IDG - endif - else - ifeq ($(OS_TARGET),WIN16) - OBJDIR_TAG = _D - else - OBJDIR_TAG = $(64BIT_TAG)_DBG - endif - endif -endif - -# -# The following flags are defined in the individual $(OS_CONFIG).mk -# files. -# -# CPU_TAG is defined if the CPU is not the most common CPU. -# COMPILER_TAG is defined if the compiler is not the native compiler. -# IMPL_STRATEGY may be defined too. -# - -# Name of the binary code directories -ifeq ($(OS_ARCH), WINNT) - ifeq ($(CPU_ARCH),x386) - OBJDIR_NAME = $(OS_CONFIG)$(OBJDIR_TAG).OBJ - else - OBJDIR_NAME = $(OS_CONFIG)$(CPU_ARCH)$(OBJDIR_TAG).OBJ - endif -else -endif - -OBJDIR_NAME = $(OS_CONFIG)$(CPU_TAG)$(COMPILER_TAG)$(LIBC_TAG)$(IMPL_STRATEGY)$(OBJDIR_TAG).OBJ - -ifeq ($(OS_ARCH), WINNT) -ifneq ($(OS_TARGET),WIN16) -ifndef BUILD_OPT -# -# Define USE_DEBUG_RTL if you want to use the debug runtime library -# (RTL) in the debug build -# -ifdef USE_DEBUG_RTL - OBJDIR_NAME = $(OS_CONFIG)$(CPU_TAG)$(COMPILER_TAG)$(IMPL_STRATEGY)$(OBJDIR_TAG).OBJD -endif -endif -endif -endif - -# -# For OS/2 -# -ifeq ($(OS_ARCH), OS_2) -OS_ARCH := OS2 -OS_RELEASE := $(shell uname -v) -OS_CONFIG := $(OS_ARCH) -endif - diff --git a/security/coreconf/command.mk b/security/coreconf/command.mk deleted file mode 100644 index 488161461..000000000 --- a/security/coreconf/command.mk +++ /dev/null @@ -1,55 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -####################################################################### -# Master "Core Components" default command macros; # -# can be overridden in <arch>.mk # -####################################################################### - -AS = $(CC) -ASFLAGS += $(CFLAGS) -CCF = $(CC) $(CFLAGS) -PURIFY = purify $(PURIFYOPTIONS) -LINK_DLL = $(LINK) $(OS_DLLFLAGS) $(DLLFLAGS) -LINK_EXE = $(LINK) $(OS_LFLAGS) $(LFLAGS) -NFSPWD = $(NSINSTALL_DIR)/nfspwd -CFLAGS += $(OPTIMIZER) $(OS_CFLAGS) $(XP_DEFINE) $(DEFINES) $(INCLUDES) \ - $(XCFLAGS) -RANLIB = echo -TAR = /bin/tar -# -# For purify -# -NOMD_CFLAGS += $(OPTIMIZER) $(NOMD_OS_CFLAGS) $(XP_DEFINE) $(DEFINES) $(INCLUDES) \ - $(XCFLAGS) - diff --git a/security/coreconf/config.mk b/security/coreconf/config.mk deleted file mode 100644 index 20a7dc126..000000000 --- a/security/coreconf/config.mk +++ /dev/null @@ -1,142 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# -# Configuration information for building in the "Core Components" source module -# - -####################################################################### -# [1.0] Master "Core Components" source and release <architecture> # -# tags # -####################################################################### - -include $(CORE_DEPTH)/coreconf/arch.mk - -####################################################################### -# [2.0] Master "Core Components" default command macros # -# (NOTE: may be overridden in $(OS_CONFIG).mk) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/command.mk - -####################################################################### -# [3.0] Master "Core Components" <architecture>-specific macros # -# (dependent upon <architecture> tags) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/$(OS_CONFIG).mk - -####################################################################### -# [4.0] Master "Core Components" source and release <platform> tags # -# (dependent upon <architecture> tags) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/platform.mk - -####################################################################### -# [5.0] Master "Core Components" release <tree> tags # -# (dependent upon <architecture> tags) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/tree.mk - -####################################################################### -# [6.0] Master "Core Components" source and release <component> tags # -# NOTE: A component is also called a module or a subsystem. # -# (dependent upon $(MODULE) being defined on the # -# command line, as an environment variable, or in individual # -# makefiles, or more appropriately, manifest.mn) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/module.mk - -####################################################################### -# [7.0] Master "Core Components" release <version> tags # -# (dependent upon $(MODULE) being defined on the # -# command line, as an environment variable, or in individual # -# makefiles, or more appropriately, manifest.mn) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/version.mk - -####################################################################### -# [8.0] Master "Core Components" macros to figure out # -# binary code location # -# (dependent upon <platform> tags) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/location.mk - -####################################################################### -# [9.0] Master "Core Components" <component>-specific source path # -# (dependent upon <user_source_tree>, <source_component>, # -# <version>, and <platform> tags) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/source.mk - -####################################################################### -# [10.0] Master "Core Components" include switch for support header # -# files # -# (dependent upon <tree>, <component>, <version>, # -# and <platform> tags) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/headers.mk - -####################################################################### -# [11.0] Master "Core Components" for computing program prefixes # -####################################################################### - -include $(CORE_DEPTH)/coreconf/prefix.mk - -####################################################################### -# [12.0] Master "Core Components" for computing program suffixes # -# (dependent upon <architecture> tags) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/suffix.mk - -####################################################################### -# [13.0] Master "Core Components" for defining JDK # -# (dependent upon <architecture>, <source>, and <suffix> tags)# -####################################################################### - -include $(CORE_DEPTH)/coreconf/jdk.mk - -####################################################################### -# [14.0] Master "Core Components" rule set # -# (should always be the last file included by config.mk) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/ruleset.mk --include $(MKDEPENDENCIES) - diff --git a/security/coreconf/coreconf.pl b/security/coreconf/coreconf.pl deleted file mode 100644 index 8471b0ead..000000000 --- a/security/coreconf/coreconf.pl +++ /dev/null @@ -1,156 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# -sub recursive_copy { - local($fromdir); - local($todir); - local(@dirlist); - $fromdir = shift; - $todir = shift; - - print STDERR "recursive copy called with $fromdir, $todir\n"; - -#remove any trailing slashes. - $fromdir =~ s/\/$//; - $todir =~ s/\/$//; - - opendir(DIR, $fromdir); - @dirlist = readdir DIR; - close DIR; - - - foreach $file (@dirlist) { - if (! (($file eq "." ) || ($file eq "..") )) { - - if (-d "$fromdir/$file") { - print STDERR "handling directory $todir/$file\n"; - &rec_mkdir("$todir/$file"); - &recursive_copy("$fromdir/$file","$todir/$file"); - } - else { - print STDERR "handling file $fromdir/$file\n"; - &my_copy("$fromdir/$file","$todir/$file"); - } - } - } -} - -sub parse_argv { - -# print STDERR "Parsing Variables\n"; - - foreach $q ( @ARGV ) { - if (! ($q =~ /=/)) { - $var{$lastassigned} .= " $q"; - } - else { - $q =~ /^([^=]*)=(.*)/; - $left = $1; - $right = $2; - - $right =~ s/ *$//; - $var{$left} = $right; - - $lastassigned = $left; - - } - print STDERR "Assigned $lastassigned = $var{$lastassigned}\n"; - } -} - - -# usage: &my_copy("dir/fromfile","dir2/tofile"); -# do a 'copy' - files only, 'to' MUST be a filename, not a directory. - -# fix this to be able to use copy on win nt. - -sub my_copy { - local($from); - local($to); - local($cpcmd); - - $from = shift; - $to = shift; - - if ( ! defined $var{OS_ARCH}) { - die "OS_ARCH not defined!"; - } - else { - if ($var{OS_ARCH} eq 'WINNT') { - $cpcmd = 'cp'; - } - else { - $cpcmd = 'cp'; - } - print STDERR "COPYING: $cpcmd $from $to\n"; - system("$cpcmd $from $to"); - } -} - - -sub old_my_copy { - local($from); - local($to); - - $from = shift; - $to = shift; - open(FIN, "<$from") || die("Can't read from file $from\n"); - if ( ! open(FOUT,">$to")) { - close FIN; - die "Can't write to file $to\n"; - } - while (read(FIN, $buf, 100000)) { - print FOUT $buf; - } - close (FIN); - close (FOUT); -} - -sub rec_mkdir { - local($arg); - local($t); - local($q); - - $arg = shift; - $t = ""; - foreach $q (split(/\//,$arg)) { - $t .= $q; - if (! ($t =~ /\.\.$/)) { - if ($t =~ /./) { - mkdir($t,0775); - } - } - $t.= '/'; - } -} - -1; diff --git a/security/coreconf/cpdist.pl b/security/coreconf/cpdist.pl deleted file mode 100755 index cea077990..000000000 --- a/security/coreconf/cpdist.pl +++ /dev/null @@ -1,195 +0,0 @@ -#! /usr/local/bin/perl -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# -require('coreconf.pl'); - -#######-- read in variables on command line into %var - -&parse_argv; - -### do the copy - -print STDERR "RELEASE TREE / MODULE = $var{RELEASE_TREE} $var{MODULE}\n"; - - - -# 1 -if ($var{RELEASE} eq "") { exit; } # Can't do release here, so exit. - -# 2 -#if (! ($var{RELEASE} =~ /\//)) { # if no specific version is specified in RELEASE variable -# $component = $var{RELEASE}; -#} -#else { # if a subcomponent/version is given in the RELEASE variable -# $var{RELEASE} =~ m|^([^/]*)/|; -# $component = $1; # everything before the first slash; -# } - -# 3 -$path = $var{RELEASE}; - - -# 4 -# find out what directory we would create for 'today' - -$year = (localtime)[5] + 1900; -$month = (localtime)[4] + 1; -$day = (localtime)[3]; -$today = sprintf( "%d%02d%02d", $year, $month, $day ); - -# 5 -# if version is null, then set the version to today. -if ($var{"RELEASE_VERSION"} eq "") { - $var{"RELEASE_VERSION"} = $today; -} - -#6 -$version = $var{"RELEASE_VERSION"}; # set RELEASE_VERSION to passed in variable - -#7 -# if version is today, then we will want to make a 'current' link. - -if ($version eq $today) { - $create_current = 1; -} - -#8 -# version can be a) passed in value from command line, b) value in manifest.mn -# or c) computed value such as '19970909' - - -$dir = "$var{'RELEASE_TREE'}/$path"; - -#9 -if (! (-e "$dir/$version" && -d "$dir/$version")) { - print "making dir $dir \n"; - &rec_mkdir("$dir/$version"); -} - - - -print "version = $version\n"; -print "path = $path\n"; -print "var{release_tree} = $var{'RELEASE_TREE'}\n"; -print "dir = $dir = RELEASE_TREE/path\n"; - - -#10 -if ($create_current == 1) { - -# unlinking and linking always occurs, even if the link is correct - print "unlinking $dir/current\n"; - unlink("$dir/current"); - - print "putting version number $today into 'current' file.."; - - open(FILE,">$dir/current") || die " couldn't open current\n"; - print FILE "$today\n"; - close(FILE); - print " ..done\n" - -} - -&rec_mkdir("$dir/$version/$var{'RELEASE_MD_DIR'}"); -&rec_mkdir("$dir/$version/$var{'RELEASE_XP_DIR'}"); - - - - -foreach $jarfile (split(/ /,$var{FILES}) ) { - print STDERR "---------------------------------------------\n"; - - $jarinfo = $var{$jarfile}; - - ($jardir,$jaropts) = split(/\|/,$jarinfo); - - if ($jaropts =~ /f/) { - print STDERR "Copying files $jardir....\n"; - } - else { - print STDERR "Copying jar file $jarfile....\n"; - } - - print "jaropts = $jaropts\n"; - - if ($jaropts =~ /m/) { - $destdir = $var{"RELEASE_MD_DIR"}; - print "found m, using MD dir $destdir\n"; - } - elsif ($jaropts =~ /x/) { - $destdir = $var{"RELEASE_XP_DIR"}; - print "found x, using XP dir $destdir\n"; - } - else { - die "Error: must specify m or x in jar options in $jarinfo line\n"; - } - - - $distdir = "$dir/$version/$destdir"; - - - - if ($jaropts =~ /f/) { - - print "splitting: \"$jardir\"\n"; - for $srcfile (split(/ /,$jardir)) { - -#if srcfile has a slash - if ($srcfile =~ m|/|) { -#pull out everything before the last slash into $1 - $srcfile =~ m|(.*)/|; - $distsubdir = "/$1"; - print "making dir $distdir$distsubdir\n"; - &rec_mkdir("$distdir$distsubdir"); - } - print "copy: from $srcfile\n"; - print " to $distdir$distsubdir\n"; - $srcprefix = ""; - if ($jaropts =~/m/) { - $srcprefix = "$var{'PLATFORM'}/"; - } - system("cp $srcprefix$srcfile $distdir$distsubdir"); - } - } - else { - $srcfile = "$var{SOURCE_RELEASE_PREFIX}/$jardir/$jarfile"; - - print "copy: from $srcfile\n"; - print " to $distdir\n"; - - system("cp $srcfile $distdir"); - - } - - } - diff --git a/security/coreconf/headers.mk b/security/coreconf/headers.mk deleted file mode 100644 index f09d5f6ee..000000000 --- a/security/coreconf/headers.mk +++ /dev/null @@ -1,54 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -####################################################################### -# Master "Core Components" include switch for support header files # -####################################################################### - -# -# Always append source-side machine-dependent (md) and cross-platform -# (xp) include paths -# - -INCLUDES += -I$(SOURCE_MDHEADERS_DIR) - -ifneq ($(OS_TARGET),WIN16) -INCLUDES += -I$(SOURCE_XPHEADERS_DIR) -endif - -# -# Only append source-side private cross-platform include paths for -# sectools -# - -INCLUDES += -I$(SOURCE_XPPRIVATE_DIR) diff --git a/security/coreconf/import.pl b/security/coreconf/import.pl deleted file mode 100755 index 0bba3c820..000000000 --- a/security/coreconf/import.pl +++ /dev/null @@ -1,218 +0,0 @@ -#! /usr/local/bin/perl -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -print STDERR "import.pl\n"; - -require('coreconf.pl'); - - -$returncode =0; - - -#######-- read in variables on command line into %var - -$var{ZIP} = "zip"; -$var{UNZIP} = "unzip -o"; - -&parse_argv; - -if (! ($var{IMPORTS} =~ /\w/)) { - print STDERR "nothing to import\n"; -} - -######-- Do the import! - -foreach $import (split(/ /,$var{IMPORTS}) ) { - - print STDERR "\n\nIMPORTING .... $import\n-----------------------------\n"; - - -# if a specific version specified in IMPORT variable -# (if $import has a slash in it) - - if ($import =~ /\//) { - # $component=everything before the first slash of $import - - $import =~ m|^([^/]*)/|; - $component = $1; - - $import =~ m|^(.*)/([^/]*)$|; - - # $path=everything before the last slash of $import - $path = $1; - - # $version=everything after the last slash of $import - $version = $2; - - if ($var{VERSION} ne "current") { - $version = $var{VERSION}; - } - } - else { - $component = $import; - $path = $import; - $version = $var{VERSION}; - } - - $releasejardir = "$var{RELEASE_TREE}/$path"; - if ($version eq "current") { - print STDERR "Current version specified. Reading 'current' file ... \n"; - - open(CURRENT,"$releasejardir/current") || die "NO CURRENT FILE\n"; - $version = <CURRENT>; - $version =~ s/(\r?\n)*$//; # remove any trailing [CR/]LF's - close(CURRENT); - print STDERR "Using version $version\n"; - if ( $version eq "") { - die "Current version file empty. Stopping\n"; - } - } - - $releasejardir = "$releasejardir/$version"; - if ( ! -d $releasejardir) { - die "$releasejardir doesn't exist (Invalid Version?)\n"; - } - foreach $jarfile (split(/ /,$var{FILES})) { - - ($relpath,$distpath,$options) = split(/\|/, $var{$jarfile}); - - if ($var{'OVERRIDE_IMPORT_CHECK'} eq 'YES') { - $options =~ s/v//g; - } - - if ( $relpath ne "") { $releasejarpathname = "$releasejardir/$relpath";} - else { $releasejarpathname = $releasejardir; } - -# If a component doesn't have IDG versions, import the DBG ones - if( ! -e "$releasejarpathname/$jarfile" ) { - if( $relpath =~ /IDG\.OBJ$/ ) { - $relpath =~ s/IDG.OBJ/DBG.OBJ/; - $releasejarpathname = "$releasejardir/$relpath"; - } elsif( $relpath =~ /IDG\.OBJD$/ ) { - $relpath =~ s/IDG.OBJD/DBG.OBJD/; - $releasejarpathname = "$releasejardir/$relpath"; - } - } - - if (-e "$releasejarpathname/$jarfile") { - print STDERR "\nWorking on jarfile: $jarfile\n"; - - if ($distpath =~ m|/$|) { - $distpathname = "$distpath$component"; - } - else { - $distpathname = "$distpath"; - } - - -#the block below is used to determine whether or not the xp headers have -#already been imported for this component - - $doimport = 1; - if ($options =~ /v/) { # if we should check the imported version - print STDERR "Checking if version file exists $distpathname/version\n"; - if (-e "$distpathname/version") { - open( VFILE, "<$distpathname/version") || - die "Cannot open $distpathname/version for reading. Permissions?\n"; - $importversion = <VFILE>; - close (VFILE); - $importversion =~ s/\r?\n$//; # Strip off any trailing CR/LF - if ($version eq $importversion) { - print STDERR "$distpathname version '$importversion' already imported. Skipping...\n"; - $doimport =0; - } - } - } - - if ($doimport == 1) { - if (! -d "$distpathname") { - &rec_mkdir("$distpathname"); - } - # delete the stuff in there already. - # (this should really be recursive delete.) - - if ($options =~ /v/) { - $remheader = "\nREMOVING files in '$distpathname/' :"; - opendir(DIR,"$distpathname") || - die ("Cannot read directory $distpathname\n"); - @filelist = readdir(DIR); - closedir(DIR); - foreach $file ( @filelist ) { - if (! ($file =~ m!/.?.$!) ) { - if (! (-d $file)) { - $file =~ m!([^/]*)$!; - print STDERR "$remheader $1"; - $remheader = " "; - unlink "$distpathname/$file"; - } - } - } - } - - - print STDERR "\n\n"; - - print STDERR "\nExtracting jarfile '$jarfile' to local directory $distpathname/\n"; - - print STDERR "$var{UNZIP} $releasejarpathname/$jarfile -d $distpathname\n"; - system("$var{UNZIP} $releasejarpathname/$jarfile -d $distpathname"); - - $r = $?; - - if ($options =~ /v/) { - if ($r == 0) { - unlink ("$distpathname/version"); - if (open(VFILE,">$distpathname/version")) { - print VFILE "$version\n"; - close(VFILE); - } - } - else { - print STDERR "Could not create '$distpathname/version'. Permissions?\n"; - $returncode ++; - } - } - } # if (doimport) - } # if (-e releasejarpathname/jarfile) - } # foreach jarfile) -} # foreach IMPORT - - - -exit($returncode); - - - - - diff --git a/security/coreconf/jdk.mk b/security/coreconf/jdk.mk deleted file mode 100644 index 31b402802..000000000 --- a/security/coreconf/jdk.mk +++ /dev/null @@ -1,652 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -ifdef NS_USE_JDK -####################################################################### -# [1] Define preliminary JDK "Core Components" toolset options # -####################################################################### - -# set default JDK java threading model -ifeq ($(JDK_THREADING_MODEL),) - JDK_THREADING_MODEL = native_threads -# no such thing as -native flag - JDK_THREADING_MODEL_OPT = -endif - -####################################################################### -# [2] Define platform-independent JDK "Core Components" options # -####################################################################### - -# set default location of the java classes repository -ifeq ($(JAVA_DESTPATH),) -ifdef BUILD_OPT - JAVA_DESTPATH = $(SOURCE_CLASSES_DIR) -else - JAVA_DESTPATH = $(SOURCE_CLASSES_DBG_DIR) -endif -endif - -# set default location of the package under the java classes repository -# note that this overrides the default package value in ruleset.mk -ifeq ($(PACKAGE),) - PACKAGE = . -endif - -# set default location of the java source code repository -ifeq ($(JAVA_SOURCEPATH),) - JAVA_SOURCEPATH = . -endif - -# add JNI directory to default include search path -ifneq ($(JNI_GEN),) - ifdef NSBUILDROOT - INCLUDES += -I$(JNI_GEN_DIR) -I$(SOURCE_XP_DIR) - else - INCLUDES += -I$(JNI_GEN_DIR) - endif -endif - -####################################################################### -# [3] Define platform-dependent JDK "Core Components" options # -####################################################################### - -# set [Microsoft Windows] platforms -ifeq ($(OS_ARCH), WINNT) - # (1) specify "location" information - ifeq ($(JAVA_HOME),) - JAVA_HOME = //iridium/components/jdk/1.2.2_01/WINNT - endif - - JAVA_CLASSES = $(JAVA_HOME)/lib/classes.zip - - ifeq ($(JRE_HOME),) - JRE_HOME = $(JAVA_HOME) - JRE_CLASSES = $(JAVA_CLASSES) - else - ifeq ($(JRE_CLASSES),) - JRE_CLASSES = $(JRE_HOME)/lib/classes.zip - endif - endif - - PATH_SEPARATOR = ; - - # (2) specify "header" information - JAVA_ARCH = win32 - - INCLUDES += -I$(JAVA_HOME)/include - INCLUDES += -I$(JAVA_HOME)/include/$(JAVA_ARCH) - - # (3) specify "linker" information - JAVA_CPU = - - JAVA_LIBDIR = lib - - JAVA_CLIBS = - - JAVA_LIBS = -LIBPATH:$(JAVA_HOME)/$(JAVA_LIBDIR) jvm.lib - JAVA_LIBS += $(JAVA_CLIBS) - - LDFLAGS += $(JAVA_LIBS) - - # currently, disable JIT option on this platform - JDK_JIT_OPT = -nojit -endif - -# set [Sun Solaris] platforms -ifeq ($(OS_ARCH), SunOS) - # (1) specify "location" information - ifeq ($(JAVA_HOME),) - JAVA_HOME = /share/builds/components/jdk/1.2.2_01/SunOS - endif - - JAVA_CLASSES = $(JAVA_HOME)/lib/classes.zip - - ifeq ($(JRE_HOME),) - JRE_HOME = $(JAVA_HOME) - JRE_CLASSES = $(JAVA_CLASSES) - else - ifeq ($(JRE_CLASSES),) - JRE_CLASSES = $(JRE_HOME)/lib/classes.zip - endif - endif - - PATH_SEPARATOR = : - - # (2) specify "header" information - JAVA_ARCH = solaris - - INCLUDES += -I$(JAVA_HOME)/include - INCLUDES += -I$(JAVA_HOME)/include/$(JAVA_ARCH) - - # (3) specify "linker" information - JAVA_CPU = sparc - - JAVA_LIBDIR = jre/lib/$(JAVA_CPU) - - # ** IMPORTANT ** having -lthread before -lnspr is critical on solaris - # when linking with -ljava as nspr redefines symbols in libthread that - # cause JNI executables to fail with assert of bad thread stack values. - JAVA_CLIBS = -lthread - - JAVA_LIBS = -L$(JAVA_HOME)/$(JAVA_LIBDIR)/$(JDK_THREADING_MODEL) -lhpi - JAVA_LIBS += -L$(JAVA_HOME)/$(JAVA_LIBDIR)/classic -ljvm - JAVA_LIBS += -L$(JAVA_HOME)/$(JAVA_LIBDIR) -ljava - JAVA_LIBS += $(JAVA_CLIBS) - - LDFLAGS += $(JAVA_LIBS) - - # currently, disable JIT option on this platform - JDK_JIT_OPT = -endif - -# set [Hewlett Packard HP-UX] platforms -ifeq ($(OS_ARCH), HP-UX) - # (1) specify "location" information (currently ONLY on "orville") - ifeq ($(JAVA_HOME),) - JAVA_HOME = /opt/java1.2 - endif - - JAVA_CLASSES = $(JAVA_HOME)/lib/classes.zip - - ifeq ($(JRE_HOME),) - JRE_HOME = $(JAVA_HOME) - JRE_CLASSES = $(JAVA_CLASSES) - else - ifeq ($(JRE_CLASSES),) - JRE_CLASSES = $(JRE_HOME)/lib/classes.zip - endif - endif - - PATH_SEPARATOR = : - - # (2) specify "header" information - JAVA_ARCH = hp-ux - - INCLUDES += -I$(JAVA_HOME)/include - INCLUDES += -I$(JAVA_HOME)/include/$(JAVA_ARCH) - - # (3) specify "linker" information - JAVA_CPU = PA_RISC - - JAVA_LIBDIR = jre/lib/$(JAVA_CPU) - - JAVA_CLIBS = - - JAVA_LIBS = -L$(JAVA_HOME)/$(JAVA_LIBDIR)/$(JDK_THREADING_MODEL) -lhpi - JAVA_LIBS += -L$(JAVA_HOME)/$(JAVA_LIBDIR)/classic -ljvm - JAVA_LIBS += -L$(JAVA_HOME)/$(JAVA_LIBDIR) -ljava - JAVA_LIBS += $(JAVA_CLIBS) - - LDFLAGS += $(JAVA_LIBS) - - # no JIT option available on this platform - JDK_JIT_OPT = -endif - -# set [Redhat Linux] platforms -ifeq ($(OS_ARCH), Linux) - # (1) specify "location" information - ifeq ($(JAVA_HOME),) - JAVA_HOME = /share/builds/components/jdk/1.2.2/Linux - endif - - JAVA_CLASSES = $(JAVA_HOME)/lib/classes.zip - - ifeq ($(JRE_HOME),) - JRE_HOME = $(JAVA_HOME) - JRE_CLASSES = $(JAVA_CLASSES) - else - ifeq ($(JRE_CLASSES),) - JRE_CLASSES = $(JRE_HOME)/lib/classes.zip - endif - endif - - PATH_SEPARATOR = : - - # (2) specify "header" information - JAVA_ARCH = linux - - INCLUDES += -I$(JAVA_HOME)/include - INCLUDES += -I$(JAVA_HOME)/include/$(JAVA_ARCH) - - # (3) specify "linker" information - JAVA_CPU = i386 - - JAVA_LIBDIR = jre/lib/$(JAVA_CPU) - - JAVA_CLIBS = - - JAVA_LIBS = -L$(JAVA_HOME)/$(JAVA_LIBDIR)/$(JDK_THREADING_MODEL) -lhpi - JAVA_LIBS += -L$(JAVA_HOME)/$(JAVA_LIBDIR)/classic -ljvm - JAVA_LIBS += -L$(JAVA_HOME)/$(JAVA_LIBDIR) -ljava - JAVA_LIBS += $(JAVA_CLIBS) - - LDFLAGS += $(JAVA_LIBS) - - # no JIT option available on this platform - JDK_JIT_OPT = -endif - -# set [IBM AIX] platforms -ifeq ($(OS_ARCH), AIX) - # (1) specify "location" information - ifeq ($(JAVA_HOME),) - JAVA_HOME = /share/builds/components/jdk/1.2.2/AIX - endif - - JAVA_CLASSES = $(JAVA_HOME)/lib/classes.zip - - ifeq ($(JRE_HOME),) - JRE_HOME = $(JAVA_HOME) - JRE_CLASSES = $(JAVA_CLASSES) - else - ifeq ($(JRE_CLASSES),) - JRE_CLASSES = $(JRE_HOME)/lib/classes.zip - endif - endif - - PATH_SEPARATOR = : - - # (2) specify "header" information - JAVA_ARCH = aix - - INCLUDES += -I$(JAVA_HOME)/include - - # (3) specify "linker" information - JAVA_CPU = aix - - JAVA_LIBDIR = jre/bin - - JAVA_CLIBS = - - JAVA_LIBS = -L$(JAVA_HOME)/$(JAVA_LIBDIR) -lhpi - JAVA_LIBS += -L$(JAVA_HOME)/$(JAVA_LIBDIR)/classic -ljvm - JAVA_LIBS += -L$(JAVA_HOME)/$(JAVA_LIBDIR) -ljava - JAVA_LIBS += $(JAVA_CLIBS) - - LDFLAGS += $(JAVA_LIBS) - - # no JIT option available on this platform - JDK_JIT_OPT = -endif - -# set [Digital UNIX] platforms -ifeq ($(OS_ARCH), OSF1) - # (1) specify "location" information - ifeq ($(JAVA_HOME),) - JAVA_HOME = /share/builds/components/jdk/1.2.2_3/OSF1 - endif - - JAVA_CLASSES = $(JAVA_HOME)/lib/classes.zip - - ifeq ($(JRE_HOME),) - JRE_HOME = $(JAVA_HOME) - JRE_CLASSES = $(JAVA_CLASSES) - else - ifeq ($(JRE_CLASSES),) - JRE_CLASSES = $(JRE_HOME)/lib/classes.zip - endif - endif - - PATH_SEPARATOR = : - - # (2) specify "header" information - JAVA_ARCH = alpha - - INCLUDES += -I$(JAVA_HOME)/include - INCLUDES += -I$(JAVA_HOME)/include/$(JAVA_ARCH) - - # (3) specify "linker" information - JAVA_CPU = alpha - - JAVA_LIBDIR = jre/lib/$(JAVA_CPU) - - JAVA_CLIBS = - - JAVA_LIBS = -L$(JAVA_HOME)/$(JAVA_LIBDIR)/$(JDK_THREADING_MODEL) -lhpi - JAVA_LIBS += -L$(JAVA_HOME)/$(JAVA_LIBDIR)/classic -ljvm - JAVA_LIBS += -L$(JAVA_HOME)/$(JAVA_LIBDIR) -ljava - JAVA_LIBS += $(JAVA_CLIBS) - - LDFLAGS += $(JAVA_LIBS) - - # no JIT option available on this platform - JDK_JIT_OPT = -endif - -# set [Silicon Graphics IRIX] platforms -ifeq ($(OS_ARCH), IRIX) - # (1) specify "location" information - ifeq ($(JAVA_HOME),) - JAVA_HOME = /share/builds/components/jdk/1.2.1/IRIX - endif - - JAVA_CLASSES = $(JAVA_HOME)/lib/dev.jar:$(JAVA_HOME)/lib/rt.jar - - ifeq ($(JRE_HOME),) - JRE_HOME = $(JAVA_HOME) - JRE_CLASSES = $(JAVA_CLASSES) - else - ifeq ($(JRE_CLASSES),) - JRE_CLASSES = $(JRE_HOME)/lib/dev.jar:$(JRE_HOME)/lib/rt.jar - endif - endif - - PATH_SEPARATOR = : - - # (2) specify "header" information - JAVA_ARCH = irix - - INCLUDES += -I$(JAVA_HOME)/include - INCLUDES += -I$(JAVA_HOME)/include/$(JAVA_ARCH) - - # (3) specify "-n32 linker" information - JAVA_CPU = sgi - - JAVA_LIBDIR = lib32/$(JAVA_CPU) - - JAVA_CLIBS = - - JAVA_LIBS = -L$(JAVA_HOME)/$(JAVA_LIBDIR)/$(JDK_THREADING_MODEL) -lhpi - JAVA_LIBS += -lirixextra - JAVA_LIBS += -L$(JAVA_HOME)/$(JAVA_LIBDIR)/classic -ljvm - JAVA_LIBS += -L$(JAVA_HOME)/$(JAVA_LIBDIR) -ljava - JAVA_LIBS += $(JAVA_CLIBS) - - LDFLAGS += $(JAVA_LIBS) - - # no JIT option available on this platform - JDK_JIT_OPT = -endif - -####################################################################### -# [4] Define remaining JDK "Core Components" default toolset options # -####################################################################### - -# set JDK optimization model -ifeq ($(BUILD_OPT),1) - JDK_OPTIMIZER_OPT = -O -else - JDK_OPTIMIZER_OPT = -g -endif - -# set minimal JDK debugging model -ifeq ($(JDK_DEBUG),1) - JDK_DEBUG_OPT = -debug -else - JDK_DEBUG_OPT = -endif - -# set default path to repository for JDK classes -ifeq ($(JDK_CLASS_REPOSITORY_OPT),) - JDK_CLASS_REPOSITORY_OPT = -d $(JAVA_DESTPATH) -endif - -# initialize the JDK heap size option to a default value -ifeq ($(JDK_INIT_HEAP_OPT),) - JDK_INIT_HEAP_OPT = -ms8m -endif - -# define a default JDK classpath -ifeq ($(JDK_CLASSPATH),) - JDK_CLASSPATH = "$(JAVA_DESTPATH)$(PATH_SEPARATOR)$(JAVA_SOURCEPATH)$(PATH_SEPARATOR)$(JAVA_CLASSES)" -endif - -# by default, override CLASSPATH environment variable using the JDK classpath option with $(JDK_CLASSPATH) -ifeq ($(JDK_CLASSPATH_OPT),) - JDK_CLASSPATH_OPT = -classpath $(JDK_CLASSPATH) -endif - - -endif - - -ifdef NS_USE_JDK_TOOLSET -####################################################################### -# [5] Define JDK "Core Components" toolset; # -# (always allow a user to override these values) # -####################################################################### - -# -# (1) appletviewer -# - -ifeq ($(APPLETVIEWER),) - APPLETVIEWER_PROG = $(JAVA_HOME)/bin/appletviewer$(PROG_SUFFIX) - APPLETVIEWER_FLAGS = $(JDK_THREADING_MODEL_OPT) - APPLETVIEWER_FLAGS += $(JDK_DEBUG_OPT) - APPLETVIEWER_FLAGS += $(JDK_JIT_OPT) - APPLETVIEWER = $(APPLETVIEWER_PROG) $(APPLETVIEWER_FLAGS) -endif - -# -# (2) jar -# - -ifeq ($(JAR),) - JAR_PROG = $(JAVA_HOME)/bin/jar$(PROG_SUFFIX) - JAR_FLAGS = $(JDK_THREADING_MODEL_OPT) - JAR = $(JAR_PROG) $(JAR_FLAGS) -endif - -# -# (3) java -# - -ifeq ($(JAVA),) - JAVA_PROG = $(JAVA_HOME)/bin/java$(PROG_SUFFIX) - JAVA_FLAGS = $(JDK_THREADING_MODEL_OPT) - JAVA_FLAGS += $(JDK_DEBUG_OPT) - JAVA_FLAGS += $(JDK_CLASSPATH_OPT) - JAVA_FLAGS += $(JDK_INIT_HEAP_OPT) - JAVA_FLAGS += $(JDK_JIT_OPT) - JAVA = $(JAVA_PROG) $(JAVA_FLAGS) -endif - -# -# (4) javac -# - -ifeq ($(JAVAC),) - JAVAC_PROG = $(JAVA_HOME)/bin/javac$(PROG_SUFFIX) - JAVAC_FLAGS = $(JDK_THREADING_MODEL_OPT) - JAVAC_FLAGS += $(JDK_OPTIMIZER_OPT) - JAVAC_FLAGS += $(JDK_DEBUG_OPT) - JAVAC_FLAGS += $(JDK_CLASSPATH_OPT) - JAVAC_FLAGS += -J$(JDK_INIT_HEAP_OPT) - JAVAC_FLAGS += $(JDK_CLASS_REPOSITORY_OPT) - JAVAC = $(JAVAC_PROG) $(JAVAC_FLAGS) -endif - -# -# (5) javadoc -# - -ifeq ($(JAVADOC),) - JAVADOC_PROG = $(JAVA_HOME)/bin/javadoc$(PROG_SUFFIX) - JAVADOC_FLAGS = $(JDK_THREADING_MODEL_OPT) - JAVADOC_FLAGS += $(JDK_CLASSPATH_OPT) - JAVADOC_FLAGS += -J$(JDK_INIT_HEAP_OPT) - JAVADOC = $(JAVADOC_PROG) $(JAVADOC_FLAGS) -endif - -# -# (6) javah -# - -ifeq ($(JAVAH),) - JAVAH_PROG = $(JAVA_HOME)/bin/javah$(PROG_SUFFIX) - JAVAH_FLAGS = $(JDK_THREADING_MODEL_OPT) - JAVAH_FLAGS += $(JDK_CLASSPATH_OPT) - JAVAH = $(JAVAH_PROG) $(JAVAH_FLAGS) -endif - -# -# (7) javakey -# - -ifeq ($(JAVAKEY),) - JAVAKEY_PROG = $(JAVA_HOME)/bin/javakey$(PROG_SUFFIX) - JAVAKEY_FLAGS = $(JDK_THREADING_MODEL_OPT) - JAVAKEY = $(JAVAKEY_PROG) $(JAVAKEY_FLAGS) -endif - -# -# (8) javap -# - -ifeq ($(JAVAP),) - JAVAP_PROG = $(JAVA_HOME)/bin/javap$(PROG_SUFFIX) - JAVAP_FLAGS = $(JDK_THREADING_MODEL_OPT) - JAVAP_FLAGS += $(JDK_CLASSPATH_OPT) - JAVAP_FLAGS += -J$(JDK_INIT_HEAP_OPT) - JAVAP = $(JAVAP_PROG) $(JAVAP_FLAGS) -endif - -# -# (9) javat -# - -ifeq ($(JAVAT),) - JAVAT_PROG = $(JAVA_HOME)/bin/javat$(PROG_SUFFIX) - JAVAT_FLAGS = $(JDK_THREADING_MODEL_OPT) - JAVAT = $(JAVAT_PROG) $(JAVAT_FLAGS) -endif - -# -# (10) javaverify -# - -ifeq ($(JAVAVERIFY),) - JAVAVERIFY_PROG = $(JAVA_HOME)/bin/javaverify$(PROG_SUFFIX) - JAVAVERIFY_FLAGS = $(JDK_THREADING_MODEL_OPT) - JAVAVERIFY = $(JAVAVERIFY_PROG) $(JAVAVERIFY_FLAGS) -endif - -# -# (11) javaw -# - -ifeq ($(JAVAW),) - jJAVAW_PROG = $(JAVA_HOME)/bin/javaw$(PROG_SUFFIX) - jJAVAW_FLAGS = $(JDK_THREADING_MODEL_OPT) - jJAVAW_FLAGS += $(JDK_DEBUG_OPT) - jJAVAW_FLAGS += $(JDK_CLASSPATH_OPT) - jJAVAW_FLAGS += $(JDK_INIT_HEAP_OPT) - jJAVAW_FLAGS += $(JDK_JIT_OPT) - jJAVAW = $(JAVAW_PROG) $(JAVAW_FLAGS) -endif - -# -# (12) jdb -# - -ifeq ($(JDB),) - JDB_PROG = $(JAVA_HOME)/bin/jdb$(PROG_SUFFIX) - JDB_FLAGS = $(JDK_THREADING_MODEL_OPT) - JDB_FLAGS += $(JDK_DEBUG_OPT) - JDB_FLAGS += $(JDK_CLASSPATH_OPT) - JDB_FLAGS += $(JDK_INIT_HEAP_OPT) - JDB_FLAGS += $(JDK_JIT_OPT) - JDB = $(JDB_PROG) $(JDB_FLAGS) -endif - -# -# (13) jre -# - -ifeq ($(JRE),) - JRE_PROG = $(JAVA_HOME)/bin/jre$(PROG_SUFFIX) - JRE_FLAGS = $(JDK_THREADING_MODEL_OPT) - JRE_FLAGS += $(JDK_CLASSPATH_OPT) - JRE_FLAGS += $(JDK_INIT_HEAP_OPT) - JRE_FLAGS += $(JDK_JIT_OPT) - JRE = $(JRE_PROG) $(JRE_FLAGS) -endif - -# -# (14) jrew -# - -ifeq ($(JREW),) - JREW_PROG = $(JAVA_HOME)/bin/jrew$(PROG_SUFFIX) - JREW_FLAGS = $(JDK_THREADING_MODEL_OPT) - JREW_FLAGS += $(JDK_CLASSPATH_OPT) - JREW_FLAGS += $(JDK_INIT_HEAP_OPT) - JREW_FLAGS += $(JDK_JIT_OPT) - JREW = $(JREW_PROG) $(JREW_FLAGS) -endif - -# -# (15) native2ascii -# - -ifeq ($(NATIVE2ASCII),) - NATIVE2ASCII_PROG = $(JAVA_HOME)/bin/native2ascii$(PROG_SUFFIX) - NATIVE2ASCII_FLAGS = $(JDK_THREADING_MODEL_OPT) - NATIVE2ASCII = $(NATIVE2ASCII_PROG) $(NATIVE2ASCII_FLAGS) -endif - -# -# (16) rmic -# - -ifeq ($(RMIC),) - RMIC_PROG = $(JAVA_HOME)/bin/rmic$(PROG_SUFFIX) - RMIC_FLAGS = $(JDK_THREADING_MODEL_OPT) - RMIC_FLAGS += $(JDK_OPTIMIZER_OPT) - RMIC_FLAGS += $(JDK_CLASSPATH_OPT) - RMIC = $(RMIC_PROG) $(RMIC_FLAGS) -endif - -# -# (17) rmiregistry -# - -ifeq ($(RMIREGISTRY),) - RMIREGISTRY_PROG = $(JAVA_HOME)/bin/rmiregistry$(PROG_SUFFIX) - RMIREGISTRY_FLAGS = $(JDK_THREADING_MODEL_OPT) - RMIREGISTRY = $(RMIREGISTRY_PROG) $(RMIREGISTRY_FLAGS) -endif - -# -# (18) serialver -# - -ifeq ($(SERIALVER),) - SERIALVER_PROG = $(JAVA_HOME)/bin/serialver$(PROG_SUFFIX) - SERIALVER_FLAGS = $(JDK_THREADING_MODEL_OPT) - SERIALVER = $(SERIALVER_PROG) $(SERIALVER_FLAGS) -endif - -endif diff --git a/security/coreconf/jniregen.pl b/security/coreconf/jniregen.pl deleted file mode 100755 index 607eaf68b..000000000 --- a/security/coreconf/jniregen.pl +++ /dev/null @@ -1,92 +0,0 @@ -#!/usr/local/bin/perl -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -# Input: -d dir foo1 foo2 . . . -# Compares generated "_jni/foo1.h" file with "foo1.class", and -# generated "_jni/foo2.h" file with "foo2.class", etc. -# (NOTE: unlike its closely related cousin, outofdate.pl, -# the "-d dir" must always be specified) -# -# Returns: list of headers which are OLDER than corresponding class -# files (non-existant class files are considered to be real old :-) - -$found = 1; - -if ($ARGV[0] eq '-d') -{ - $classdir = $ARGV[1]; - $classdir .= "/"; - shift; - shift; -} -else -{ - print STDERR "Usage: perl ", $0, " -d dir foo1 foo2 . . .\n"; - exit -1; -} - -foreach $filename (@ARGV) -{ - $headerfilename = "_jni/"; - $headerfilename .= $filename; - $headerfilename =~ s/\./_/g; - $headerfilename .= ".h"; - - $classfilename = $filename; - $classfilename =~ s|\.|/|g; - $classfilename .= ".class"; - - $classfilename = $classdir . $classfilename; - - - ( $dev, $ino, $mode, $nlink, $uid, $gid, $rdev, $size, $atime, $headermtime, - $ctime, $blksize, $blocks ) = stat( $headerfilename ); - - ( $dev, $ino, $mode, $nlink, $uid, $gid, $rdev, $size, $atime, $classmtime, - $ctime, $blksize, $blocks ) = stat( $classfilename ); - - if( $headermtime < $classmtime ) - { - # NOTE: Since this is used by "javah", and "javah" refuses to overwrite - # an existing file, we force an unlink from this script, since - # we actually want to regenerate the header file at this time. - unlink $headerfilename; - print $filename, " "; - $found = 0; - } -} - -print "\n"; -exit 0; - diff --git a/security/coreconf/location.mk b/security/coreconf/location.mk deleted file mode 100644 index a0b25f74c..000000000 --- a/security/coreconf/location.mk +++ /dev/null @@ -1,60 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -####################################################################### -# Master "Core Components" macros to figure out binary code location # -####################################################################### - -# -# Figure out where the binary code lives. -# - -BUILD = $(PLATFORM) -OBJDIR = $(PLATFORM) -ifdef MOZILLA_SECURITY_BUILD -DIST = $(CORE_DEPTH)/../dist/$(PLATFORM) -else -ifdef MOZILLA_CLIENT -DIST = $(CORE_DEPTH)/../mozilla/dist/$(PLATFORM) -else -DIST = $(CORE_DEPTH)/dist/$(PLATFORM) -endif -endif -VPATH = $(NSINSTALL_DIR)/$(PLATFORM) -DEPENDENCIES = $(PLATFORM)/.md - -ifdef BUILD_DEBUG_GC - DEFINES += -DDEBUG_GC -endif - -GARBAGE += $(DEPENDENCIES) core $(wildcard core.[0-9]*) diff --git a/security/coreconf/makefile.win b/security/coreconf/makefile.win deleted file mode 100644 index c3abce76b..000000000 --- a/security/coreconf/makefile.win +++ /dev/null @@ -1,100 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -# -# An NMAKE file to set up and adjust coreconf's build system for -# Client build. Client build should invoke NMAKE on this file -# instead of invoking gmake directly. -# - -NS_DEPTH = .. -include <$(NS_DEPTH)\config\config.mak> -#include <$(NS_DEPTH)\config\rules.mak> - -# -# Backslashes are escape characters to gmake, so flip all backslashes -# in $(MOZ_TOOLS) to forward slashes and pass that to gmake. -# - -GMAKE = $(MOZ_TOOLS)\bin\gmake.exe MOZ_TOOLS_FLIPPED=$(MOZ_TOOLS:\=/) - -GMAKE = $(GMAKE) PR_CLIENT_BUILD=1 PR_CLIENT_BUILD_WINDOWS=1 - -# -# The Client's debug build uses MSVC's debug runtime library (/MDd). -# - -!ifdef MOZ_DEBUG -GMAKE = $(GMAKE) USE_DEBUG_RTL=1 -!else -GMAKE = $(GMAKE) BUILD_OPT=1 -!endif - -!if "$(MOZ_BITS)" == "16" -GMAKE = $(GMAKE) OS_TARGET=WIN16 -!else - -GMAKE = $(GMAKE) OS_TARGET=WIN95 -!ifdef MOZ_DEBUG -PR_OBJDIR = WIN954.0_DBG.OBJD -!else -PR_OBJDIR = WIN954.0_OPT.OBJ -!endif - -!endif - -# -# The rules. Simply invoke gmake with the same target -# for Win16, use the watcom compiler with the MSVC headers and libs -# - -# this rule is needed so that nmake with no explicit target will only build -# all, and not build all the targets named below in succession! -default:: all - -# a rule like this one must only be used for explicitly named targets! -all depend export libs install clobber clobber_all clean:: -!if "$(MOZ_BITS)" == "16" - set PATH=%WATCPATH% - set INCLUDE=%MSVC_INC% - set LIB=%MSVC_LIB% -!endif - $(GMAKE) $@ -!if "$(MOZ_BITS)" == "16" - set PATH=%MSVCPATH% - set INCLUDE=%MSVC_INC% - set LIB=%MSVC_LIB% -!endif - -show: - @echo "MAKEFLAGS = $(MAKEFLAGS)" diff --git a/security/coreconf/module.mk b/security/coreconf/module.mk deleted file mode 100644 index 55f7f8691..000000000 --- a/security/coreconf/module.mk +++ /dev/null @@ -1,64 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -####################################################################### -# The master "Core Components" source and release component directory # -# names are ALWAYS identical and are the value of $(MODULE). # -# NOTE: A component is also called a module or a subsystem. # -####################################################################### - -# -# All "Core Components" <component>-specific source-side tags must -# always be identified for compiling/linking purposes -# - -ifndef JAVA_SOURCE_COMPONENT - JAVA_SOURCE_COMPONENT = java -endif - -ifndef NETLIB_SOURCE_COMPONENT - NETLIB_SOURCE_COMPONENT = netlib -endif - -ifndef NSPR_SOURCE_COMPONENT - NSPR_SOURCE_COMPONENT = nspr20 -endif - -ifndef SECTOOLS_SOURCE_COMPONENT - SECTOOLS_SOURCE_COMPONENT = sectools -endif - -ifndef SECURITY_SOURCE_COMPONENT - SECURITY_SOURCE_COMPONENT = security -endif - diff --git a/security/coreconf/nsinstall/Makefile b/security/coreconf/nsinstall/Makefile deleted file mode 100644 index 2175b2d87..000000000 --- a/security/coreconf/nsinstall/Makefile +++ /dev/null @@ -1,59 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -DEPTH = ../.. -CORE_DEPTH = ../.. - -MODULE = coreconf - -CSRCS = nsinstall.c pathsub.c - -PLSRCS = nfspwd.pl - -PROGRAM = nsinstall - -include $(DEPTH)/coreconf/config.mk - -ifeq ($(OS_ARCH),WINNT) -PROGRAM = -else -TARGETS = $(PROGRAM) $(PLSRCS:.pl=) -endif - -include $(DEPTH)/coreconf/rules.mk - -# Redefine MAKE_OBJDIR for just this directory -define MAKE_OBJDIR -if test ! -d $(@D); then rm -rf $(@D); mkdir $(@D); fi -endef - diff --git a/security/coreconf/nsinstall/nfspwd b/security/coreconf/nsinstall/nfspwd deleted file mode 100755 index 339abead3..000000000 --- a/security/coreconf/nsinstall/nfspwd +++ /dev/null @@ -1,46 +0,0 @@ -#! perl -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -require "fastcwd.pl"; - -$_ = &fastcwd; -if (m@^/[uh]/@o || s@^/tmp_mnt/@/@o) { - print("$_\n"); -} elsif ((($user, $rest) = m@^/usr/people/(\w+)/(.*)@o) - && readlink("/u/$user") eq "/usr/people/$user") { - print("/u/$user/$rest\n"); -} else { - chop($host = `hostname`); - print("/h/$host$_\n"); -} diff --git a/security/coreconf/nsinstall/nfspwd.pl b/security/coreconf/nsinstall/nfspwd.pl deleted file mode 100644 index 339abead3..000000000 --- a/security/coreconf/nsinstall/nfspwd.pl +++ /dev/null @@ -1,46 +0,0 @@ -#! perl -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -require "fastcwd.pl"; - -$_ = &fastcwd; -if (m@^/[uh]/@o || s@^/tmp_mnt/@/@o) { - print("$_\n"); -} elsif ((($user, $rest) = m@^/usr/people/(\w+)/(.*)@o) - && readlink("/u/$user") eq "/usr/people/$user") { - print("/u/$user/$rest\n"); -} else { - chop($host = `hostname`); - print("/h/$host$_\n"); -} diff --git a/security/coreconf/nsinstall/nsinstall.c b/security/coreconf/nsinstall/nsinstall.c deleted file mode 100644 index b404fdd73..000000000 --- a/security/coreconf/nsinstall/nsinstall.c +++ /dev/null @@ -1,403 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -/* -** Netscape portable install command. -*/ -#include <stdio.h> /* OSF/1 requires this before grp.h, so put it first */ -#include <assert.h> -#include <fcntl.h> -#include <string.h> -#if defined(_WINDOWS) -#include <windows.h> -typedef unsigned int mode_t; -#else -#include <grp.h> -#include <pwd.h> -#include <errno.h> -#include <stdlib.h> -#include <unistd.h> -#include <utime.h> -#endif -#include <sys/types.h> -#include <sys/stat.h> -#include "pathsub.h" - -#define HAVE_LCHOWN - -#if defined(AIX) || defined(BSDI) || defined(HPUX) || defined(LINUX) || defined(SUNOS4) || defined(SCO) || defined(UNIXWARE) -#undef HAVE_LCHOWN -#endif - -#ifdef LINUX -#include <getopt.h> -#endif - -#if defined(SCO) || defined(UNIXWARE) || defined(SNI) || defined(NCR) || defined(NEC) -#if !defined(S_ISLNK) && defined(S_IFLNK) -#define S_ISLNK(a) (((a) & S_IFMT) == S_IFLNK) -#endif -#endif - -#if defined(SNI) -extern int fchmod(int fildes, mode_t mode); -#endif - -static void -usage(void) -{ - fprintf(stderr, - "usage: %s [-C cwd] [-L linkprefix] [-m mode] [-o owner] [-g group]\n" - " %*s [-DdltR] file [file ...] directory\n", - program, strlen(program), ""); - exit(2); -} - -/* this is more-or-less equivalent to mkdir -p */ -static int -mkdirs(char *path, mode_t mode) -{ - char * cp; - int rv; - struct stat sb; - - if (!path || !path[0]) - fail("Null pointer or empty string passed to mkdirs()"); - while (*path == '/' && path[1] == '/') - path++; - while ((cp = strrchr(path, '/')) && cp[1] == '\0') - *cp = '\0'; - if (cp && cp != path) { - *cp = '\0'; - if ((stat(path, &sb) < 0 || !S_ISDIR(sb.st_mode)) && - mkdirs(path, mode) < 0) { - return -1; - } - *cp = '/'; - } - rv = mkdir(path, mode); - if (rv) { - if (errno != EEXIST) - fail("mkdirs cannot make %s", path); - fprintf(stderr, "directory creation race: %s\n", path); - if (!stat(path, &sb) && S_ISDIR(sb.st_mode)) - rv = 0; - } - return rv; -} - -static uid_t -touid(char *owner) -{ - struct passwd *pw; - uid_t uid; - char *cp; - - if (!owner || !owner[0]) - fail("Null pointer or empty string passed to touid()"); - pw = getpwnam(owner); - if (pw) - return pw->pw_uid; - uid = strtol(owner, &cp, 0); - if (uid == 0 && cp == owner) - fail("cannot find uid for %s", owner); - return uid; -} - -static gid_t -togid(char *group) -{ - struct group *gr; - gid_t gid; - char *cp; - - if (!group || !group[0]) - fail("Null pointer or empty string passed to togid()"); - gr = getgrnam(group); - if (gr) - return gr->gr_gid; - gid = strtol(group, &cp, 0); - if (gid == 0 && cp == group) - fail("cannot find gid for %s", group); - return gid; -} - -void * const uninit = (void *)0xdeadbeef; - -int -main(int argc, char **argv) -{ - char * base = uninit; - char * bp = uninit; - char * cp = uninit; - char * cwd = 0; - char * group = 0; - char * linkname = 0; - char * linkprefix = 0; - char * name = uninit; - char * owner = 0; - char * todir = uninit; - char * toname = uninit; - - int bnlen = -1; - int cc = 0; - int dodir = 0; - int dolink = 0; - int dorelsymlink = 0; - int dotimes = 0; - int exists = 0; - int fromfd = -1; - int len = -1; - int lplen = 0; - int onlydir = 0; - int opt = -1; - int tdlen = -1; - int tofd = -1; - int wc = -1; - - mode_t mode = 0755; - - uid_t uid = -1; - gid_t gid = -1; - - struct stat sb; - struct stat tosb; - struct utimbuf utb; - char buf[BUFSIZ]; - - program = strrchr(argv[0], '/'); - if (!program) - program = strrchr(argv[0], '\\'); - program = program ? program+1 : argv[0]; - - - while ((opt = getopt(argc, argv, "C:DdlL:Rm:o:g:t")) != EOF) { - switch (opt) { - case 'C': cwd = optarg; break; - case 'D': onlydir = 1; break; - case 'd': dodir = 1; break; - case 'l': dolink = 1; break; - case 'L': - linkprefix = optarg; - lplen = strlen(linkprefix); - dolink = 1; - break; - case 'R': dolink = dorelsymlink = 1; break; - case 'm': - mode = strtoul(optarg, &cp, 8); - if (mode == 0 && cp == optarg) - usage(); - break; - case 'o': owner = optarg; break; - case 'g': group = optarg; break; - case 't': dotimes = 1; break; - default: usage(); - } - } - - argc -= optind; - argv += optind; - if (argc < 2 - onlydir) - usage(); - - todir = argv[argc-1]; - if ((stat(todir, &sb) < 0 || !S_ISDIR(sb.st_mode)) && - mkdirs(todir, 0777) < 0) { - fail("cannot mkdir -p %s", todir); - } - if (onlydir) - return 0; - - if (!cwd) { - cwd = getcwd(0, PATH_MAX); - if (!cwd) - fail("could not get CWD"); - } - - /* make sure we can get into todir. */ - xchdir(todir); - todir = getcwd(0, PATH_MAX); - if (!todir) - fail("could not get CWD in todir"); - tdlen = strlen(todir); - - /* back to original directory. */ - xchdir(cwd); - - uid = owner ? touid(owner) : -1; - gid = group ? togid(group) : -1; - - while (--argc > 0) { - name = *argv++; - len = strlen(name); - base = xbasename(name); - bnlen = strlen(base); - toname = (char*)xmalloc(tdlen + 1 + bnlen + 1); - sprintf(toname, "%s/%s", todir, base); -retry: - exists = (lstat(toname, &tosb) == 0); - - if (dodir) { - /* -d means create a directory, always */ - if (exists && !S_ISDIR(tosb.st_mode)) { - int rv = unlink(toname); - if (rv) - fail("cannot unlink %s", toname); - exists = 0; - } - if (!exists && mkdir(toname, mode) < 0) { - /* we probably have two nsinstall programs in a race here. */ - if (errno == EEXIST && !stat(toname, &sb) && - S_ISDIR(sb.st_mode)) { - fprintf(stderr, "directory creation race: %s\n", toname); - goto retry; - } - fail("cannot make directory %s", toname); - } - if ((owner || group) && chown(toname, uid, gid) < 0) - fail("cannot change owner of %s", toname); - } else if (dolink) { - if (*name == '/') { - /* source is absolute pathname, link to it directly */ - linkname = 0; - } else { - if (linkprefix) { - /* -L implies -l and prefixes names with a $cwd arg. */ - len += lplen + 1; - linkname = (char*)xmalloc(len + 1); - sprintf(linkname, "%s/%s", linkprefix, name); - } else if (dorelsymlink) { - /* Symlink the relative path from todir to source name. */ - linkname = (char*)xmalloc(PATH_MAX); - - if (*todir == '/') { - /* todir is absolute: skip over common prefix. */ - lplen = relatepaths(todir, cwd, linkname); - strcpy(linkname + lplen, name); - } else { - /* todir is named by a relative path: reverse it. */ - reversepath(todir, name, len, linkname); - xchdir(cwd); - } - - len = strlen(linkname); - } - name = linkname; - } - - /* Check for a pre-existing symlink with identical content. */ - if (exists && - (!S_ISLNK(tosb.st_mode) || - readlink(toname, buf, sizeof buf) != len || - strncmp(buf, name, len) != 0)) { - int rmrv; - rmrv = (S_ISDIR(tosb.st_mode) ? rmdir : unlink)(toname); - if (rmrv < 0) { - fail("destination exists, cannot remove %s", toname); - } - exists = 0; - } - if (!exists && symlink(name, toname) < 0) { - if (errno == EEXIST) { - fprintf(stderr, "symlink creation race: %s\n", toname); - goto retry; - } - diagnosePath(toname); - fail("cannot make symbolic link %s", toname); - } -#ifdef HAVE_LCHOWN - if ((owner || group) && lchown(toname, uid, gid) < 0) - fail("cannot change owner of %s", toname); -#endif - - if (linkname) { - free(linkname); - linkname = 0; - } - } else { - /* Copy from name to toname, which might be the same file. */ - fromfd = open(name, O_RDONLY); - if (fromfd < 0 || fstat(fromfd, &sb) < 0) - fail("cannot access %s", name); - if (exists && - (!S_ISREG(tosb.st_mode) || access(toname, W_OK) < 0)) { - int rmrv; - rmrv = (S_ISDIR(tosb.st_mode) ? rmdir : unlink)(toname); - if (rmrv < 0) { - fail("destination exists, cannot remove %s", toname); - } - } - tofd = open(toname, O_CREAT | O_WRONLY, 0666); - if (tofd < 0) - fail("cannot create %s", toname); - - bp = buf; - while ((cc = read(fromfd, bp, sizeof buf)) > 0) { - while ((wc = write(tofd, bp, cc)) > 0) { - if ((cc -= wc) == 0) - break; - bp += wc; - } - if (wc < 0) - fail("cannot write to %s", toname); - } - if (cc < 0) - fail("cannot read from %s", name); - - if (ftruncate(tofd, sb.st_size) < 0) - fail("cannot truncate %s", toname); - if (dotimes) { - utb.actime = sb.st_atime; - utb.modtime = sb.st_mtime; - if (utime(toname, &utb) < 0) - fail("cannot set times of %s", toname); - } - if (fchmod(tofd, mode) < 0) - fail("cannot change mode of %s", toname); - if ((owner || group) && fchown(tofd, uid, gid) < 0) - fail("cannot change owner of %s", toname); - - /* Must check for delayed (NFS) write errors on close. */ - if (close(tofd) < 0) - fail("close reports write error on %s", toname); - close(fromfd); - } - - free(toname); - } - - free(cwd); - free(todir); - return 0; -} - diff --git a/security/coreconf/nsinstall/pathsub.c b/security/coreconf/nsinstall/pathsub.c deleted file mode 100644 index 4d5728833..000000000 --- a/security/coreconf/nsinstall/pathsub.c +++ /dev/null @@ -1,302 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -/* -** Pathname subroutines. -*/ -#include <assert.h> -#ifdef FREEBSD -#include <sys/types.h> -#endif /* FREEBSD */ -#include <dirent.h> -#include <errno.h> -#include <stdarg.h> -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <unistd.h> -#include <sys/types.h> -#include <sys/stat.h> -#include "pathsub.h" -#ifdef USE_REENTRANT_LIBC -#include "libc_r.h" -#endif /* USE_REENTRANT_LIBC */ - -char *program; - -void -fail(char *format, ...) -{ - int error; - va_list ap; - -#ifdef USE_REENTRANT_LIBC - R_STRERROR_INIT_R(); -#endif - - error = errno; - fprintf(stderr, "%s: ", program); - va_start(ap, format); - vfprintf(stderr, format, ap); - va_end(ap); - if (error) - -#ifdef USE_REENTRANT_LIBC - R_STRERROR_R(errno); - fprintf(stderr, ": %s", r_strerror_r); -#else - fprintf(stderr, ": %s", strerror(errno)); -#endif - - putc('\n', stderr); - abort(); - exit(1); -} - -char * -getcomponent(char *path, char *name) -{ - if (*path == '\0') - return 0; - if (*path == '/') { - *name++ = '/'; - } else { - do { - *name++ = *path++; - } while (*path != '/' && *path != '\0'); - } - *name = '\0'; - while (*path == '/') - path++; - return path; -} - -#ifdef UNIXWARE -/* The static buffer in Unixware's readdir is too small. */ -struct dirent * readdir(DIR *d) -{ - static struct dirent *buf = NULL; -#define MAX_PATH_LEN 1024 - - if (buf == NULL) - buf = (struct dirent *)xmalloc(sizeof(struct dirent) + MAX_PATH_LEN) ; - return readdir_r(d, buf); -} -#endif - -/* APPARENT BUG - ignores argument "dir", uses ".." instead. */ -char * -ino2name(ino_t ino, char *dir) -{ - DIR *dp; - struct dirent *ep; - char *name; - - dp = opendir(".."); /* XXX */ - if (!dp) - fail("cannot read parent directory"); - for (;;) { - if (!(ep = readdir(dp))) - fail("cannot find current directory"); - if (ep->d_ino == ino) - break; - } - name = xstrdup(ep->d_name); - closedir(dp); - return name; -} - -void * -xmalloc(size_t size) -{ - void *p; - - if (size <= 0) - fail("attempted to allocate %u bytes", size); - p = malloc(size); - if (!p) - fail("cannot allocate %u bytes", size); - return p; -} - -char * -xstrdup(char *s) -{ - if (!s || !s[0]) - fail("Null pointer or empty string passed to xstrdup()"); - return strcpy((char*)xmalloc(strlen(s) + 1), s); -} - -char * -xbasename(char *path) -{ - char *cp; - - if (!path || !path[0]) - fail("Null pointer or empty string passed to xbasename()"); - while ((cp = strrchr(path, '/')) && cp[1] == '\0') - *cp = '\0'; - if (!cp) return path; - return cp + 1; -} - -void -xchdir(char *dir) -{ - if (!dir || !dir[0]) - fail("Null pointer or empty string passed to xchdir()"); - if (chdir(dir) < 0) - fail("cannot change directory to %s", dir); -} - -int -relatepaths(char *from, char *to, char *outpath) -{ - char *cp, *cp2; - int len; - char buf[NAME_MAX]; - - assert(*from == '/' && *to == '/'); - if (!from || *from != '/') - fail("relatepaths: from path does not start with /"); - if (!to || *to != '/') - fail("relatepaths: to path does not start with /"); - - for (cp = to, cp2 = from; *cp == *cp2; cp++, cp2++) - if (*cp == '\0') - break; - while (cp[-1] != '/') - cp--, cp2--; - if (cp - 1 == to) { - /* closest common ancestor is /, so use full pathname */ - len = strlen(strcpy(outpath, to)); - if (outpath[len] != '/') { - outpath[len++] = '/'; - outpath[len] = '\0'; - } - } else { - len = 0; - while ((cp2 = getcomponent(cp2, buf)) != 0) { - strcpy(outpath + len, "../"); - len += 3; - } - while ((cp = getcomponent(cp, buf)) != 0) { - sprintf(outpath + len, "%s/", buf); - len += strlen(outpath + len); - } - } - return len; -} - -void -reversepath(char *inpath, char *name, int len, char *outpath) -{ - char *cp, *cp2; - char buf[NAME_MAX]; - struct stat sb; - - cp = strcpy(outpath + PATH_MAX - (len + 1), name); - cp2 = inpath; - while ((cp2 = getcomponent(cp2, buf)) != 0) { - if (strcmp(buf, ".") == 0) - continue; - if (strcmp(buf, "..") == 0) { - if (stat(".", &sb) < 0) - fail("cannot stat current directory"); - name = ino2name(sb.st_ino, ".."); - len = strlen(name); - cp -= len + 1; - strcpy(cp, name); - cp[len] = '/'; - free(name); - xchdir(".."); - } else { - cp -= 3; - strncpy(cp, "../", 3); - xchdir(buf); - } - } - strcpy(outpath, cp); -} - -void -diagnosePath(const char * path) -{ - char * myPath; - char * slash; - int rv; - struct stat sb; - char buf[BUFSIZ]; - - if (!path || !path[0]) - fail("Null pointer or empty string passed to mkdirs()"); - myPath = strdup(path); - if (!myPath) - fail("strdup() failed!"); - do { - rv = lstat(myPath, &sb); - if (rv < 0) { - perror(myPath); - } else if (S_ISLNK(sb.st_mode)) { - rv = readlink(myPath, buf, sizeof buf); - if (rv < 0) { - perror("readlink"); - buf[0] = 0; - } else { - buf[rv] = 0; - } - fprintf(stderr, "%s is a link to %s\n", myPath, buf); - } else if (S_ISDIR(sb.st_mode)) { - fprintf(stderr, "%s is a directory\n", myPath); - rv = access(myPath, X_OK); - if (rv < 0) { - fprintf(stderr, "%s: no search permission\n", myPath); - } - } else { - fprintf(stderr, "%s is a file !?!\n", myPath); - rv = access(myPath, F_OK); - if (rv < 0) { - fprintf(stderr, "%s does not exist\n", myPath); - } - } - - /* chop path off one level. */ - slash = strrchr(myPath, '/'); - if (!slash) - slash = strrchr(myPath, '\\'); - if (!slash) - slash = myPath; - *slash = 0; - } while (myPath[0]); - free(myPath); -} diff --git a/security/coreconf/nsinstall/sunos4.h b/security/coreconf/nsinstall/sunos4.h deleted file mode 100644 index 9bdae872c..000000000 --- a/security/coreconf/nsinstall/sunos4.h +++ /dev/null @@ -1,163 +0,0 @@ -/* -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. - */ - -#ifndef pr_sunos4_h___ -#define pr_sunos4_h___ - -#ifndef SVR4 - -/* -** Hodge podge of random missing prototypes for the Sunos4 system -*/ -#include <stdio.h> -#include <stdarg.h> -#include <time.h> -#include <limits.h> -#include <sys/types.h> - -#define PATH_MAX _POSIX_PATH_MAX - -struct timeval; -struct timezone; -struct itimerval; -struct sockaddr; -struct stat; -struct tm; - -/* ctype.h */ -extern int tolower(int); -extern int toupper(int); - -/* errno.h */ -extern char *sys_errlist[]; -extern int sys_nerr; - -#define strerror(e) sys_errlist[((unsigned)(e) < sys_nerr) ? e : 0] - -extern void perror(const char *); - -/* getopt */ -extern char *optarg; -extern int optind; -extern int getopt(int argc, char **argv, char *spec); - -/* math.h */ -extern int srandom(long val); -extern long random(void); - -/* memory.h */ -#define memmove(to,from,len) bcopy((char*)(from),(char*)(to),len) - -extern void bcopy(const char *, char *, int); - -/* signal.h */ -/* -** SunOS4 sigaction hides interrupts by default, so we can safely define -** SA_RESTART to 0 (HP-UX is a counter-example -- its sigaction does not -** hide interrupts but lacks an SA_RESTART option; you must use sigvector -** and tweak the sigcontext from within each signal handler!). -*/ -#define SA_RESTART 0 -#define SA_SIGINFO 0 - -/* stdio.h */ -extern int printf(const char *, ...); -extern int fprintf(FILE *, const char *, ...); -extern int vprintf(const char *, va_list); -extern int vfprintf(FILE *, const char *, va_list); -extern char *vsprintf(char *, const char *, va_list); -extern int scanf(const char *, ...); -extern int sscanf(const char *, const char *, ...); -extern int fscanf(FILE *, const char *, ...); -extern int fgetc(FILE *); -extern int fputc(int, FILE *); -extern int fputs(const char *, FILE *); -extern int puts(const char *); -extern int fread(void *, size_t, size_t, FILE *); -extern int fwrite(const char *, int, int, FILE *); -extern int fseek(FILE *, long, int); -extern long ftell(FILE *); -extern int rewind(FILE *); -extern int fflush(FILE *); -extern int _flsbuf(unsigned char, FILE *); -extern int fclose(FILE *); -extern int remove(const char *); -extern int setvbuf(FILE *, char *, int, size_t); -extern int system(const char *); -extern FILE *popen(const char *, const char *); -extern int pclose(FILE *); - -/* stdlib.h */ -#define strtoul strtol - -extern int isatty(int fildes); -extern long strtol(const char *, char **, int); -extern int putenv(const char *); -extern void srand48(long); -extern long lrand48(void); -extern double drand48(void); - -/* string.h */ -extern int strcasecmp(const char *, const char *); -extern int strncasecmp(const char *, const char *, size_t); -extern int strcoll(const char *, const char *); - -/* time.h */ -extern time_t mktime(struct tm *); -extern size_t strftime(char *, size_t, const char *, const struct tm *); -extern int gettimeofday(struct timeval *, struct timezone *); -extern int setitimer(int, struct itimerval *, struct itimerval *); -extern time_t time(time_t *); -extern time_t timegm(struct tm *); -extern struct tm *localtime(const time_t *); -extern struct tm *gmtime(const time_t *); - -/* unistd.h */ -extern int rename(const char *, const char *); -extern int ioctl(int, int, int *arg); -extern int connect(int, struct sockaddr *, int); -extern int readlink(const char *, char *, int); -extern int symlink(const char *, const char *); -extern int ftruncate(int, off_t); -extern int fchmod(int, mode_t); -extern int fchown(int, uid_t, gid_t); -extern int lstat(const char *, struct stat *); -extern int fstat(int, struct stat *); -extern int select(int, fd_set *, fd_set *, fd_set *, struct timeval *); -extern int gethostname(char *, int); -extern char *getwd(char *); -extern int getpagesize(void); - -#endif /* SVR4 */ - -#endif /* pr_sunos4_h___ */ diff --git a/security/coreconf/outofdate.pl b/security/coreconf/outofdate.pl deleted file mode 100755 index 1044639e8..000000000 --- a/security/coreconf/outofdate.pl +++ /dev/null @@ -1,67 +0,0 @@ -#!/usr/local/bin/perl -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -#Input: [-d dir] foo1.java foo2.java -#Compares with: foo1.class foo2.class (if -d specified, checks in 'dir', -# otherwise assumes .class files in same directory as .java files) -#Returns: list of input arguments which are newer than corresponding class -#files (non-existant class files are considered to be real old :-) - -$found = 1; - -if ($ARGV[0] eq '-d') { - $classdir = $ARGV[1]; - $classdir .= "/"; - shift; - shift; -} else { - $classdir = "./"; -} - -foreach $filename (@ARGV) { - $classfilename = $classdir; - $classfilename .= $filename; - $classfilename =~ s/.java$/.class/; - ($dev,$ino,$mode,$nlink,$uid,$gid,$rdev,$size,$atime,$mtime, - $ctime,$blksize,$blocks) = stat($filename); - ($dev,$ino,$mode,$nlink,$uid,$gid,$rdev,$size,$atime,$classmtime, - $ctime,$blksize,$blocks) = stat($classfilename); -# print $filename, " ", $mtime, ", ", $classfilename, " ", $classmtime, "\n"; - if ($mtime > $classmtime) { - print $filename, " "; - $found = 0; - } -} - -print "\n"; diff --git a/security/coreconf/platform.mk b/security/coreconf/platform.mk deleted file mode 100644 index a4826d315..000000000 --- a/security/coreconf/platform.mk +++ /dev/null @@ -1,38 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -####################################################################### -# Master "Core Components" <platform> tag # -####################################################################### - -PLATFORM = $(OBJDIR_NAME) diff --git a/security/coreconf/prefix.mk b/security/coreconf/prefix.mk deleted file mode 100644 index af1142afd..000000000 --- a/security/coreconf/prefix.mk +++ /dev/null @@ -1,88 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -####################################################################### -# Master "Core Components" for computing program prefixes # -####################################################################### - -# -# Object prefixes -# - -ifndef OBJ_PREFIX - OBJ_PREFIX = -endif - -# -# Library suffixes -# - -ifndef LIB_PREFIX - ifeq ($(OS_ARCH), WINNT) - LIB_PREFIX = - else - LIB_PREFIX = lib - endif -endif - - -ifndef DLL_PREFIX - ifeq ($(OS_ARCH), WINNT) - DLL_PREFIX = - else - DLL_PREFIX = lib - endif -endif - - -ifndef IMPORT_LIB_PREFIX - IMPORT_LIB_PREFIX = -endif - - -ifndef PURE_LIB_PREFIX - ifeq ($(OS_ARCH), WINNT) - PURE_LIB_PREFIX = - else - PURE_LIB_PREFIX = purelib - endif -endif - -# -# Program prefixes -# - -ifndef PROG_PREFIX - PROG_PREFIX = -endif - diff --git a/security/coreconf/release.pl b/security/coreconf/release.pl deleted file mode 100755 index 0a16727e1..000000000 --- a/security/coreconf/release.pl +++ /dev/null @@ -1,136 +0,0 @@ -#! /usr/local/bin/perl -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - - -require('coreconf.pl'); - -#######-- read in variables on command line into %var - -$var{ZIP} = "zip"; - -&parse_argv; - - -######-- Do the packaging of jars. - -foreach $jarfile (split(/ /,$var{FILES}) ) { - print STDERR "---------------------------------------------\n"; - print STDERR "Packaging jar file $jarfile....\n"; - - $jarinfo = $var{$jarfile}; - - ($jardir,$jaropts) = split(/\|/,$jarinfo); - - $zipoptions = "-T"; - if ($jaropts =~ /a/) { - if ($var{OS_ARCH} eq 'WINNT') { - $zipoptions .= ' -ll'; - } - } - -# don't compress jar files containing classes since some java -# implementations do not implement decompression correctly - if ( ($jarfile eq 'xpclass.jar') || ($jarfile eq 'xpclass_dbg.jar') ) { - $zipoptions .= ' -0'; - } - - -# just in case the directory ends in a /, remove it - if ($jardir =~ /\/$/) { - chop $jardir; - } - - $dirdepth --; - - print STDERR "jardir = $jardir\n"; - system("ls $jardir"); - - if (-d $jardir) { - - -# count the number of slashes - - $slashes =0; - - foreach $i (split(//,$jardir)) { - if ($i =~ /\//) { - $slashes++; - } - } - - $dotdots =0; - - foreach $i (split(m|/|,$jardir)) { - if ($i eq '..') { - $dotdots ++; - } - } - - $dirdepth = ($slashes +1) - (2*$dotdots); - - print STDERR "changing dir $jardir\n"; - chdir($jardir); - print STDERR "making dir META-INF\n"; - mkdir("META-INF",0755); - - $filelist = ""; - opendir(DIR,"."); - while ($_ = readdir(DIR)) { - if (! ( ($_ eq '.') || ($_ eq '..'))) { - if ( $jaropts =~ /i/) { - if (! /^include$/) { - $filelist .= "$_ "; - } - } - else { - $filelist .= "$_ "; - } - } - } - closedir(DIR); - - print STDERR "zip $zipoptions -r $jarfile $filelist\n"; - system("zip $zipoptions -r $jarfile $filelist"); - rmdir("META-INF"); - for $i (1 .. $dirdepth) { - chdir(".."); - print STDERR "chdir ..\n"; - } - } - else { - print STDERR "Directory $jardir doesn't exist\n"; - } - -} - diff --git a/security/coreconf/rules.mk b/security/coreconf/rules.mk deleted file mode 100644 index 9900c4702..000000000 --- a/security/coreconf/rules.mk +++ /dev/null @@ -1,971 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -####################################################################### -### ### -### R U L E S O F E N G A G E M E N T ### -### ### -####################################################################### - -####################################################################### -# Double-Colon rules for utilizing the binary release model. # -####################################################################### - -all:: export libs program install - -ifeq ($(AUTOCLEAN),1) -autobuild:: clean export private_export libs program install -else -autobuild:: export private_export libs program install -endif - -platform:: - @echo $(OBJDIR_NAME) - - -# -# IMPORTS will always be associated with a component. Therefore, -# the "import" rule will always change directory to the top-level -# of a component, and traverse the IMPORTS keyword from the -# "manifest.mn" file located at this level only. -# -# note: if there is a trailing slash, the component will be appended -# (see import.pl - only used for xpheader.jar) - -import:: - @echo "== import.pl ==" - @perl -I$(CORE_DEPTH)/coreconf $(CORE_DEPTH)/coreconf/import.pl \ - "RELEASE_TREE=$(RELEASE_TREE)" \ - "IMPORTS=$(IMPORTS)" \ - "VERSION=$(VERSION)" \ - "OS_ARCH=$(OS_ARCH)" \ - "PLATFORM=$(PLATFORM)" \ - "OVERRIDE_IMPORT_CHECK=$(OVERRIDE_IMPORT_CHECK)" \ - "ALLOW_VERSION_OVERRIDE=$(ALLOW_VERSION_OVERRIDE)" \ - "SOURCE_RELEASE_PREFIX=$(SOURCE_RELEASE_XP_DIR)" \ - "SOURCE_MD_DIR=$(SOURCE_MD_DIR)" \ - "SOURCE_XP_DIR=$(SOURCE_XP_DIR)" \ - "FILES=$(IMPORT_XPCLASS_JAR) $(XPHEADER_JAR) $(MDHEADER_JAR) $(MDBINARY_JAR)" \ - "$(IMPORT_XPCLASS_JAR)=$(IMPORT_XP_DIR)|$(IMPORT_XPCLASS_DIR)|" \ - "$(XPHEADER_JAR)=$(IMPORT_XP_DIR)|$(SOURCE_XP_DIR)/public/|v" \ - "$(MDHEADER_JAR)=$(IMPORT_MD_DIR)|$(SOURCE_MD_DIR)/include|" \ - "$(MDBINARY_JAR)=$(IMPORT_MD_DIR)|$(SOURCE_MD_DIR)|" - -export:: - +$(LOOP_OVER_DIRS) - -private_export:: - +$(LOOP_OVER_DIRS) - -release_export:: - +$(LOOP_OVER_DIRS) - -release_classes:: - +$(LOOP_OVER_DIRS) - -libs program install:: $(TARGETS) -ifdef LIBRARY - $(INSTALL) -m 664 $(LIBRARY) $(SOURCE_LIB_DIR) -endif -ifdef SHARED_LIBRARY - $(INSTALL) -m 775 $(SHARED_LIBRARY) $(SOURCE_LIB_DIR) -endif -ifdef IMPORT_LIBRARY - $(INSTALL) -m 775 $(IMPORT_LIBRARY) $(SOURCE_LIB_DIR) -endif -ifdef PURE_LIBRARY - $(INSTALL) -m 775 $(PURE_LIBRARY) $(SOURCE_LIB_DIR) -endif -ifdef PROGRAM - $(INSTALL) -m 775 $(PROGRAM) $(SOURCE_BIN_DIR) -endif -ifdef PROGRAMS - $(INSTALL) -m 775 $(PROGRAMS) $(SOURCE_BIN_DIR) -endif - +$(LOOP_OVER_DIRS) - -tests:: - +$(LOOP_OVER_DIRS) - -clean clobber:: - rm -rf $(ALL_TRASH) - +$(LOOP_OVER_DIRS) - -realclean clobber_all:: - rm -rf $(wildcard *.OBJ) dist $(ALL_TRASH) - +$(LOOP_OVER_DIRS) - -#ifdef ALL_PLATFORMS -#all_platforms:: $(NFSPWD) -# @d=`$(NFSPWD)`; \ -# if test ! -d LOGS; then rm -rf LOGS; mkdir LOGS; fi; \ -# for h in $(PLATFORM_HOSTS); do \ -# echo "On $$h: $(MAKE) $(ALL_PLATFORMS) >& LOGS/$$h.log";\ -# rsh $$h -n "(chdir $$d; \ -# $(MAKE) $(ALL_PLATFORMS) >& LOGS/$$h.log; \ -# echo DONE) &" 2>&1 > LOGS/$$h.pid & \ -# sleep 1; \ -# done -# -#$(NFSPWD): -# cd $(@D); $(MAKE) $(@F) -#endif - -####################################################################### -# Double-Colon rules for populating the binary release model. # -####################################################################### - - -release_clean:: - rm -rf $(SOURCE_XP_DIR)/release/$(RELEASE_MD_DIR) - -release:: release_clean release_export release_classes release_policy release_md release_jars release_cpdistdir - -release_cpdistdir:: - @echo "== cpdist.pl ==" - @perl -I$(CORE_DEPTH)/coreconf $(CORE_DEPTH)/coreconf/cpdist.pl \ - "RELEASE_TREE=$(RELEASE_TREE)" \ - "CORE_DEPTH=$(CORE_DEPTH)" \ - "MODULE=${MODULE}" \ - "OS_ARCH=$(OS_ARCH)" \ - "RELEASE=$(RELEASE)" \ - "PLATFORM=$(PLATFORM)" \ - "RELEASE_VERSION=$(RELEASE_VERSION)" \ - "SOURCE_RELEASE_PREFIX=$(SOURCE_RELEASE_XP_DIR)" \ - "RELEASE_XP_DIR=$(RELEASE_XP_DIR)" \ - "RELEASE_MD_DIR=$(RELEASE_MD_DIR)" \ - "FILES=$(XPCLASS_JAR) $(XPCLASS_DBG_JAR) $(XPHEADER_JAR) $(MDHEADER_JAR) $(MDBINARY_JAR) XP_FILES MD_FILES" \ - "$(XPCLASS_JAR)=$(SOURCE_RELEASE_CLASSES_DIR)|x"\ - "$(XPCLASS_DBG_JAR)=$(SOURCE_RELEASE_CLASSES_DBG_DIR)|x"\ - "$(XPHEADER_JAR)=$(SOURCE_RELEASE_XPHEADERS_DIR)|x" \ - "$(MDHEADER_JAR)=$(SOURCE_RELEASE_MDHEADERS_DIR)|m" \ - "$(MDBINARY_JAR)=$(SOURCE_RELEASE_MD_DIR)|m" \ - "XP_FILES=$(XP_FILES)|xf" \ - "MD_FILES=$(MD_FILES)|mf" - - -# $(SOURCE_RELEASE_xxx_JAR) is a name like yyy.jar -# $(SOURCE_RELEASE_xx_DIR) is a name like - -release_jars:: - @echo "== release.pl ==" - @perl -I$(CORE_DEPTH)/coreconf $(CORE_DEPTH)/coreconf/release.pl \ - "RELEASE_TREE=$(RELEASE_TREE)" \ - "PLATFORM=$(PLATFORM)" \ - "OS_ARCH=$(OS_ARCH)" \ - "RELEASE_VERSION=$(RELEASE_VERSION)" \ - "SOURCE_RELEASE_DIR=$(SOURCE_RELEASE_DIR)" \ - "FILES=$(XPCLASS_JAR) $(XPCLASS_DBG_JAR) $(XPHEADER_JAR) $(MDHEADER_JAR) $(MDBINARY_JAR)" \ - "$(XPCLASS_JAR)=$(SOURCE_RELEASE_PREFIX)/$(SOURCE_RELEASE_CLASSES_DIR)|b"\ - "$(XPCLASS_DBG_JAR)=$(SOURCE_RELEASE_PREFIX)/$(SOURCE_RELEASE_CLASSES_DBG_DIR)|b"\ - "$(XPHEADER_JAR)=$(SOURCE_RELEASE_PREFIX)/$(SOURCE_RELEASE_XPHEADERS_DIR)|a" \ - "$(MDHEADER_JAR)=$(SOURCE_RELEASE_PREFIX)/$(SOURCE_RELEASE_MDHEADERS_DIR)|a" \ - "$(MDBINARY_JAR)=$(SOURCE_RELEASE_PREFIX)/$(SOURCE_RELEASE_MD_DIR)|bi" - -# Rules for releasing classes. -# We have to do some REALLY gross stuff to deal with multiple classes in one -# file, as well as nested classes, which have a filename of the form -# ContainingClass$NestedClass.class. -# RELEASE_CLASSES simply performs a required patsubst on CLASSES -# RELEASE_CLASS_PATH is RELEASE_CLASSES with the path (in ns/dist) prepended -# RELEASE_NESTED is all the nested classes in RELEASE_CLASS_PATH. We use a -# foreach and wildcard to get all the files that start out like one of the -# class files, then have a $. So, for each class file, we look for file$* -# RELEASE_FILES is the combination of RELEASE_NESTED and the class files -# specified by RELEASE_CLASSES which have .class appended to them. Note that -# the RELEASE_NESTED don't need to have .class appended because they were -# read in from the wildcard as complete filenames. -# -# The _DBG versions are the debuggable ones. -ifneq ($(CLASSES),) - -RELEASE_CLASSES := $(patsubst %,%,$(CLASSES)) - -ifdef BUILD_OPT - RELEASE_CLASS_PATH := $(patsubst %,$(SOURCE_CLASSES_DIR)/$(PACKAGE)/%, $(RELEASE_CLASSES)) - RELEASE_NESTED := $(foreach file,$(RELEASE_CLASS_PATH),$(wildcard $(file)$$*)) - RELEASE_FILES := $(patsubst %,%.class,$(RELEASE_CLASS_PATH)) $(RELEASE_NESTED) -else - RELEASE_DBG_CLASS_PATH:= $(patsubst %,$(SOURCE_CLASSES_DBG_DIR)/$(PACKAGE)/%, $(RELEASE_CLASSES)) - RELEASE_DBG_NESTED := $(foreach file,$(RELEASE_DBG_CLASS_PATH),$(wildcard $(file)$$*)) - RELEASE_DBG_FILES := $(patsubst %,%.class,$(RELEASE_DBG_CLASS_PATH)) $(RELEASE_DBG_NESTED) -endif - -# Substitute \$ for $ so the shell doesn't choke -ifdef BUILD_OPT -release_classes:: - $(INSTALL) -m 444 $(subst $$,\$$,$(RELEASE_FILES)) $(SOURCE_RELEASE_PREFIX)/$(SOURCE_RELEASE_CLASSES_DIR)/$(PACKAGE) -else -release_classes:: - $(INSTALL) -m 444 $(subst $$,\$$,$(RELEASE_DBG_FILES)) $(SOURCE_RELEASE_PREFIX)/$(SOURCE_RELEASE_CLASSES_DBG_DIR)/$(PACKAGE) -endif - -endif - -ifneq ($(POLICY),) -release_policy:: -ifdef LIBRARY - -$(PLCYPATCH) $(PLCYPATCH_ARGS) $(LIBRARY) -endif -ifdef SHARED_LIBRARY -ifdef COMPRESS_TARGET - if test -f $(SHARED_LIBRARY).bak; then \ - cp $(SHARED_LIBRARY).bak $(SHARED_LIBRARY); \ - fi; -endif - -$(PLCYPATCH) $(PLCYPATCH_ARGS) $(SHARED_LIBRARY) -ifdef COMPRESS_TARGET - $(COMPRESS_TARGET) $(SHARED_LIBRARY) -endif -endif -ifdef IMPORT_LIBRARY - -$(PLCYPATCH) $(PLCYPATCH_ARGS) $(IMPORT_LIBRARY) -endif -ifdef PURE_LIBRARY - -$(PLCYPATCH) $(PLCYPATCH_ARGS) $(PURE_LIBRARY) -endif -ifdef PROGRAM -ifdef COMPRESS_TARGET - if test -f $(PROGRAM).bak; then \ - cp $(PROGRAM).bak $(PROGRAM); \ - fi; -endif - -$(PLCYPATCH) $(PLCYPATCH_ARGS) $(PROGRAM) -ifdef COMPRESS_TARGET - $(COMPRESS_TARGET) $(PROGRAM) -endif -endif -ifdef PROGRAMS - -$(PLCYPATCH) $(PLCYPATCH_ARGS) $(PROGRAMS) -endif - +$(LOOP_OVER_DIRS) -else -release_policy:: - +$(LOOP_OVER_DIRS) -endif - -release_md:: -ifdef LIBRARY - $(INSTALL) -m 444 $(LIBRARY) $(SOURCE_RELEASE_PREFIX)/$(SOURCE_RELEASE_LIB_DIR) -endif -ifdef SHARED_LIBRARY - $(INSTALL) -m 555 $(SHARED_LIBRARY) $(SOURCE_RELEASE_PREFIX)/$(SOURCE_RELEASE_LIB_DIR) -endif -ifdef IMPORT_LIBRARY - $(INSTALL) -m 555 $(IMPORT_LIBRARY) $(SOURCE_RELEASE_PREFIX)/$(SOURCE_RELEASE_LIB_DIR) -endif -ifdef PURE_LIBRARY - $(INSTALL) -m 555 $(PURE_LIBRARY) $(SOURCE_RELEASE_PREFIX)/$(SOURCE_RELEASE_LIB_DIR) -endif -ifdef PROGRAM - $(INSTALL) -m 555 $(PROGRAM) $(SOURCE_RELEASE_PREFIX)/$(SOURCE_RELEASE_BIN_DIR) -endif -ifdef PROGRAMS - $(INSTALL) -m 555 $(PROGRAMS) $(SOURCE_RELEASE_PREFIX)/$(SOURCE_RELEASE_BIN_DIR) -endif - +$(LOOP_OVER_DIRS) - - -alltags: - rm -f TAGS - find . -name dist -prune -o \( -name '*.[hc]' -o -name '*.cp' -o -name '*.cpp' \) -print | xargs etags -a - find . -name dist -prune -o \( -name '*.[hc]' -o -name '*.cp' -o -name '*.cpp' \) -print | xargs ctags -a - -$(PROGRAM): $(OBJS) $(EXTRA_LIBS) - @$(MAKE_OBJDIR) -ifeq ($(OS_ARCH),WINNT) -ifeq ($(OS_TARGET),WIN16) - echo system windows >w16link - echo option map >>w16link - echo option oneautodata >>w16link - echo option heapsize=32K >>w16link - echo debug watcom all >>w16link - echo name $@ >>w16link - echo file >>w16link - echo $(W16OBJS) , >>w16link - echo $(W16LDFLAGS) >> w16link - echo library >>w16link - echo winsock.lib >>w16link - $(LINK) @w16link. - rm w16link -else - $(MKPROG) $(OBJS) -Fe$@ -link $(LDFLAGS) $(EXTRA_LIBS) $(EXTRA_SHARED_LIBS) $(OS_LIBS) -endif -else - $(MKPROG) -o $@ $(CFLAGS) $(OBJS) $(LDFLAGS) $(EXTRA_LIBS) $(EXTRA_SHARED_LIBS) $(OS_LIBS) -endif -ifneq ($(POLICY),) -#ifdef COMPRESS_TARGET -# $(COMPRESS_TARGET) -# We're going to cache a copy to keep around -# cp $(PROGRAM) $(PROGRAM).org -#endif - -$(PLCYPATCH) $(PLCYPATCH_ARGS) $@ -endif - -$(LIBRARY): $(OBJS) - @$(MAKE_OBJDIR) - rm -f $@ - $(AR) $(OBJS) - $(RANLIB) $@ - -ifeq ($(OS_TARGET), WIN16) -$(IMPORT_LIBRARY): $(SHARED_LIBRARY) - wlib +$(SHARED_LIBRARY) -endif - -$(SHARED_LIBRARY): $(OBJS) - @$(MAKE_OBJDIR) - rm -f $@ -ifeq ($(OS_ARCH)$(OS_RELEASE), AIX4.1) - echo "#!" > $(OBJDIR)/lib$(LIBRARY_NAME)_syms - nm -B -C -g $(OBJS) \ - | awk '/ [T,D] / {print $$3}' \ - | sed -e 's/^\.//' \ - | sort -u >> $(OBJDIR)/lib$(LIBRARY_NAME)_syms - $(LD) $(XCFLAGS) -o $@ $(OBJS) -bE:$(OBJDIR)/lib$(LIBRARY_NAME)_syms \ - -bM:SRE -bnoentry $(OS_LIBS) $(EXTRA_LIBS) $(EXTRA_SHARED_LIBS) -else -ifeq ($(OS_ARCH), WINNT) -ifeq ($(OS_TARGET), WIN16) - echo system windows dll initinstance >w16link - echo option map >>w16link - echo option oneautodata >>w16link - echo option heapsize=32K >>w16link - echo debug watcom all >>w16link - echo name $@ >>w16link - echo file >>w16link - echo $(W16OBJS) >>w16link - echo $(W16LIBS) >>w16link - echo libfile libentry >>w16link - $(LINK) @w16link. - rm w16link -else - $(LINK_DLL) -MAP $(DLLBASE) $(OBJS) $(EXTRA_LIBS) $(EXTRA_SHARED_LIBS) $(OS_LIBS) $(LD_LIBS) -endif -else - $(MKSHLIB) -o $@ $(OBJS) $(LD_LIBS) $(EXTRA_LIBS) $(EXTRA_SHARED_LIBS) - chmod +x $@ -endif -endif -ifneq ($(POLICY),) -#ifdef COMPRESS_TARGET -# $(COMPRESS_TARGET) -# cp $@ $@.org -#endif - -$(PLCYPATCH) $(PLCYPATCH_ARGS) $@ -endif - -$(PURE_LIBRARY): - rm -f $@ -ifneq ($(OS_ARCH), WINNT) - $(AR) $(OBJS) -endif - $(RANLIB) $@ - -ifeq ($(OS_ARCH), WINNT) -$(RES): $(RESNAME) - @$(MAKE_OBJDIR) - $(RC) -Fo$(RES) $(RESNAME) - @echo $(RES) finished -endif - -$(OBJDIR)/$(PROG_PREFIX)%$(PROG_SUFFIX): $(OBJDIR)/$(PROG_PREFIX)%$(OBJ_SUFFIX) - @$(MAKE_OBJDIR) -ifeq ($(OS_ARCH),WINNT) - $(MKPROG) $(OBJDIR)/$(PROG_PREFIX)$*$(OBJ_SUFFIX) -Fe$@ -link \ - $(LDFLAGS) $(EXTRA_LIBS) $(EXTRA_SHARED_LIBS) $(OS_LIBS) -else - $(MKPROG) -o $@ $(OBJDIR)/$(PROG_PREFIX)$*$(OBJ_SUFFIX) \ - $(LDFLAGS) $(EXTRA_LIBS) $(EXTRA_SHARED_LIBS) $(OS_LIBS) -endif - -ifdef HAVE_PURIFY -$(OBJDIR)/$(PROG_PREFIX)%.pure: $(OBJDIR)/$(PROG_PREFIX)%$(OBJ_SUFFIX) - @$(MAKE_OBJDIR) -ifeq ($(OS_ARCH),WINNT) - $(PURIFY) $(CC) -Fo$@ -c $(CFLAGS) $(OBJDIR)/$(PROG_PREFIX)$*$(OBJ_SUFFIX) $(PURELDFLAGS) -else - $(PURIFY) $(CC) -o $@ $(CFLAGS) $(OBJDIR)/$(PROG_PREFIX)$*$(OBJ_SUFFIX) $(PURELDFLAGS) -endif -endif - -WCCFLAGS1 := $(subst /,\\,$(CFLAGS)) -WCCFLAGS2 := $(subst -I,-i=,$(WCCFLAGS1)) -WCCFLAGS3 := $(subst -D,-d,$(WCCFLAGS2)) - -$(OBJDIR)/$(PROG_PREFIX)%$(OBJ_SUFFIX): %.c - @$(MAKE_OBJDIR) -ifeq ($(OS_ARCH), WINNT) -ifeq ($(OS_TARGET), WIN16) - echo $(WCCFLAGS3) >w16wccf - $(CC) -zq -fo$(OBJDIR)\\$(PROG_PREFIX)$*$(OBJ_SUFFIX) @w16wccf $*.c - rm w16wccf -else - $(CC) -Fo$@ -c $(CFLAGS) $*.c -endif -else - $(CC) -o $@ -c $(CFLAGS) $*.c -endif - -ifneq ($(OS_ARCH), WINNT) -$(OBJDIR)/$(PROG_PREFIX)%$(OBJ_SUFFIX): %.s - @$(MAKE_OBJDIR) - $(AS) -o $@ $(ASFLAGS) -c $*.s -endif - -$(OBJDIR)/$(PROG_PREFIX)%$(OBJ_SUFFIX): %.asm - @$(MAKE_OBJDIR) - $(AS) -Fo$@ $(ASFLAGS) -c $*.asm - -$(OBJDIR)/$(PROG_PREFIX)%$(OBJ_SUFFIX): %.S - @$(MAKE_OBJDIR) - $(AS) -o $@ $(ASFLAGS) -c $*.S - -$(OBJDIR)/$(PROG_PREFIX)%: %.cpp - @$(MAKE_OBJDIR) -ifeq ($(OS_ARCH), WINNT) - $(CCC) -Fo$@ -c $(CFLAGS) $< -else - $(CCC) -o $@ -c $(CFLAGS) $< -endif - -# -# Please keep the next two rules in sync. -# -$(OBJDIR)/$(PROG_PREFIX)%$(OBJ_SUFFIX): %.cc - @$(MAKE_OBJDIR) - $(CCC) -o $@ -c $(CFLAGS) $*.cc - -$(OBJDIR)/$(PROG_PREFIX)%$(OBJ_SUFFIX): %.cpp - @$(MAKE_OBJDIR) -ifdef STRICT_CPLUSPLUS_SUFFIX - echo "#line 1 \"$*.cpp\"" | cat - $*.cpp > $(OBJDIR)/t_$*.cc - $(CCC) -o $@ -c $(CFLAGS) $(OBJDIR)/t_$*.cc - rm -f $(OBJDIR)/t_$*.cc -else -ifeq ($(OS_ARCH),WINNT) - $(CCC) -Fo$@ -c $(CFLAGS) $*.cpp -else - $(CCC) -o $@ -c $(CFLAGS) $*.cpp -endif -endif #STRICT_CPLUSPLUS_SUFFIX - -%.i: %.cpp -ifeq ($(OS_TARGET), WIN16) - echo $(WCCFLAGS3) >w16wccf - $(CCC) -pl -fo=$* @w16wccf $*.cpp - rm w16wccf -else - $(CCC) -C -E $(CFLAGS) $< > $*.i -endif - -%.i: %.c -ifeq ($(OS_TARGET), WIN16) - echo $(WCCFLAGS3) >w16wccf - $(CC) -pl -fo=$* @w16wccf $*.c - rm w16wccf -else -ifeq ($(OS_ARCH),WINNT) - $(CC) -C /P $(CFLAGS) $< -else - $(CC) -C -E $(CFLAGS) $< > $*.i -endif -endif - -ifneq ($(OS_ARCH), WINNT) -%.i: %.s - $(CC) -C -E $(CFLAGS) $< > $*.i -endif - -%: %.pl - rm -f $@; cp $*.pl $@; chmod +x $@ - -%: %.sh - rm -f $@; cp $*.sh $@; chmod +x $@ - -ifdef DIRS -$(DIRS):: - @if test -d $@; then \ - set $(EXIT_ON_ERROR); \ - echo "cd $@; $(MAKE)"; \ - cd $@; $(MAKE); \ - set +e; \ - else \ - echo "Skipping non-directory $@..."; \ - fi; \ - $(CLICK_STOPWATCH) -endif - -################################################################################ -# Bunch of things that extend the 'export' rule (in order): -################################################################################ - -$(JAVA_DESTPATH) $(JAVA_DESTPATH)/$(PACKAGE) $(JMCSRCDIR):: - @if test ! -d $@; then \ - echo Creating $@; \ - rm -rf $@; \ - $(NSINSTALL) -D $@; \ - fi - -################################################################################ -## IDL_GEN - -ifneq ($(IDL_GEN),) - -#export:: -# $(IDL2JAVA) $(IDL_GEN) - -#all:: export - -#clobber:: -# rm -f $(IDL_GEN:.idl=.class) # XXX wrong! - -endif - -################################################################################ -### JSRCS -- for compiling java files -### -### NOTE: For backwards compatibility, if $(NETLIBDEPTH) is defined, -### replace $(CORE_DEPTH) with $(NETLIBDEPTH). -### - -ifneq ($(JSRCS),) -ifneq ($(JAVAC),) -ifdef NETLIBDEPTH - CORE_DEPTH := $(NETLIBDEPTH) -endif - -JAVA_EXPORT_SRCS=$(shell perl $(CORE_DEPTH)/coreconf/outofdate.pl $(PERLARG) -d $(JAVA_DESTPATH)/$(PACKAGE) $(JSRCS) $(PRIVATE_JSRCS)) - -export:: $(JAVA_DESTPATH) $(JAVA_DESTPATH)/$(PACKAGE) -ifneq ($(JAVA_EXPORT_SRCS),) - $(JAVAC) $(JAVA_EXPORT_SRCS) -endif - -all:: export - -clobber:: - rm -f $(SOURCE_XP_DIR)/classes/$(PACKAGE)/*.class - -endif -endif - -# -# JDIRS -- like JSRCS, except you can give a list of directories and it will -# compile all the out-of-date java files in those directories. -# -# NOTE: recursing through these can speed things up, but they also cause -# some builds to run out of memory -# -# NOTE: For backwards compatibility, if $(NETLIBDEPTH) is defined, -# replace $(CORE_DEPTH) with $(NETLIBDEPTH). -# -ifdef JDIRS -ifneq ($(JAVAC),) -ifdef NETLIBDEPTH - CORE_DEPTH := $(NETLIBDEPTH) -endif - -export:: $(JAVA_DESTPATH) $(JAVA_DESTPATH)/$(PACKAGE) - @for d in $(JDIRS); do \ - if test -d $$d; then \ - set $(EXIT_ON_ERROR); \ - files=`echo $$d/*.java`; \ - list=`perl $(CORE_DEPTH)/coreconf/outofdate.pl $(PERLARG) \ - -d $(JAVA_DESTPATH)/$(PACKAGE) $$files`; \ - if test "$${list}x" != "x"; then \ - echo Building all java files in $$d; \ - echo $(JAVAC) $$list; \ - $(JAVAC) $$list; \ - fi; \ - set +e; \ - else \ - echo "Skipping non-directory $$d..."; \ - fi; \ - $(CLICK_STOPWATCH); \ - done -endif -endif - -# -# JDK_GEN -- for generating "old style" native methods -# -# Generate JDK Headers and Stubs into the '_gen' and '_stubs' directory -# -# NOTE: For backwards compatibility, if $(NETLIBDEPTH) is defined, -# replace $(CORE_DEPTH) with $(NETLIBDEPTH). -# -ifneq ($(JDK_GEN),) -ifneq ($(JAVAH),) -ifdef NSBUILDROOT - INCLUDES += -I$(JDK_GEN_DIR) -I$(SOURCE_XP_DIR) -else - INCLUDES += -I$(JDK_GEN_DIR) -endif - -ifdef NETLIBDEPTH - CORE_DEPTH := $(NETLIBDEPTH) -endif - -JDK_PACKAGE_CLASSES := $(JDK_GEN) -JDK_PATH_CLASSES := $(subst .,/,$(JDK_PACKAGE_CLASSES)) -JDK_HEADER_CLASSFILES := $(patsubst %,$(JAVA_DESTPATH)/%.class,$(JDK_PATH_CLASSES)) -JDK_STUB_CLASSFILES := $(patsubst %,$(JAVA_DESTPATH)/%.class,$(JDK_PATH_CLASSES)) -JDK_HEADER_CFILES := $(patsubst %,$(JDK_GEN_DIR)/%.h,$(JDK_GEN)) -JDK_STUB_CFILES := $(patsubst %,$(JDK_STUB_DIR)/%.c,$(JDK_GEN)) - -$(JDK_HEADER_CFILES): $(JDK_HEADER_CLASSFILES) -$(JDK_STUB_CFILES): $(JDK_STUB_CLASSFILES) - -export:: - @echo Generating/Updating JDK headers - $(JAVAH) -d $(JDK_GEN_DIR) $(JDK_PACKAGE_CLASSES) - @echo Generating/Updating JDK stubs - $(JAVAH) -stubs -d $(JDK_STUB_DIR) $(JDK_PACKAGE_CLASSES) -ifndef NO_MAC_JAVA_SHIT - @if test ! -d $(CORE_DEPTH)/lib/mac/Java/; then \ - echo "!!! You need to have a ns/lib/mac/Java directory checked out."; \ - echo "!!! This allows us to automatically update generated files for the mac."; \ - echo "!!! If you see any modified files there, please check them in."; \ - fi - @echo Generating/Updating JDK headers for the Mac - $(JAVAH) -mac -d $(CORE_DEPTH)/lib/mac/Java/_gen $(JDK_PACKAGE_CLASSES) - @echo Generating/Updating JDK stubs for the Mac - $(JAVAH) -mac -stubs -d $(CORE_DEPTH)/lib/mac/Java/_stubs $(JDK_PACKAGE_CLASSES) -endif -endif -endif - -# -# JRI_GEN -- for generating "old style" JRI native methods -# -# Generate JRI Headers and Stubs into the 'jri' directory -# -# NOTE: For backwards compatibility, if $(NETLIBDEPTH) is defined, -# replace $(CORE_DEPTH) with $(NETLIBDEPTH). -# -ifneq ($(JRI_GEN),) -ifneq ($(JAVAH),) -ifdef NSBUILDROOT - INCLUDES += -I$(JRI_GEN_DIR) -I$(SOURCE_XP_DIR) -else - INCLUDES += -I$(JRI_GEN_DIR) -endif - -ifdef NETLIBDEPTH - CORE_DEPTH := $(NETLIBDEPTH) -endif - -JRI_PACKAGE_CLASSES := $(JRI_GEN) -JRI_PATH_CLASSES := $(subst .,/,$(JRI_PACKAGE_CLASSES)) -JRI_HEADER_CLASSFILES := $(patsubst %,$(JAVA_DESTPATH)/%.class,$(JRI_PATH_CLASSES)) -JRI_STUB_CLASSFILES := $(patsubst %,$(JAVA_DESTPATH)/%.class,$(JRI_PATH_CLASSES)) -JRI_HEADER_CFILES := $(patsubst %,$(JRI_GEN_DIR)/%.h,$(JRI_GEN)) -JRI_STUB_CFILES := $(patsubst %,$(JRI_GEN_DIR)/%.c,$(JRI_GEN)) - -$(JRI_HEADER_CFILES): $(JRI_HEADER_CLASSFILES) -$(JRI_STUB_CFILES): $(JRI_STUB_CLASSFILES) - -export:: - @echo Generating/Updating JRI headers - $(JAVAH) -jri -d $(JRI_GEN_DIR) $(JRI_PACKAGE_CLASSES) - @echo Generating/Updating JRI stubs - $(JAVAH) -jri -stubs -d $(JRI_GEN_DIR) $(JRI_PACKAGE_CLASSES) -ifndef NO_MAC_JAVA_SHIT - @if test ! -d $(CORE_DEPTH)/lib/mac/Java/; then \ - echo "!!! You need to have a ns/lib/mac/Java directory checked out."; \ - echo "!!! This allows us to automatically update generated files for the mac."; \ - echo "!!! If you see any modified files there, please check them in."; \ - fi - @echo Generating/Updating JRI headers for the Mac - $(JAVAH) -jri -mac -d $(CORE_DEPTH)/lib/mac/Java/_jri $(JRI_PACKAGE_CLASSES) - @echo Generating/Updating JRI stubs for the Mac - $(JAVAH) -jri -mac -stubs -d $(CORE_DEPTH)/lib/mac/Java/_jri $(JRI_PACKAGE_CLASSES) -endif -endif -endif - -# -# JNI_GEN -- for generating JNI native methods -# -# Generate JNI Headers into the 'jni' directory -# -ifneq ($(JNI_GEN),) -ifneq ($(JAVAH),) -JNI_HEADERS := $(patsubst %,$(JNI_GEN_DIR)/%.h,$(JNI_GEN)) - -export:: - @if test ! -d $(JNI_GEN_DIR); then \ - echo $(JAVAH) -jni -d $(JNI_GEN_DIR) $(JNI_GEN); \ - $(JAVAH) -jni -d $(JNI_GEN_DIR) $(JNI_GEN); \ - else \ - echo "Checking for out of date header files" ; \ - cmd="perl $(CORE_DEPTH)/coreconf/jniregen.pl $(PERLARG) \ - -d $(JAVA_DESTPATH) $(JNI_GEN)"; \ - echo $$cmd; \ - list=`$$cmd`; \ - if test "$${list}x" != "x"; then \ - echo $(JAVAH) -jni -d $(JNI_GEN_DIR) $$list; \ - $(JAVAH) -jni -d $(JNI_GEN_DIR) $$list; \ - fi \ - fi -endif -endif - -# -# JMC_EXPORT -- for declaring which java classes are to be exported for jmc -# -ifneq ($(JMC_EXPORT),) -JMC_EXPORT_PATHS := $(subst .,/,$(JMC_EXPORT)) -JMC_EXPORT_FILES := $(patsubst %,$(JAVA_DESTPATH)/$(PACKAGE)/%.class,$(JMC_EXPORT_PATHS)) - -# -# We're doing NSINSTALL -t here (copy mode) because calling INSTALL will pick up -# your NSDISTMODE and make links relative to the current directory. This is a -# problem because the source isn't in the current directory: -# -export:: $(JMC_EXPORT_FILES) $(JMCSRCDIR) - $(NSINSTALL) -t -m 444 $(JMC_EXPORT_FILES) $(JMCSRCDIR) -endif - -# -# JMC_GEN -- for generating java modules -# -# Provide default export & install rules when using JMC_GEN -# -ifneq ($(JMC_GEN),) -ifneq ($(JMC),) - INCLUDES += -I$(JMC_GEN_DIR) -I. - JMC_HEADERS := $(patsubst %,$(JMC_GEN_DIR)/%.h,$(JMC_GEN)) - JMC_STUBS := $(patsubst %,$(JMC_GEN_DIR)/%.c,$(JMC_GEN)) - JMC_OBJS := $(patsubst %,$(OBJDIR)/%$(OBJ_SUFFIX),$(JMC_GEN)) - -$(JMC_GEN_DIR)/M%.h: $(JMCSRCDIR)/%.class - $(JMC) -d $(JMC_GEN_DIR) -interface $(JMC_GEN_FLAGS) $(?F:.class=) - -$(JMC_GEN_DIR)/M%.c: $(JMCSRCDIR)/%.class - $(JMC) -d $(JMC_GEN_DIR) -module $(JMC_GEN_FLAGS) $(?F:.class=) - -$(OBJDIR)/M%$(OBJ_SUFFIX): $(JMC_GEN_DIR)/M%.h $(JMC_GEN_DIR)/M%.c - @$(MAKE_OBJDIR) - $(CC) -o $@ -c $(CFLAGS) $(JMC_GEN_DIR)/M$*.c - -export:: $(JMC_HEADERS) $(JMC_STUBS) -endif -endif - -# -# Copy each element of EXPORTS to $(SOURCE_XP_DIR)/public/$(MODULE)/ -# -PUBLIC_EXPORT_DIR = $(SOURCE_XP_DIR)/public/$(MODULE) -ifeq ($(OS_ARCH),WINNT) -ifeq ($(OS_TARGET),WIN16) -PUBLIC_EXPORT_DIR = $(SOURCE_XP_DIR)/public/win16 -endif -endif - -ifneq ($(EXPORTS),) -$(PUBLIC_EXPORT_DIR):: - @if test ! -d $@; then \ - echo Creating $@; \ - $(NSINSTALL) -D $@; \ - fi - -export:: $(EXPORTS) $(PUBLIC_EXPORT_DIR) - $(INSTALL) -m 444 $(EXPORTS) $(PUBLIC_EXPORT_DIR) -endif - -# Duplicate export rule for private exports, with different directories - -PRIVATE_EXPORT_DIR = $(SOURCE_XP_DIR)/private/$(MODULE) -ifeq ($(OS_ARCH),WINNT) -ifeq ($(OS_TARGET),WIN16) -PRIVATE_EXPORT_DIR = $(SOURCE_XP_DIR)/public/win16 -endif -endif - -ifneq ($(PRIVATE_EXPORTS),) -$(PRIVATE_EXPORT_DIR):: - @if test ! -d $@; then \ - echo Creating $@; \ - $(NSINSTALL) -D $@; \ - fi - -private_export:: $(PRIVATE_EXPORTS) $(PRIVATE_EXPORT_DIR) - $(INSTALL) -m 444 $(PRIVATE_EXPORTS) $(PRIVATE_EXPORT_DIR) -else -private_export:: - @echo There are no private exports.; -endif - -########################################################################## -### RULES FOR RUNNING REGRESSION SUITE TESTS -### REQUIRES 'REGRESSION_SPEC' TO BE SET TO THE NAME OF A REGRESSION SPECFILE -### AND RESULTS_SUBDIR TO BE SET TO SOMETHING LIKE SECURITY/PKCS5 -########################################################################## - -TESTS_DIR = $(RESULTS_DIR)/$(RESULTS_SUBDIR)/$(OS_CONFIG)$(CPU_TAG)$(COMPILER_TAG)$(IMPL_STRATEGY) - -ifneq ($(REGRESSION_SPEC),) -tests:: $(REGRESSION_SPEC) - cd $(PLATFORM); \ - ../$(SOURCE_MD_DIR)/bin/regress$(PROG_SUFFIX) specfile=../$(REGRESSION_SPEC) progress $(EXTRA_REGRESS_OPTIONS); \ - if test ! -d $(TESTS_DIR); then \ - echo Creating $(TESTS_DIR); \ - $(NSINSTALL) -D $(TESTS_DIR); \ - fi -ifneq ($(BUILD_OPT),) - $(NSINSTALL) -m 664 $(PLATFORM)/$(REGDATE).sum $(TESTS_DIR); \ - $(NSINSTALL) -m 664 $(PLATFORM)/$(REGDATE).htm $(TESTS_DIR); \ - echo "Please now make sure your results files are copied to $(TESTS_DIR), "; \ - echo "then run 'reporter specfile=$(RESULTS_DIR)/rptspec'" -endif -else -tests:: - @echo Error: you didn't specify REGRESSION_SPEC in your manifest.mn file!; -endif - - -# Duplicate export rule for releases, with different directories - -ifneq ($(EXPORTS),) -$(SOURCE_RELEASE_XP_DIR)/include:: - @if test ! -d $@; then \ - echo Creating $@; \ - $(NSINSTALL) -D $@; \ - fi - -release_export:: $(EXPORTS) $(SOURCE_RELEASE_XP_DIR)/include - $(INSTALL) -m 444 $(EXPORTS) $(SOURCE_RELEASE_XP_DIR)/include -endif - - - - -################################################################################ - --include $(DEPENDENCIES) - -ifneq ($(OS_ARCH),WINNT) -# Can't use sed because of its 4000-char line length limit, so resort to perl -.DEFAULT: - @perl -e ' \ - open(MD, "< $(DEPENDENCIES)"); \ - while (<MD>) { \ - if (m@ \.*/*$< @) { \ - $$found = 1; \ - last; \ - } \ - } \ - if ($$found) { \ - print "Removing stale dependency $< from $(DEPENDENCIES)\n"; \ - seek(MD, 0, 0); \ - $$tmpname = "$(OBJDIR)/fix.md" . $$$$; \ - open(TMD, "> " . $$tmpname); \ - while (<MD>) { \ - s@ \.*/*$< @ @; \ - if (!print TMD "$$_") { \ - unlink(($$tmpname)); \ - exit(1); \ - } \ - } \ - close(TMD); \ - if (!rename($$tmpname, "$(DEPENDENCIES)")) { \ - unlink(($$tmpname)); \ - } \ - } elsif ("$<" ne "$(DEPENDENCIES)") { \ - print "$(MAKE): *** No rule to make target $<. Stop.\n"; \ - exit(1); \ - }' -endif - -############################################################################# -# X dependency system -############################################################################# - -ifdef MKDEPENDENCIES - -# For Windows, $(MKDEPENDENCIES) must be -included before including rules.mk - -$(MKDEPENDENCIES):: - @$(MAKE_OBJDIR) - touch $(MKDEPENDENCIES) - chmod u+w $(MKDEPENDENCIES) -#on NT, the preceeding touch command creates a read-only file !?!?! -#which is why we have to explicitly chmod it. - $(MKDEPEND) -p$(OBJDIR_NAME)/ -o'$(OBJ_SUFFIX)' -f$(MKDEPENDENCIES) \ -$(NOMD_CFLAGS) $(YOPT) $(CSRCS) $(CPPSRCS) $(ASFILES) - -$(MKDEPEND):: $(MKDEPEND_DIR)/*.c $(MKDEPEND_DIR)/*.h - cd $(MKDEPEND_DIR); $(MAKE) - -ifdef OBJS -depend:: $(MKDEPEND) $(MKDEPENDENCIES) -else -depend:: -endif - +$(LOOP_OVER_DIRS) - -dependclean:: - rm -f $(MKDEPENDENCIES) - +$(LOOP_OVER_DIRS) - -#-include $(NSINSTALL_DIR)/$(OBJDIR)/depend.mk - -else -depend:: -endif - -################################################################################ -# Special gmake rules. -################################################################################ - -# -# Re-define the list of default suffixes, so gmake won't have to churn through -# hundreds of built-in suffix rules for stuff we don't need. -# -.SUFFIXES: -.SUFFIXES: .out .a .ln .o .obj .c .cc .C .cpp .y .l .s .S .h .sh .i .pl .class .java .html .asm - -# -# Don't delete these files if we get killed. -# -.PRECIOUS: .java $(JDK_HEADERS) $(JDK_STUBS) $(JRI_HEADERS) $(JRI_STUBS) $(JMC_HEADERS) $(JMC_STUBS) $(JNI_HEADERS) - -# -# Fake targets. Always run these rules, even if a file/directory with that -# name already exists. -# -.PHONY: all all_platforms alltags boot clean clobber clobber_all export install libs realclean release $(OBJDIR) $(DIRS) - diff --git a/security/coreconf/ruleset.mk b/security/coreconf/ruleset.mk deleted file mode 100644 index 16c19bc7b..000000000 --- a/security/coreconf/ruleset.mk +++ /dev/null @@ -1,362 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -####################################################################### -# # -# Parameters to this makefile (set these in this file): # -# # -# a) # -# TARGETS -- the target to create # -# (defaults to $LIBRARY $PROGRAM) # -# b) # -# DIRS -- subdirectories for make to recurse on # -# (the 'all' rule builds $TARGETS $DIRS) # -# c) # -# CSRCS, CPPSRCS -- .c and .cpp files to compile # -# (used to define $OBJS) # -# d) # -# PROGRAM -- the target program name to create from $OBJS # -# ($OBJDIR automatically prepended to it) # -# e) # -# LIBRARY -- the target library name to create from $OBJS # -# ($OBJDIR automatically prepended to it) # -# f) # -# JSRCS -- java source files to compile into class files # -# (if you don't specify this it will default # -# to *.java) # -# g) # -# PACKAGE -- the package to put the .class files into # -# (e.g. netscape/applet) # -# (NOTE: the default definition for this may be # -# overridden if "jdk.mk" is included) # -# h) # -# JMC_EXPORT -- java files to be exported for use by JMC_GEN # -# (this is a list of Class names) # -# i) # -# JRI_GEN -- files to run through javah to generate headers # -# and stubs # -# (output goes into the _jri sub-dir) # -# j) # -# JMC_GEN -- files to run through jmc to generate headers # -# and stubs # -# (output goes into the _jmc sub-dir) # -# k) # -# JNI_GEN -- files to run through javah to generate headers # -# (output goes into the _jni sub-dir) # -# # -####################################################################### - -# -# At this time, the CPU_TAG value is actually assigned. -# - -CPU_TAG = - -# -# When the processor is NOT 386-based on Windows NT, override the -# value of $(CPU_TAG). -# -ifeq ($(OS_ARCH), WINNT) - ifneq ($(CPU_ARCH),x386) - CPU_TAG = _$(CPU_ARCH) - endif -endif - -# -# Always set CPU_TAG on Linux. -# -ifeq ($(OS_ARCH), Linux) - CPU_TAG = _$(CPU_ARCH) -endif - -# -# At this time, the COMPILER_TAG value is actually assigned. -# - -ifndef COMPILER_TAG -ifneq ($(DEFAULT_COMPILER), $(CC)) -# -# Temporary define for the Client; to be removed when binary release is used -# - ifdef MOZILLA_CLIENT - COMPILER_TAG = - else - COMPILER_TAG = _$(CC) - endif -else - COMPILER_TAG = -endif -endif - -# -# At this time, a default value of $(CC) is assigned to MKPROG. -# - -ifeq ($(MKPROG),) - MKPROG = $(CC) -endif - -# -# This makefile contains rules for building the following kinds of -# objects: -# - (1) LIBRARY: a static (archival) library -# - (2) SHARED_LIBRARY: a shared (dynamic link) library -# - (3) IMPORT_LIBRARY: an import library, used only on Windows -# - (4) PURE_LIBRARY: a library for Purify -# - (5) PROGRAM: an executable binary -# -# NOTE: The names of libraries can be generated by simply specifying -# LIBRARY_NAME (and LIBRARY_VERSION in the case of non-static libraries). -# - -ifdef LIBRARY_NAME - ifeq ($(OS_ARCH), WINNT) - # - # Win16 requires library names conforming to the 8.3 rule. - # other platforms do not. - # - LIBRARY = $(OBJDIR)/$(LIBRARY_NAME).lib - ifeq ($(OS_TARGET), WIN16) - SHARED_LIBRARY = $(OBJDIR)/$(LIBRARY_NAME)$(LIBRARY_VERSION)16$(JDK_DEBUG_SUFFIX).dll - IMPORT_LIBRARY = $(OBJDIR)/$(LIBRARY_NAME)$(LIBRARY_VERSION)16$(JDK_DEBUG_SUFFIX).lib - else - SHARED_LIBRARY = $(OBJDIR)/$(LIBRARY_NAME)$(LIBRARY_VERSION)32$(JDK_DEBUG_SUFFIX).dll - IMPORT_LIBRARY = $(OBJDIR)/$(LIBRARY_NAME)$(LIBRARY_VERSION)32$(JDK_DEBUG_SUFFIX).lib - endif - else - LIBRARY = $(OBJDIR)/lib$(LIBRARY_NAME).$(LIB_SUFFIX) - ifeq ($(OS_ARCH)$(OS_RELEASE), AIX4.1) - SHARED_LIBRARY = $(OBJDIR)/lib$(LIBRARY_NAME)$(LIBRARY_VERSION)_shr$(JDK_DEBUG_SUFFIX).a - else - SHARED_LIBRARY = $(OBJDIR)/lib$(LIBRARY_NAME)$(LIBRARY_VERSION)$(JDK_DEBUG_SUFFIX).$(DLL_SUFFIX) - endif - - ifdef HAVE_PURIFY - ifdef DSO_BACKEND - PURE_LIBRARY = $(OBJDIR)/purelib$(LIBRARY_NAME)$(LIBRARY_VERSION)$(JDK_DEBUG_SUFFIX).$(DLL_SUFFIX) - else - PURE_LIBRARY = $(OBJDIR)/purelib$(LIBRARY_NAME).$(LIB_SUFFIX) - endif - endif - endif -endif - -# -# Common rules used by lots of makefiles... -# - -ifdef PROGRAM - PROGRAM := $(addprefix $(OBJDIR)/, $(PROGRAM)$(JDK_DEBUG_SUFFIX)$(PROG_SUFFIX)) -endif - -ifdef PROGRAMS - PROGRAMS := $(addprefix $(OBJDIR)/, $(PROGRAMS:%=%$(JDK_DEBUG_SUFFIX)$(PROG_SUFFIX))) -endif - -ifndef TARGETS - ifeq ($(OS_ARCH), WINNT) - TARGETS = $(LIBRARY) $(SHARED_LIBRARY) $(IMPORT_LIBRARY) $(PROGRAM) - else - TARGETS = $(LIBRARY) $(SHARED_LIBRARY) - ifdef HAVE_PURIFY - TARGETS += $(PURE_LIBRARY) - endif - TARGETS += $(PROGRAM) - endif -endif - -ifndef OBJS - SIMPLE_OBJS = $(JRI_STUB_CFILES) \ - $(addsuffix $(OBJ_SUFFIX), $(JMC_GEN)) \ - $(CSRCS:.c=$(OBJ_SUFFIX)) \ - $(CPPSRCS:.cpp=$(OBJ_SUFFIX)) \ - $(ASFILES:$(ASM_SUFFIX)=$(OBJ_SUFFIX)) - OBJS = $(addprefix $(OBJDIR)/$(PROG_PREFIX), $(SIMPLE_OBJS)) -endif - -ifeq ($(OS_TARGET), WIN16) - comma := , - empty := - space := $(empty) $(empty) - W16OBJS := $(subst $(space),$(comma)$(space),$(strip $(OBJS))) - W16TEMP = $(OS_LIBS) $(EXTRA_LIBS) - ifeq ($(strip $(W16TEMP)),) - W16LIBS = - else - W16LIBS := library $(subst $(space),$(comma)$(space),$(strip $(W16TEMP))) - endif -endif - -ifeq ($(OS_ARCH),WINNT) - ifneq ($(OS_TARGET), WIN16) - OBJS += $(RES) - endif - MAKE_OBJDIR = $(INSTALL) -D $(OBJDIR) -else - define MAKE_OBJDIR - if test ! -d $(@D); then rm -rf $(@D); $(NSINSTALL) -D $(@D); fi - endef -endif - -ifndef PACKAGE - PACKAGE = . -endif - -ALL_TRASH := $(TARGETS) $(OBJS) $(OBJDIR) LOGS TAGS $(GARBAGE) \ - $(NOSUCHFILE) $(JDK_HEADER_CFILES) $(JDK_STUB_CFILES) \ - $(JRI_HEADER_CFILES) $(JRI_STUB_CFILES) $(JNI_HEADERS) $(JMC_STUBS) \ - $(JMC_HEADERS) $(JMC_EXPORT_FILES) so_locations \ - _gen _jmc _jri _jni _stubs \ - $(wildcard $(JAVA_DESTPATH)/$(PACKAGE)/*.class) - -ifdef JDIRS - ALL_TRASH += $(addprefix $(JAVA_DESTPATH)/,$(JDIRS)) -endif - -ifdef NSBUILDROOT - JDK_GEN_DIR = $(SOURCE_XP_DIR)/_gen - JMC_GEN_DIR = $(SOURCE_XP_DIR)/_jmc - JNI_GEN_DIR = $(SOURCE_XP_DIR)/_jni - JRI_GEN_DIR = $(SOURCE_XP_DIR)/_jri - JDK_STUB_DIR = $(SOURCE_XP_DIR)/_stubs -else - JDK_GEN_DIR = _gen - JMC_GEN_DIR = _jmc - JNI_GEN_DIR = _jni - JRI_GEN_DIR = _jri - JDK_STUB_DIR = _stubs -endif - -# -# If this is an "official" build, try to build everything. -# I.e., don't exit on errors. -# - -ifdef BUILD_OFFICIAL - EXIT_ON_ERROR = +e - CLICK_STOPWATCH = date -else - EXIT_ON_ERROR = -e - CLICK_STOPWATCH = true -endif - -ifdef REQUIRES -ifeq ($(OS_TARGET),WIN16) - INCLUDES += -I$(SOURCE_XP_DIR)/public/win16 -else - MODULE_INCLUDES := $(addprefix -I$(SOURCE_XP_DIR)/public/, $(REQUIRES)) - INCLUDES += $(MODULE_INCLUDES) - ifeq ($(MODULE), sectools) - PRIVATE_INCLUDES := $(addprefix -I$(SOURCE_XP_DIR)/private/, $(REQUIRES)) - INCLUDES += $(PRIVATE_INCLUDES) - endif -endif -endif - -ifdef SYSTEM_INCL_DIR - YOPT = -Y$(SYSTEM_INCL_DIR) -endif - -ifdef DIRS - LOOP_OVER_DIRS = \ - @for directory in $(DIRS); do \ - if test -d $$directory; then \ - set $(EXIT_ON_ERROR); \ - echo "cd $$directory; $(MAKE) $@"; \ - $(MAKE) -C $$directory $@; \ - set +e; \ - else \ - echo "Skipping non-directory $$directory..."; \ - fi; \ - $(CLICK_STOPWATCH); \ - done -endif - - - -# special stuff for tests rule in rules.mk - -ifneq ($(OS_ARCH),WINNT) - REGDATE = $(subst \ ,, $(shell perl $(CORE_DEPTH)/$(MODULE)/scripts/now)) -else - REGCOREDEPTH = $(subst \\,/,$(CORE_DEPTH)) - REGDATE = $(subst \ ,, $(shell perl $(CORE_DEPTH)/$(MODULE)/scripts/now)) -endif - -# -# export control policy patcher program and arguments -# - -PLCYPATCH = $(SOURCE_BIN_DIR)/plcypatch$(PROG_SUFFIX) - -DOMESTIC_POLICY = -us -EXPORT_POLICY = -ex -FRANCE_POLICY = -fr - -ifeq ($(POLICY), domestic) - PLCYPATCH_ARGS = $(DOMESTIC_POLICY) -else - ifeq ($(POLICY), export) - PLCYPATCH_ARGS = $(EXPORT_POLICY) - else - ifeq ($(POLICY), france) - PLCYPATCH_ARGS = $(FRANCE_POLICY) - else - PLCYPATCH_ARGS = - endif - endif -endif - -# -# Compressor for executables and DLLs on Win32. Reduces download footprint -# and helps solve some export control problem. -# -# PKLIT32C Program must be installed to be used. Path below is the default -# installation path. No site license is available for this program. -# -ifeq ($(OS_ARCH), WINNT) -ifdef BUILD_OPT - -PKLITE = $(shell which PKLIT32C.EXE) -PKLITE_ARGS = -is.rdata - -#COMPRESS_TARGET = \ -# @if test -f $(PKLITE); then \ -# echo $(PKLITE) $(PKLITE_ARGS) $@; \ -# $(PKLITE) $(PKLITE_ARGS) $@; fi -ifneq ($(PKLITE), ) -COMPRESS_TARGET = pklit32c.exe $(PKLITE_ARGS) -endif - -endif -endif diff --git a/security/coreconf/source.mk b/security/coreconf/source.mk deleted file mode 100644 index 17f9a530d..000000000 --- a/security/coreconf/source.mk +++ /dev/null @@ -1,174 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -####################################################################### -# Master <component>-specific source import/export directories # -####################################################################### - -# -# <user_source_tree> master import/export directory prefix -# - -SOURCE_PREFIX = $(CORE_DEPTH)/dist -ifdef MOZILLA_SECURITY_BUILD -SOURCE_PREFIX = $(CORE_DEPTH)/../dist -else -ifdef MOZILLA_CLIENT -SOURCE_PREFIX = $(CORE_DEPTH)/../mozilla/dist -endif -endif - - -# -# <user_source_tree> cross-platform (xp) master import/export directory -# - -SOURCE_XP_DIR = $(SOURCE_PREFIX) - -# -# <user_source_tree> cross-platform (xp) import/export directories -# - -SOURCE_CLASSES_DIR = $(SOURCE_XP_DIR)/classes -SOURCE_CLASSES_DBG_DIR = $(SOURCE_XP_DIR)/classes_DBG -SOURCE_XPHEADERS_DIR = $(SOURCE_XP_DIR)/public/$(MODULE) -SOURCE_XPPRIVATE_DIR = $(SOURCE_XP_DIR)/private/$(MODULE) - -ifdef BUILD_OPT - IMPORT_XPCLASS_DIR = $(SOURCE_CLASSES_DIR) -else - IMPORT_XPCLASS_DIR = $(SOURCE_CLASSES_DBG_DIR) -endif - -# -# <user_source_tree> machine-dependent (md) master import/export directory -# - -SOURCE_MD_DIR = $(SOURCE_PREFIX)/$(PLATFORM) - -# -# <user_source_tree> machine-dependent (md) import/export directories -# - -SOURCE_BIN_DIR = $(SOURCE_MD_DIR)/bin -SOURCE_LIB_DIR = $(SOURCE_MD_DIR)/lib -SOURCE_MDHEADERS_DIR = $(SOURCE_MD_DIR)/include - -####################################################################### -# Master <component>-specific source release directories and files # -####################################################################### - -# -# <user_source_tree> source-side master release directory prefix -# NOTE: export control policy enforced for XP and MD files released to -# the staging area -# - -ifeq ($(POLICY), domestic) - SOURCE_RELEASE_PREFIX = $(SOURCE_PREFIX)/release/domestic -else - ifeq ($(POLICY), export) - SOURCE_RELEASE_PREFIX = $(SOURCE_PREFIX)/release/export - else - ifeq ($(POLICY), france) - SOURCE_RELEASE_PREFIX = $(SOURCE_PREFIX)/release/france - else -#We shouldn't have to put another directory under here, but without it the perl -#script for releasing doesn't find the directory. It thinks it doesn't exist. -#So we're adding this no-policy directory so that the script for releasing works -#in all casese when policy is not set. This doesn't affect where the final jar -#files land, only where they are placed in the local tree when building the jar -#files. When there is no policy, the jar files will still land in -#<dist>/<module>/<date>/<platform> like they used to. - SOURCE_RELEASE_PREFIX = $(SOURCE_PREFIX)/release/no-policy - endif - endif -endif - -# -# <user_source_tree> cross-platform (xp) source-side master release directory -# - -SOURCE_RELEASE_XP_DIR = $(SOURCE_RELEASE_PREFIX) - -# -# <user_source_tree> cross-platform (xp) source-side release directories -# - -SOURCE_RELEASE_CLASSES_DIR = classes -SOURCE_RELEASE_CLASSES_DBG_DIR = classes_DBG -SOURCE_RELEASE_XPHEADERS_DIR = include - -# -# <user_source_tree> cross-platform (xp) JAR source-side release files -# - -XPCLASS_JAR = xpclass.jar -XPCLASS_DBG_JAR = xpclass_dbg.jar -XPHEADER_JAR = xpheader.jar - -ifdef BUILD_OPT - IMPORT_XPCLASS_JAR = $(XPCLASS_JAR) -else - IMPORT_XPCLASS_JAR = $(XPCLASS_DBG_JAR) -endif - -# -# <user_source_tree> machine-dependent (md) source-side master release directory -# - -SOURCE_RELEASE_MD_DIR = $(PLATFORM) - -# -# <user_source_tree> machine-dependent (md) source-side release directories -# - -SOURCE_RELEASE_BIN_DIR = $(PLATFORM)/bin -SOURCE_RELEASE_LIB_DIR = $(PLATFORM)/lib -SOURCE_RELEASE_MDHEADERS_DIR = $(PLATFORM)/include -SOURCE_RELEASE_SPEC_DIR = $(SOURCE_RELEASE_MD_DIR) - -# -# <user_source_tree> machine-dependent (md) JAR/tar source-side release files -# - -MDBINARY_JAR = mdbinary.jar -MDHEADER_JAR = mdheader.jar - - -# Where to put the results - -ifneq ($(RESULTS_DIR),) - RESULTS_DIR = $(RELEASE_TREE)/sectools/results -endif - diff --git a/security/coreconf/suffix.mk b/security/coreconf/suffix.mk deleted file mode 100644 index 9c741cce1..000000000 --- a/security/coreconf/suffix.mk +++ /dev/null @@ -1,140 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -####################################################################### -# Master "Core Components" suffixes # -####################################################################### - -# -# Object suffixes -# - -ifndef OBJ_SUFFIX - ifeq ($(OS_ARCH), WINNT) - OBJ_SUFFIX = .obj - else - ifeq ($(OS_ARCH), OS2) - OBJ_SUFFIX = .obj - else - OBJ_SUFFIX = .o - endif - endif -endif - -# -# Assembler source suffixes -# - -ifndef ASM_SUFFIX - ifeq ($(OS_ARCH), WINNT) - ASM_SUFFIX = .asm - else - ASM_SUFFIX = .s - endif -endif - -# -# Library suffixes -# - -STATIC_LIB_EXTENSION = - -ifndef DYNAMIC_LIB_EXTENSION - ifeq ($(OS_ARCH)$(OS_RELEASE), AIX4.1) - DYNAMIC_LIB_EXTENSION = _shr - else - DYNAMIC_LIB_EXTENSION = - endif -endif - - -ifndef STATIC_LIB_SUFFIX - STATIC_LIB_SUFFIX = .$(LIB_SUFFIX) -endif - - -ifndef DYNAMIC_LIB_SUFFIX - DYNAMIC_LIB_SUFFIX = .$(DLL_SUFFIX) -endif - - -ifndef IMPORT_LIB_SUFFIX - ifeq ($(OS_ARCH), WINNT) - IMPORT_LIB_SUFFIX = .$(LIB_SUFFIX) - else - IMPORT_LIB_SUFFIX = - endif -endif - - -ifndef PURE_LIB_SUFFIX - ifeq ($(OS_ARCH), WINNT) - PURE_LIB_SUFFIX = - else - ifdef DSO_BACKEND - PURE_LIB_SUFFIX = .$(DLL_SUFFIX) - else - PURE_LIB_SUFFIX = .$(LIB_SUFFIX) - endif - endif -endif - - -ifndef STATIC_LIB_SUFFIX_FOR_LINKING - STATIC_LIB_SUFFIX_FOR_LINKING = $(STATIC_LIB_SUFFIX) -endif - - -ifndef DYNAMIC_LIB_SUFFIX_FOR_LINKING - ifeq ($(OS_ARCH), WINNT) - DYNAMIC_LIB_SUFFIX_FOR_LINKING = $(IMPORT_LIB_SUFFIX) - else - DYNAMIC_LIB_SUFFIX_FOR_LINKING = $(DYNAMIC_LIB_SUFFIX) - endif -endif - -# -# Program suffixes -# - -ifndef PROG_SUFFIX - ifeq ($(OS_ARCH), WINNT) - PROG_SUFFIX = .exe - else - ifeq ($(OS_ARCH), OS2) - PROG_SUFFIX = .exe - else - PROG_SUFFIX = - endif - endif -endif diff --git a/security/coreconf/version.mk b/security/coreconf/version.mk deleted file mode 100644 index b2a55d180..000000000 --- a/security/coreconf/version.mk +++ /dev/null @@ -1,103 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -####################################################################### -# Build master "Core Components" release version directory name # -####################################################################### - -# -# Always set CURRENT_VERSION_SYMLINK to the <current> symbolic link. -# - -CURRENT_VERSION_SYMLINK = current - - -# -# For the sake of backwards compatibility (*sigh*) ... -# - -ifndef VERSION - ifdef BUILD_NUM - VERSION = $(BUILD_NUM) - endif -endif - -ifndef RELEASE_VERSION - ifdef BUILD_NUM - RELEASE_VERSION = $(BUILD_NUM) - endif -endif - -# -# If VERSION has still NOT been set on the command line, -# as an environment variable, by the individual Makefile, or -# by the <component>-specific "version.mk" file, set VERSION equal -# to $(CURRENT_VERSION_SYMLINK). - -ifndef VERSION - VERSION = $(CURRENT_VERSION_SYMLINK) -endif - -# If RELEASE_VERSION has still NOT been set on the command line, -# as an environment variable, by the individual Makefile, or -# by the <component>-specific "version.mk" file, automatically -# generate the next available version number via a perl script. -# - -ifndef RELEASE_VERSION - RELEASE_VERSION = -endif - -# -# Set <component>-specific versions for compiliation and linkage. -# - -ifndef JAVA_VERSION - JAVA_VERSION = $(CURRENT_VERSION_SYMLINK) -endif - -ifndef NETLIB_VERSION - NETLIB_VERSION = $(CURRENT_VERSION_SYMLINK) -endif - -ifndef NSPR_VERSION - NSPR_VERSION = $(CURRENT_VERSION_SYMLINK) -endif - -ifndef SECTOOLS_VERSION - SECTOOLS_VERSION = $(CURRENT_VERSION_SYMLINK) -endif - -ifndef SECURITY_VERSION - SECURITY_VERSION = $(CURRENT_VERSION_SYMLINK) -endif diff --git a/security/coreconf/version.pl b/security/coreconf/version.pl deleted file mode 100644 index 47a71395b..000000000 --- a/security/coreconf/version.pl +++ /dev/null @@ -1,76 +0,0 @@ -#!/usr/sbin/perl -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -# Compose lowercase alphabet -@alphabet = ( "a", "b", "c", "d", "e", "f", "g", "h", - "i", "j", "k", "l", "m", "n", "o", "p", - "q", "r", "s", "t", "u", "v", "w", "x", - "y", "z" ); - -# Compute year -$year = (localtime)[5] + 1900; - -# Compute month -$month = (localtime)[4] + 1; - -# Compute day -$day = (localtime)[3]; - -# Compute base build number -$version = sprintf( "%d%02d%02d", $year, $month, $day ); -$directory = sprintf( "%s\/%s\/%d%02d%02d", $ARGV[0], $ARGV[1], $year, $month, $day ); - -# Print out the name of the first version directory which does not exist -#if( ! -e $directory ) -#{ - print $version; -#} -#else -#{ -# # Loop through combinations -# foreach $ch1 (@alphabet) -# { -# foreach $ch2 (@alphabet) -# { -# $version = sprintf( "%d%02d%02d%s%s", $year, $month, $day, $ch1, $ch2 ); -# $directory = sprintf( "%s\/%s\/%d%02d%02d%s%s", $ARGV[0], $ARGV[1], $year, $month, $day, $ch1, $ch2 ); -# if( ! -e $directory ) -# { -# print STDOUT $version; -# exit; -# } -# } -# } -#} - diff --git a/security/nss/cmd/modutil/Makefile b/security/nss/cmd/modutil/Makefile new file mode 100644 index 000000000..5f4321fec --- /dev/null +++ b/security/nss/cmd/modutil/Makefile @@ -0,0 +1,85 @@ +#! gmake +# +# The contents of this file are subject to the Mozilla Public +# License Version 1.1 (the "License"); you may not use this file +# except in compliance with the License. You may obtain a copy of +# the License at http://www.mozilla.org/MPL/ +# +# Software distributed under the License is distributed on an "AS +# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or +# implied. See the License for the specific language governing +# rights and limitations under the License. +# +# The Original Code is the Netscape security libraries. +# +# The Initial Developer of the Original Code is Netscape +# Communications Corporation. Portions created by Netscape are +# Copyright (C) 1994-2000 Netscape Communications Corporation. All +# Rights Reserved. +# +# Contributor(s): +# +# Alternatively, the contents of this file may be used under the +# terms of the GNU General Public License Version 2 or later (the +# "GPL"), in which case the provisions of the GPL are applicable +# instead of those above. If you wish to allow use of your +# version of this file only under the terms of the GPL and not to +# allow others to use your version of this file under the MPL, +# indicate your decision by deleting the provisions above and +# replace them with the notice and other provisions required by +# the GPL. If you do not delete the provisions above, a recipient +# may use your version of this file under either the MPL or the +# GPL. +# + +####################################################################### +# (1) Include initial platform-independent assignments (MANDATORY). # +####################################################################### + +include manifest.mn + +####################################################################### +# (2) Include "global" configuration information. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/config.mk + +####################################################################### +# (3) Include "component" configuration information. (OPTIONAL) # +####################################################################### + +####################################################################### +# (4) Include "local" platform-dependent assignments (OPTIONAL). # +####################################################################### +include ../platlibs.mk + +####################################################################### +# (5) Execute "global" rules. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/rules.mk + +####################################################################### +# (6) Execute "component" rules. (OPTIONAL) # +####################################################################### + + + +####################################################################### +# (7) Execute "local" rules. (OPTIONAL). # +####################################################################### + + +include ../platrules.mk + +ifeq ($(OS_ARCH), WINNT) +installparse.c: installparse.y + yacc -d installparse.y + mv ytab.c installparse.c + mv ytab.h installparse.h +else +installparse.c: installparse.y + yacc -d installparse.y + mv y.tab.c installparse.c + mv y.tab.h installparse.h +endif diff --git a/security/nss/cmd/modutil/installparse.c b/security/nss/cmd/modutil/installparse.c new file mode 100644 index 000000000..5afa19ba6 --- /dev/null +++ b/security/nss/cmd/modutil/installparse.c @@ -0,0 +1,745 @@ + +# line 37 "installparse.y" + +#define yyparse Pk11Install_yyparse +#define yylex Pk11Install_yylex +#define yyerror Pk11Install_yyerror +#define yychar Pk11Install_yychar +#define yyval Pk11Install_yyval +#define yylval Pk11Install_yylval +#define yydebug Pk11Install_yydebug +#define yynerrs Pk11Install_yynerrs +#define yyerrflag Pk11Install_yyerrflag +#define yyss Pk11Install_yyss +#define yyssp Pk11Install_yyssp +#define yyvs Pk11Install_yyvs +#define yyvsp Pk11Install_yyvsp +#define yylhs Pk11Install_yylhs +#define yylen Pk11Install_yylen +#define yydefred Pk11Install_yydefred +#define yydgoto Pk11Install_yydgoto +#define yysindex Pk11Install_yysindex +#define yyrindex Pk11Install_yyrindex +#define yygindex Pk11Install_yygindex +#define yytable Pk11Install_yytable +#define yycheck Pk11Install_yycheck +#define yyname Pk11Install_yyname +#define yyrule Pk11Install_yyrule + +/* C Stuff */ +#include "install-ds.h" +#include <prprf.h> + +#define YYSTYPE Pk11Install_Pointer +extern char *Pk11Install_yytext; +char *Pk11Install_yyerrstr=NULL; + +# define OPENBRACE 257 +# define CLOSEBRACE 258 +# define STRING 259 + +#ifdef __STDC__ +#include <stdlib.h> +#include <string.h> +#else +#include <malloc.h> +#include <memory.h> +#endif + +#include <values.h> + +#ifdef __cplusplus + +#ifndef yyerror + void yyerror(const char *); +#endif + +#ifndef yylex +#ifdef __EXTERN_C__ + extern "C" { int yylex(void); } +#else + int yylex(void); +#endif +#endif + int yyparse(void); + +#endif +#define yyclearin yychar = -1 +#define yyerrok yyerrflag = 0 +extern int yychar; +extern int yyerrflag; +#ifndef YYSTYPE +#define YYSTYPE int +#endif +YYSTYPE yylval; +YYSTYPE yyval; +typedef int yytabelem; +#ifndef YYMAXDEPTH +#define YYMAXDEPTH 150 +#endif +#if YYMAXDEPTH > 0 +int yy_yys[YYMAXDEPTH], *yys = yy_yys; +YYSTYPE yy_yyv[YYMAXDEPTH], *yyv = yy_yyv; +#else /* user does initial allocation */ +int *yys; +YYSTYPE *yyv; +#endif +static int yymaxdepth = YYMAXDEPTH; +# define YYERRCODE 256 + +# line 117 "installparse.y" + +/*----------------------- Program Section --------------------------------*/ + +/*************************************************************************/ +void +Pk11Install_yyerror(char *message) +{ + char *tmp; + if(Pk11Install_yyerrstr) { + tmp=PR_smprintf("%sline %d: %s\n", Pk11Install_yyerrstr, + Pk11Install_yylinenum, message); + PR_smprintf_free(Pk11Install_yyerrstr); + } else { + tmp = PR_smprintf("line %d: %s\n", Pk11Install_yylinenum, message); + } + Pk11Install_yyerrstr=tmp; +} +static const yytabelem yyexca[] ={ +-1, 1, + 0, -1, + -2, 0, +-1, 5, + 257, 7, + -2, 5, + }; +# define YYNPROD 8 +# define YYLAST 13 +static const yytabelem yyact[]={ + + 5, 10, 8, 2, 6, 4, 3, 7, 1, 0, + 0, 0, 9 }; +static const yytabelem yypact[]={ + + -259,-10000000,-10000000, -259,-10000000,-10000000, -255,-10000000, -259, -257, +-10000000 }; +static const yytabelem yypgo[]={ + + 0, 8, 3, 6, 5, 4 }; +static const yytabelem yyr1[]={ + + 0, 1, 2, 2, 3, 3, 4, 5 }; +static const yytabelem yyr2[]={ + + 0, 3, 5, 1, 3, 3, 9, 3 }; +static const yytabelem yychk[]={ + +-10000000, -1, -2, -3, -4, 259, -5, -2, 257, -2, + 258 }; +static const yytabelem yydef[]={ + + 3, -2, 1, 3, 4, -2, 0, 2, 3, 0, + 6 }; +typedef struct +#ifdef __cplusplus + yytoktype +#endif +{ char *t_name; int t_val; } yytoktype; +#ifndef YYDEBUG +# define YYDEBUG 0 /* don't allow debugging */ +#endif + +#if YYDEBUG + +yytoktype yytoks[] = +{ + "OPENBRACE", 257, + "CLOSEBRACE", 258, + "STRING", 259, + "-unknown-", -1 /* ends search */ +}; + +char * yyreds[] = +{ + "-no such reduction-", + "toplist : valuelist", + "valuelist : value valuelist", + "valuelist : /* empty */", + "value : key_value_pair", + "value : STRING", + "key_value_pair : key OPENBRACE valuelist CLOSEBRACE", + "key : STRING", +}; +#endif /* YYDEBUG */ +# line 1 "/usr/ccs/bin/yaccpar" +/* + * Copyright (c) 1993 by Sun Microsystems, Inc. + */ + +#pragma ident "@(#)yaccpar 6.14 97/01/16 SMI" + +/* +** Skeleton parser driver for yacc output +*/ + +/* +** yacc user known macros and defines +*/ +#define YYERROR goto yyerrlab +#define YYACCEPT return(0) +#define YYABORT return(1) +#define YYBACKUP( newtoken, newvalue )\ +{\ + if ( yychar >= 0 || ( yyr2[ yytmp ] >> 1 ) != 1 )\ + {\ + yyerror( "syntax error - cannot backup" );\ + goto yyerrlab;\ + }\ + yychar = newtoken;\ + yystate = *yyps;\ + yylval = newvalue;\ + goto yynewstate;\ +} +#define YYRECOVERING() (!!yyerrflag) +#define YYNEW(type) malloc(sizeof(type) * yynewmax) +#define YYCOPY(to, from, type) \ + (type *) memcpy(to, (char *) from, yymaxdepth * sizeof (type)) +#define YYENLARGE( from, type) \ + (type *) realloc((char *) from, yynewmax * sizeof(type)) +#ifndef YYDEBUG +# define YYDEBUG 1 /* make debugging available */ +#endif + +/* +** user known globals +*/ +int yydebug; /* set to 1 to get debugging */ + +/* +** driver internal defines +*/ +#define YYFLAG (-10000000) + +/* +** global variables used by the parser +*/ +YYSTYPE *yypv; /* top of value stack */ +int *yyps; /* top of state stack */ + +int yystate; /* current state */ +int yytmp; /* extra var (lasts between blocks) */ + +int yynerrs; /* number of errors */ +int yyerrflag; /* error recovery flag */ +int yychar; /* current input token number */ + + + +#ifdef YYNMBCHARS +#define YYLEX() yycvtok(yylex()) +/* +** yycvtok - return a token if i is a wchar_t value that exceeds 255. +** If i<255, i itself is the token. If i>255 but the neither +** of the 30th or 31st bit is on, i is already a token. +*/ +#if defined(__STDC__) || defined(__cplusplus) +int yycvtok(int i) +#else +int yycvtok(i) int i; +#endif +{ + int first = 0; + int last = YYNMBCHARS - 1; + int mid; + wchar_t j; + + if(i&0x60000000){/*Must convert to a token. */ + if( yymbchars[last].character < i ){ + return i;/*Giving up*/ + } + while ((last>=first)&&(first>=0)) {/*Binary search loop*/ + mid = (first+last)/2; + j = yymbchars[mid].character; + if( j==i ){/*Found*/ + return yymbchars[mid].tvalue; + }else if( j<i ){ + first = mid + 1; + }else{ + last = mid -1; + } + } + /*No entry in the table.*/ + return i;/* Giving up.*/ + }else{/* i is already a token. */ + return i; + } +} +#else/*!YYNMBCHARS*/ +#define YYLEX() yylex() +#endif/*!YYNMBCHARS*/ + +/* +** yyparse - return 0 if worked, 1 if syntax error not recovered from +*/ +#if defined(__STDC__) || defined(__cplusplus) +int yyparse(void) +#else +int yyparse() +#endif +{ + register YYSTYPE *yypvt = 0; /* top of value stack for $vars */ + +#if defined(__cplusplus) || defined(lint) +/* + hacks to please C++ and lint - goto's inside + switch should never be executed +*/ + static int __yaccpar_lint_hack__ = 0; + switch (__yaccpar_lint_hack__) + { + case 1: goto yyerrlab; + case 2: goto yynewstate; + } +#endif + + /* + ** Initialize externals - yyparse may be called more than once + */ + yypv = &yyv[-1]; + yyps = &yys[-1]; + yystate = 0; + yytmp = 0; + yynerrs = 0; + yyerrflag = 0; + yychar = -1; + +#if YYMAXDEPTH <= 0 + if (yymaxdepth <= 0) + { + if ((yymaxdepth = YYEXPAND(0)) <= 0) + { + yyerror("yacc initialization error"); + YYABORT; + } + } +#endif + + { + register YYSTYPE *yy_pv; /* top of value stack */ + register int *yy_ps; /* top of state stack */ + register int yy_state; /* current state */ + register int yy_n; /* internal state number info */ + goto yystack; /* moved from 6 lines above to here to please C++ */ + + /* + ** get globals into registers. + ** branch to here only if YYBACKUP was called. + */ + yynewstate: + yy_pv = yypv; + yy_ps = yyps; + yy_state = yystate; + goto yy_newstate; + + /* + ** get globals into registers. + ** either we just started, or we just finished a reduction + */ + yystack: + yy_pv = yypv; + yy_ps = yyps; + yy_state = yystate; + + /* + ** top of for (;;) loop while no reductions done + */ + yy_stack: + /* + ** put a state and value onto the stacks + */ +#if YYDEBUG + /* + ** if debugging, look up token value in list of value vs. + ** name pairs. 0 and negative (-1) are special values. + ** Note: linear search is used since time is not a real + ** consideration while debugging. + */ + if ( yydebug ) + { + register int yy_i; + + printf( "State %d, token ", yy_state ); + if ( yychar == 0 ) + printf( "end-of-file\n" ); + else if ( yychar < 0 ) + printf( "-none-\n" ); + else + { + for ( yy_i = 0; yytoks[yy_i].t_val >= 0; + yy_i++ ) + { + if ( yytoks[yy_i].t_val == yychar ) + break; + } + printf( "%s\n", yytoks[yy_i].t_name ); + } + } +#endif /* YYDEBUG */ + if ( ++yy_ps >= &yys[ yymaxdepth ] ) /* room on stack? */ + { + /* + ** reallocate and recover. Note that pointers + ** have to be reset, or bad things will happen + */ + int yyps_index = (yy_ps - yys); + int yypv_index = (yy_pv - yyv); + int yypvt_index = (yypvt - yyv); + int yynewmax; +#ifdef YYEXPAND + yynewmax = YYEXPAND(yymaxdepth); +#else + yynewmax = 2 * yymaxdepth; /* double table size */ + if (yymaxdepth == YYMAXDEPTH) /* first time growth */ + { + char *newyys = (char *)YYNEW(int); + char *newyyv = (char *)YYNEW(YYSTYPE); + if (newyys != 0 && newyyv != 0) + { + yys = YYCOPY(newyys, yys, int); + yyv = YYCOPY(newyyv, yyv, YYSTYPE); + } + else + yynewmax = 0; /* failed */ + } + else /* not first time */ + { + yys = YYENLARGE(yys, int); + yyv = YYENLARGE(yyv, YYSTYPE); + if (yys == 0 || yyv == 0) + yynewmax = 0; /* failed */ + } +#endif + if (yynewmax <= yymaxdepth) /* tables not expanded */ + { + yyerror( "yacc stack overflow" ); + YYABORT; + } + yymaxdepth = yynewmax; + + yy_ps = yys + yyps_index; + yy_pv = yyv + yypv_index; + yypvt = yyv + yypvt_index; + } + *yy_ps = yy_state; + *++yy_pv = yyval; + + /* + ** we have a new state - find out what to do + */ + yy_newstate: + if ( ( yy_n = yypact[ yy_state ] ) <= YYFLAG ) + goto yydefault; /* simple state */ +#if YYDEBUG + /* + ** if debugging, need to mark whether new token grabbed + */ + yytmp = yychar < 0; +#endif + if ( ( yychar < 0 ) && ( ( yychar = YYLEX() ) < 0 ) ) + yychar = 0; /* reached EOF */ +#if YYDEBUG + if ( yydebug && yytmp ) + { + register int yy_i; + + printf( "Received token " ); + if ( yychar == 0 ) + printf( "end-of-file\n" ); + else if ( yychar < 0 ) + printf( "-none-\n" ); + else + { + for ( yy_i = 0; yytoks[yy_i].t_val >= 0; + yy_i++ ) + { + if ( yytoks[yy_i].t_val == yychar ) + break; + } + printf( "%s\n", yytoks[yy_i].t_name ); + } + } +#endif /* YYDEBUG */ + if ( ( ( yy_n += yychar ) < 0 ) || ( yy_n >= YYLAST ) ) + goto yydefault; + if ( yychk[ yy_n = yyact[ yy_n ] ] == yychar ) /*valid shift*/ + { + yychar = -1; + yyval = yylval; + yy_state = yy_n; + if ( yyerrflag > 0 ) + yyerrflag--; + goto yy_stack; + } + + yydefault: + if ( ( yy_n = yydef[ yy_state ] ) == -2 ) + { +#if YYDEBUG + yytmp = yychar < 0; +#endif + if ( ( yychar < 0 ) && ( ( yychar = YYLEX() ) < 0 ) ) + yychar = 0; /* reached EOF */ +#if YYDEBUG + if ( yydebug && yytmp ) + { + register int yy_i; + + printf( "Received token " ); + if ( yychar == 0 ) + printf( "end-of-file\n" ); + else if ( yychar < 0 ) + printf( "-none-\n" ); + else + { + for ( yy_i = 0; + yytoks[yy_i].t_val >= 0; + yy_i++ ) + { + if ( yytoks[yy_i].t_val + == yychar ) + { + break; + } + } + printf( "%s\n", yytoks[yy_i].t_name ); + } + } +#endif /* YYDEBUG */ + /* + ** look through exception table + */ + { + register const int *yyxi = yyexca; + + while ( ( *yyxi != -1 ) || + ( yyxi[1] != yy_state ) ) + { + yyxi += 2; + } + while ( ( *(yyxi += 2) >= 0 ) && + ( *yyxi != yychar ) ) + ; + if ( ( yy_n = yyxi[1] ) < 0 ) + YYACCEPT; + } + } + + /* + ** check for syntax error + */ + if ( yy_n == 0 ) /* have an error */ + { + /* no worry about speed here! */ + switch ( yyerrflag ) + { + case 0: /* new error */ + yyerror( "syntax error" ); + goto skip_init; + yyerrlab: + /* + ** get globals into registers. + ** we have a user generated syntax type error + */ + yy_pv = yypv; + yy_ps = yyps; + yy_state = yystate; + skip_init: + yynerrs++; + /* FALLTHRU */ + case 1: + case 2: /* incompletely recovered error */ + /* try again... */ + yyerrflag = 3; + /* + ** find state where "error" is a legal + ** shift action + */ + while ( yy_ps >= yys ) + { + yy_n = yypact[ *yy_ps ] + YYERRCODE; + if ( yy_n >= 0 && yy_n < YYLAST && + yychk[yyact[yy_n]] == YYERRCODE) { + /* + ** simulate shift of "error" + */ + yy_state = yyact[ yy_n ]; + goto yy_stack; + } + /* + ** current state has no shift on + ** "error", pop stack + */ +#if YYDEBUG +# define _POP_ "Error recovery pops state %d, uncovers state %d\n" + if ( yydebug ) + printf( _POP_, *yy_ps, + yy_ps[-1] ); +# undef _POP_ +#endif + yy_ps--; + yy_pv--; + } + /* + ** there is no state on stack with "error" as + ** a valid shift. give up. + */ + YYABORT; + case 3: /* no shift yet; eat a token */ +#if YYDEBUG + /* + ** if debugging, look up token in list of + ** pairs. 0 and negative shouldn't occur, + ** but since timing doesn't matter when + ** debugging, it doesn't hurt to leave the + ** tests here. + */ + if ( yydebug ) + { + register int yy_i; + + printf( "Error recovery discards " ); + if ( yychar == 0 ) + printf( "token end-of-file\n" ); + else if ( yychar < 0 ) + printf( "token -none-\n" ); + else + { + for ( yy_i = 0; + yytoks[yy_i].t_val >= 0; + yy_i++ ) + { + if ( yytoks[yy_i].t_val + == yychar ) + { + break; + } + } + printf( "token %s\n", + yytoks[yy_i].t_name ); + } + } +#endif /* YYDEBUG */ + if ( yychar == 0 ) /* reached EOF. quit */ + YYABORT; + yychar = -1; + goto yy_newstate; + } + }/* end if ( yy_n == 0 ) */ + /* + ** reduction by production yy_n + ** put stack tops, etc. so things right after switch + */ +#if YYDEBUG + /* + ** if debugging, print the string that is the user's + ** specification of the reduction which is just about + ** to be done. + */ + if ( yydebug ) + printf( "Reduce by (%d) \"%s\"\n", + yy_n, yyreds[ yy_n ] ); +#endif + yytmp = yy_n; /* value to switch over */ + yypvt = yy_pv; /* $vars top of value stack */ + /* + ** Look in goto table for next state + ** Sorry about using yy_state here as temporary + ** register variable, but why not, if it works... + ** If yyr2[ yy_n ] doesn't have the low order bit + ** set, then there is no action to be done for + ** this reduction. So, no saving & unsaving of + ** registers done. The only difference between the + ** code just after the if and the body of the if is + ** the goto yy_stack in the body. This way the test + ** can be made before the choice of what to do is needed. + */ + { + /* length of production doubled with extra bit */ + register int yy_len = yyr2[ yy_n ]; + + if ( !( yy_len & 01 ) ) + { + yy_len >>= 1; + yyval = ( yy_pv -= yy_len )[1]; /* $$ = $1 */ + yy_state = yypgo[ yy_n = yyr1[ yy_n ] ] + + *( yy_ps -= yy_len ) + 1; + if ( yy_state >= YYLAST || + yychk[ yy_state = + yyact[ yy_state ] ] != -yy_n ) + { + yy_state = yyact[ yypgo[ yy_n ] ]; + } + goto yy_stack; + } + yy_len >>= 1; + yyval = ( yy_pv -= yy_len )[1]; /* $$ = $1 */ + yy_state = yypgo[ yy_n = yyr1[ yy_n ] ] + + *( yy_ps -= yy_len ) + 1; + if ( yy_state >= YYLAST || + yychk[ yy_state = yyact[ yy_state ] ] != -yy_n ) + { + yy_state = yyact[ yypgo[ yy_n ] ]; + } + } + /* save until reenter driver code */ + yystate = yy_state; + yyps = yy_ps; + yypv = yy_pv; + } + /* + ** code supplied by user is placed in this switch + */ + switch( yytmp ) + { + +case 1: +# line 84 "installparse.y" +{ + Pk11Install_valueList = yypvt[-0].list; +} break; +case 2: +# line 89 "installparse.y" +{ + Pk11Install_ValueList_AddItem(yypvt[-0].list,yypvt[-1].value); + yyval.list = yypvt[-0].list; +} break; +case 3: +# line 94 "installparse.y" +{ + yyval.list = Pk11Install_ValueList_new(); +} break; +case 4: +# line 99 "installparse.y" +{ + yyval.value= Pk11Install_Value_new(PAIR_VALUE,yypvt[-0]); +} break; +case 5: +# line 103 "installparse.y" +{ + yyval.value= Pk11Install_Value_new(STRING_VALUE, yypvt[-0]); +} break; +case 6: +# line 108 "installparse.y" +{ + yyval.pair = Pk11Install_Pair_new(yypvt[-3].string,yypvt[-1].list); +} break; +case 7: +# line 113 "installparse.y" +{ + yyval.string = yypvt[-0].string; +} break; +# line 531 "/usr/ccs/bin/yaccpar" + } + goto yystack; /* reset registers in driver code */ +} + diff --git a/security/nss/cmd/modutil/installparse.h b/security/nss/cmd/modutil/installparse.h new file mode 100644 index 000000000..f57ad8f55 --- /dev/null +++ b/security/nss/cmd/modutil/installparse.h @@ -0,0 +1,3 @@ +# define OPENBRACE 257 +# define CLOSEBRACE 258 +# define STRING 259 diff --git a/security/coreconf/SunOS5.5.1_i86pc.mk b/security/nss/cmd/modutil/rules.mk index 978286856..c22175ffd 100644 --- a/security/coreconf/SunOS5.5.1_i86pc.mk +++ b/security/nss/cmd/modutil/rules.mk @@ -1,4 +1,4 @@ -# +# # The contents of this file are subject to the Mozilla Public # License Version 1.1 (the "License"); you may not use this file # except in compliance with the License. You may obtain a copy of @@ -30,16 +30,17 @@ # may use your version of this file under either the MPL or the # GPL. # -# Config stuff for Solaris 2.5.1 on x86 -# -SOL_CFLAGS = -D_SVID_GETTOD +generate: installparse.c installparse.l -include $(CORE_DEPTH)/coreconf/SunOS5.mk +installparse.c: + yacc -p Pk11Install_yy -d installparse.y + mv y.tab.c installparse.c + mv y.tab.h installparse.h -CPU_ARCH = x86 -OS_DEFINES += -Di386 +installparse.l: + lex -olex.Pk11Install_yy.c -PPk11Install_yy installparse.l + @echo + @echo "**YOU MUST COMMENT OUT UNISTD.H FROM lex.Pk11Install_yy.cpp**" -ifeq ($(OS_RELEASE),5.5.1_i86pc) - OS_DEFINES += -DSOLARIS2_5 -endif +install.c: install-ds.h install.h diff --git a/security/nss/cmd/strsclnt/strsclnt.c b/security/nss/cmd/strsclnt/strsclnt.c new file mode 100644 index 000000000..059a0696e --- /dev/null +++ b/security/nss/cmd/strsclnt/strsclnt.c @@ -0,0 +1,1108 @@ +/* + * The contents of this file are subject to the Mozilla Public + * License Version 1.1 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a copy of + * the License at http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS + * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or + * implied. See the License for the specific language governing + * rights and limitations under the License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is Netscape + * Communications Corporation. Portions created by Netscape are + * Copyright (C) 1994-2000 Netscape Communications Corporation. All + * Rights Reserved. + * + * Contributor(s): + * + * Alternatively, the contents of this file may be used under the + * terms of the GNU General Public License Version 2 or later (the + * "GPL"), in which case the provisions of the GPL are applicable + * instead of those above. If you wish to allow use of your + * version of this file only under the terms of the GPL and not to + * allow others to use your version of this file under the MPL, + * indicate your decision by deleting the provisions above and + * replace them with the notice and other provisions required by + * the GPL. If you do not delete the provisions above, a recipient + * may use your version of this file under either the MPL or the + * GPL. + */ +#include <stdio.h> +#include <string.h> + +#include "secutil.h" + +#if defined(XP_UNIX) +#include <unistd.h> +#endif +#include <stdlib.h> +#include <errno.h> +#include <fcntl.h> +#include <stdarg.h> + +#include "plgetopt.h" + +#include "nspr.h" +#include "prio.h" +#include "prnetdb.h" +#include "prerror.h" + +#include "pk11func.h" +#include "secitem.h" +#include "sslproto.h" +#include "nss.h" +#include "ssl.h" + +#ifndef PORT_Sprintf +#define PORT_Sprintf sprintf +#endif + +#ifndef PORT_Strstr +#define PORT_Strstr strstr +#endif + +#ifndef PORT_Malloc +#define PORT_Malloc PR_Malloc +#endif + +#define RD_BUF_SIZE (60 * 1024) + +int cipherSuites[] = { + SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA, + SSL_FORTEZZA_DMS_WITH_RC4_128_SHA, + SSL_RSA_WITH_RC4_128_MD5, + SSL_RSA_WITH_3DES_EDE_CBC_SHA, + SSL_RSA_WITH_DES_CBC_SHA, + SSL_RSA_EXPORT_WITH_RC4_40_MD5, + SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, + SSL_FORTEZZA_DMS_WITH_NULL_SHA, + SSL_RSA_WITH_NULL_MD5, + 0 +}; + +/* Include these cipher suite arrays to re-use tstclnt's + * cipher selection code. + */ + +int ssl2CipherSuites[] = { + SSL_EN_RC4_128_WITH_MD5, /* A */ + SSL_EN_RC4_128_EXPORT40_WITH_MD5, /* B */ + SSL_EN_RC2_128_CBC_WITH_MD5, /* C */ + SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5, /* D */ + SSL_EN_DES_64_CBC_WITH_MD5, /* E */ + SSL_EN_DES_192_EDE3_CBC_WITH_MD5, /* F */ + 0 +}; + +int ssl3CipherSuites[] = { + SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA, /* a */ + SSL_FORTEZZA_DMS_WITH_RC4_128_SHA, /* b */ + SSL_RSA_WITH_RC4_128_MD5, /* c */ + SSL_RSA_WITH_3DES_EDE_CBC_SHA, /* d */ + SSL_RSA_WITH_DES_CBC_SHA, /* e */ + SSL_RSA_EXPORT_WITH_RC4_40_MD5, /* f */ + SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, /* g */ + SSL_FORTEZZA_DMS_WITH_NULL_SHA, /* h */ + SSL_RSA_WITH_NULL_MD5, /* i */ + SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, /* j */ + SSL_RSA_FIPS_WITH_DES_CBC_SHA, /* k */ + 0 +}; + +/* This global string is so that client main can see + * which ciphers to use. + */ + +char *cipherString; + +int MakeCertOK; + +void +disableSSL2Ciphers(void) +{ + int i; + + /* disable all the SSL2 cipher suites */ + for (i = 0; ssl2CipherSuites[i] != 0; ++i) { + SSL_EnableCipher(ssl2CipherSuites[i], SSL_NOT_ALLOWED); + } +} + +void +disableSSL3Ciphers(void) +{ + int i; + + /* disable all the SSL3 cipher suites */ + for (i = 0; ssl3CipherSuites[i] != 0; ++i) { + SSL_EnableCipher(ssl3CipherSuites[i], SSL_NOT_ALLOWED); + } +} + +char * ownPasswd( PK11SlotInfo *slot, PRBool retry, void *arg) +{ + char *passwd = NULL; + + if ( (!retry) && arg ) { + passwd = PL_strdup((char *)arg); + } + + return passwd; +} + +int stopping; +int verbose; +SECItem bigBuf; + +#define PRINTF if (verbose) printf +#define FPRINTF if (verbose) fprintf + +static void +Usage(const char *progName) +{ + fprintf(stderr, + "Usage: %s [-n rsa_nickname] [-p port] [-d dbdir] [-c connections]\n" + " [-v] [-f fortezza_nickname] [-2 filename]\n" + " [-w dbpasswd] [-C cipher(s)] hostname\n", + progName); + exit(1); +} + +static void +networkStart(void) +{ +#if defined(XP_WIN) && !defined(NSPR20) + + WORD wVersionRequested; + WSADATA wsaData; + int err; + wVersionRequested = MAKEWORD(1, 1); + + err = WSAStartup(wVersionRequested, &wsaData); + + if (err != 0) { + /* Tell the user that we couldn't find a useable winsock.dll. */ + fputs("WSAStartup failed!\n", stderr); + exit(1); + } + +/* Confirm that the Windows Sockets DLL supports 1.1.*/ +/* Note that if the DLL supports versions greater */ +/* than 1.1 in addition to 1.1, it will still return */ +/* 1.1 in wVersion since that is the version we */ +/* requested. */ + + if ( LOBYTE( wsaData.wVersion ) != 1 || + HIBYTE( wsaData.wVersion ) != 1 ) { + /* Tell the user that we couldn't find a useable winsock.dll. */ + fputs("wrong winsock version\n", stderr); + WSACleanup(); + exit(1); + } + /* The Windows Sockets DLL is acceptable. Proceed. */ + +#endif +} + +static void +networkEnd(void) +{ +#if defined(XP_WIN) && !defined(NSPR20) + WSACleanup(); +#endif +} + +static void +errWarn(char * funcString) +{ + PRErrorCode perr = PR_GetError(); + const char * errString = SECU_Strerror(perr); + + fprintf(stderr, "exit after %s with error %d:\n%s\n", + funcString, perr, errString); +} + +static void +errExit(char * funcString) +{ +#if defined (XP_WIN) && !defined(NSPR20) + int err; + LPVOID lpMsgBuf; + + err = WSAGetLastError(); + + FormatMessage( + FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM, + NULL, + err, + MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), // Default language + (LPTSTR) &lpMsgBuf, + 0, + NULL + ); + + /* Display the string. */ + /*MessageBox( NULL, lpMsgBuf, "GetLastError", MB_OK|MB_ICONINFORMATION ); */ + fprintf(stderr, "%s\n", lpMsgBuf); + + /* Free the buffer. */ + LocalFree( lpMsgBuf ); +#endif + + errWarn(funcString); + exit(1); +} + +/* This invokes the "default" AuthCert handler in libssl. +** The only reason to use this one is that it prints out info as it goes. +*/ +static int +mySSLAuthCertificate(void *arg, PRFileDesc *fd, PRBool checkSig, + PRBool isServer) +{ + SECStatus rv; + CERTCertificate * peerCert; + + peerCert = SSL_PeerCertificate(fd); + + PRINTF("Subject: %s\nIssuer : %s\n", + peerCert->subjectName, peerCert->issuerName); + /* invoke the "default" AuthCert handler. */ + rv = SSL_AuthCertificate(arg, fd, checkSig, isServer); + + if (rv == SECSuccess) { + fputs("-- SSL3: Server Certificate Validated.\n", stderr); + } + /* error, if any, will be displayed by the Bad Cert Handler. */ + return rv; +} + +static int /* should be SECStatus but public prototype says int. */ +myBadCertHandler( void *arg, PRFileDesc *fd) +{ + int err = PR_GetError(); + fprintf(stderr, "-- SSL: Server Certificate Invalid, err %d.\n%s\n", + err, SECU_Strerror(err)); + return (MakeCertOK ? SECSuccess : SECFailure); +} + +/* statistics from ssl3_SendClientHello (sch) */ +extern long ssl3_sch_sid_cache_hits; +extern long ssl3_sch_sid_cache_misses; +extern long ssl3_sch_sid_cache_not_ok; + +/* statistics from ssl3_HandleServerHello (hsh) */ +extern long ssl3_hsh_sid_cache_hits; +extern long ssl3_hsh_sid_cache_misses; +extern long ssl3_hsh_sid_cache_not_ok; + +/* statistics from ssl3_HandleClientHello (hch) */ +extern long ssl3_hch_sid_cache_hits; +extern long ssl3_hch_sid_cache_misses; +extern long ssl3_hch_sid_cache_not_ok; + +void +printSecurityInfo(PRFileDesc *fd) +{ + char * cp; /* bulk cipher name */ + char * ip; /* cert issuer DN */ + char * sp; /* cert subject DN */ + int op; /* High, Low, Off */ + int kp0; /* total key bits */ + int kp1; /* secret key bits */ + int result; + + static int only_once; + + if (! only_once++ && fd) { + result = SSL_SecurityStatus(fd, &op, &cp, &kp0, &kp1, &ip, &sp); + if (result != SECSuccess) + return; +#if 0 + PRINTF("bulk cipher %s, %d secret key bits, %d key bits, status: %d\n" + "subject DN: %s\n" + "issuer DN: %s\n", cp, kp1, kp0, op, sp, ip); +#else + PRINTF("bulk cipher %s, %d secret key bits, %d key bits, status: %d\n", + cp, kp1, kp0, op, sp, ip); +#endif + PR_Free(cp); + PR_Free(ip); + PR_Free(sp); + } + + PRINTF("%ld cache hits; %ld cache misses, %ld cache not reusable\n", + ssl3_hsh_sid_cache_hits, + ssl3_hsh_sid_cache_misses, + ssl3_hsh_sid_cache_not_ok); + +} + +/************************************************************************** +** Begin thread management routines and data. +**************************************************************************/ + +#define MAX_THREADS 32 + +typedef int startFn(void *a, void *b, int c); + +PRLock * threadLock; +PRCondVar * threadStartQ; +PRCondVar * threadEndQ; + +int numUsed; +int numRunning; + +typedef enum { rs_idle = 0, rs_running = 1, rs_zombie = 2 } runState; + +typedef struct perThreadStr { + void * a; + void * b; + int c; + int rv; + startFn * startFunc; + PRThread * prThread; + PRBool inUse; + runState running; +} perThread; + +perThread threads[MAX_THREADS]; + +void +thread_wrapper(void * arg) +{ + perThread * slot = (perThread *)arg; + + /* wait for parent to finish launching us before proceeding. */ + PR_Lock(threadLock); + PR_Unlock(threadLock); + + slot->rv = (* slot->startFunc)(slot->a, slot->b, slot->c); + + /* Handle cleanup of thread here. */ + PRINTF("Thread in slot %d returned %d\n", slot - threads, slot->rv); + + PR_Lock(threadLock); + slot->running = rs_idle; + --numRunning; + + /* notify the thread launcher. */ + PR_NotifyCondVar(threadStartQ); + + PR_Unlock(threadLock); +} + +SECStatus +launch_thread( + startFn * startFunc, + void * a, + void * b, + int c) +{ + perThread * slot; + int i; + + if (!threadStartQ) { + threadLock = PR_NewLock(); + threadStartQ = PR_NewCondVar(threadLock); + threadEndQ = PR_NewCondVar(threadLock); + } + PR_Lock(threadLock); + while (numRunning >= MAX_THREADS) { + PR_WaitCondVar(threadStartQ, PR_INTERVAL_NO_TIMEOUT); + } + for (i = 0; i < numUsed; ++i) { + slot = threads + i; + if (slot->running == rs_idle) + break; + } + if (i >= numUsed) { + if (i >= MAX_THREADS) { + /* something's really wrong here. */ + PORT_Assert(i < MAX_THREADS); + PR_Unlock(threadLock); + return SECFailure; + } + ++numUsed; + PORT_Assert(numUsed == i + 1); + slot = threads + i; + } + + slot->a = a; + slot->b = b; + slot->c = c; + + slot->startFunc = startFunc; + + slot->prThread = PR_CreateThread(PR_USER_THREAD, + thread_wrapper, slot, + PR_PRIORITY_NORMAL, PR_GLOBAL_THREAD, + PR_UNJOINABLE_THREAD, 0); + if (slot->prThread == NULL) { + PR_Unlock(threadLock); + printf("Failed to launch thread!\n"); + return SECFailure; + } + + slot->inUse = 1; + slot->running = 1; + ++numRunning; + PR_Unlock(threadLock); + PRINTF("Launched thread in slot %d \n", i); + + return SECSuccess; +} + +/* Wait until num_running == 0 */ +int +reap_threads(void) +{ + perThread * slot; + int i; + + if (!threadLock) + return 0; + PR_Lock(threadLock); + while (numRunning > 0) { + PR_WaitCondVar(threadStartQ, PR_INTERVAL_NO_TIMEOUT); + } + + /* Safety Sam sez: make sure count is right. */ + for (i = 0; i < numUsed; ++i) { + slot = threads + i; + if (slot->running != rs_idle) { + FPRINTF(stderr, "Thread in slot %d is in state %d!\n", + i, slot->running); + } + } + PR_Unlock(threadLock); + return 0; +} + +void +destroy_thread_data(void) +{ + PORT_Memset(threads, 0, sizeof threads); + + if (threadEndQ) { + PR_DestroyCondVar(threadEndQ); + threadEndQ = NULL; + } + if (threadStartQ) { + PR_DestroyCondVar(threadStartQ); + threadStartQ = NULL; + } + if (threadLock) { + PR_DestroyLock(threadLock); + threadLock = NULL; + } +} + +/************************************************************************** +** End thread management routines. +**************************************************************************/ + +PRBool useModelSocket = PR_TRUE; + +static const char stopCmd[] = { "GET /stop " }; +static const char outHeader[] = { + "HTTP/1.0 200 OK\r\n" + "Server: Netscape-Enterprise/2.0a\r\n" + "Date: Tue, 26 Aug 1997 22:10:05 GMT\r\n" + "Content-type: text/plain\r\n" + "\r\n" +}; + +struct lockedVarsStr { + PRLock * lock; + int count; + int waiters; + PRCondVar * condVar; +}; + +typedef struct lockedVarsStr lockedVars; + +void +lockedVars_Init( lockedVars * lv) +{ + lv->count = 0; + lv->waiters = 0; + lv->lock = PR_NewLock(); + lv->condVar = PR_NewCondVar(lv->lock); +} + +void +lockedVars_Destroy( lockedVars * lv) +{ + PR_DestroyCondVar(lv->condVar); + lv->condVar = NULL; + + PR_DestroyLock(lv->lock); + lv->lock = NULL; +} + +void +lockedVars_WaitForDone(lockedVars * lv) +{ + PR_Lock(lv->lock); + while (lv->count > 0) { + PR_WaitCondVar(lv->condVar, PR_INTERVAL_NO_TIMEOUT); + } + PR_Unlock(lv->lock); +} + +int /* returns count */ +lockedVars_AddToCount(lockedVars * lv, int addend) +{ + int rv; + + PR_Lock(lv->lock); + rv = lv->count += addend; + if (rv <= 0) { + PR_NotifyCondVar(lv->condVar); + } + PR_Unlock(lv->lock); + return rv; +} + +int +do_writes( + void * a, + void * b, + int c) +{ + PRFileDesc * ssl_sock = (PRFileDesc *)a; + lockedVars * lv = (lockedVars *)b; + int sent = 0; + int count = 0; + + while (sent < bigBuf.len) { + + count = PR_Write(ssl_sock, bigBuf.data + sent, bigBuf.len - sent); + if (count < 0) { + errWarn("PR_Write bigBuf"); + break; + } + FPRINTF(stderr, "PR_Write wrote %d bytes from bigBuf\n", count ); + sent += count; + } + if (count >= 0) { /* last write didn't fail. */ + PR_Shutdown(ssl_sock, PR_SHUTDOWN_SEND); + } + + /* notify the reader that we're done. */ + lockedVars_AddToCount(lv, -1); + return (sent < bigBuf.len) ? SECFailure : SECSuccess; +} + +int +handle_fdx_connection( PRFileDesc * ssl_sock, int connection) +{ + SECStatus result; + int firstTime = 1; + int countRead = 0; + lockedVars lv; + char *buf; + + + lockedVars_Init(&lv); + lockedVars_AddToCount(&lv, 1); + + /* Attempt to launch the writer thread. */ + result = launch_thread(do_writes, ssl_sock, &lv, connection); + + if (result != SECSuccess) + goto cleanup; + + buf = PR_Malloc(RD_BUF_SIZE); + + if (buf) { + do { + /* do reads here. */ + PRInt32 count; + + count = PR_Read(ssl_sock, buf, RD_BUF_SIZE); + if (count < 0) { + errWarn("PR_Read"); + break; + } + countRead += count; + FPRINTF(stderr, "connection %d read %d bytes (%d total).\n", + connection, count, countRead ); + if (firstTime) { + firstTime = 0; + printSecurityInfo(ssl_sock); + } + } while (lockedVars_AddToCount(&lv, 0) > 0); + PR_Free(buf); + buf = 0; + } + + /* Wait for writer to finish */ + lockedVars_WaitForDone(&lv); + lockedVars_Destroy(&lv); + + FPRINTF(stderr, + "connection %d read %d bytes total. -----------------------------\n", + connection, countRead); + +cleanup: + /* Caller closes the socket. */ + + return SECSuccess; +} + +const char request[] = {"GET /abc HTTP/1.0\r\n\r\n" }; + +SECStatus +handle_connection( PRFileDesc *ssl_sock, int connection) +{ + int countRead = 0; + PRInt32 rv; + char *buf; + + buf = PR_Malloc(RD_BUF_SIZE); + if (!buf) + return SECFailure; + + /* compose the http request here. */ + + rv = PR_Write(ssl_sock, request, strlen(request)); + if (rv <= 0) { + errWarn("PR_Write"); + PR_Free(buf); + buf = 0; + return SECFailure; + } + printSecurityInfo(ssl_sock); + + /* read until EOF */ + while (1) { + rv = PR_Read(ssl_sock, buf, RD_BUF_SIZE); + if (rv == 0) { + break; /* EOF */ + } + if (rv < 0) { + errWarn("PR_Read"); + break; + } + + countRead += rv; + FPRINTF(stderr, "connection %d read %d bytes (%d total).\n", + connection, rv, countRead ); + } + PR_Free(buf); + buf = 0; + + /* Caller closes the socket. */ + + FPRINTF(stderr, + "connection %d read %d bytes total. -----------------------------\n", + connection, countRead); + + return SECSuccess; /* success */ +} + +/* one copy of this function is launched in a separate thread for each +** connection to be made. +*/ +int +do_connects( + void * a, + void * b, + int connection) +{ + PRNetAddr * addr = (PRNetAddr *) a; + PRFileDesc * model_sock = (PRFileDesc *) b; + PRFileDesc * ssl_sock; + PRFileDesc * tcp_sock; + PRStatus prStatus; + SECStatus result; + int rv = SECSuccess; + PRSocketOptionData opt; + +retry: + + tcp_sock = PR_NewTCPSocket(); + if (tcp_sock == NULL) { + errExit("PR_NewTCPSocket"); + } + + opt.option = PR_SockOpt_Nonblocking; + opt.value.non_blocking = PR_FALSE; + prStatus = PR_SetSocketOption(tcp_sock, &opt); + if (prStatus != PR_SUCCESS) { + PR_Close(tcp_sock); + return SECSuccess; + } + + prStatus = PR_Connect(tcp_sock, addr, PR_INTERVAL_NO_TIMEOUT); + if (prStatus != PR_SUCCESS) { + PRErrorCode err = PR_GetError(); + if (err == PR_CONNECT_REFUSED_ERROR) { + PR_Close(tcp_sock); + PR_Sleep(PR_MillisecondsToInterval(10)); + goto retry; + } + errWarn("PR_Connect"); + goto done; + } + + ssl_sock = SSL_ImportFD(model_sock, tcp_sock); + /* XXX if this import fails, close tcp_sock and return. */ + if (!ssl_sock) { + PR_Close(tcp_sock); + return SECSuccess; + } + + rv = SSL_ResetHandshake(ssl_sock, /* asServer */ 0); + if (rv != SECSuccess) { + errWarn("SSL_ResetHandshake"); + goto done; + } + + if (bigBuf.data != NULL) { + result = handle_fdx_connection( ssl_sock, connection); + } else { + result = handle_connection( ssl_sock, connection); + } + +done: + PR_Close(ssl_sock); + return SECSuccess; +} + +/* Returns IP address for hostname as PRUint32 in Host Byte Order. +** Since the value returned is an integer (not a string of bytes), +** it is inherently in Host Byte Order. +*/ +PRUint32 +getIPAddress(const char * hostName) +{ + const unsigned char *p; + PRStatus prStatus; + PRUint32 rv; + PRHostEnt prHostEnt; + char scratch[PR_NETDB_BUF_SIZE]; + + prStatus = PR_GetHostByName(hostName, scratch, sizeof scratch, &prHostEnt); + if (prStatus != PR_SUCCESS) + errExit("PR_GetHostByName"); + +#undef h_addr +#define h_addr h_addr_list[0] /* address, for backward compatibility */ + + p = (const unsigned char *)(prHostEnt.h_addr); /* in Network Byte order */ + FPRINTF(stderr, "%s -> %d.%d.%d.%d\n", hostName, p[0], p[1], p[2], p[3]); + rv = (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]; + return rv; +} + +void +client_main( + unsigned short port, + int connections, + SECKEYPrivateKey ** privKey, + CERTCertificate ** cert, + const char * hostName, + char * nickName) +{ + PRFileDesc *model_sock = NULL; + int i; + int rv; + SECStatus secStatus; + PRUint32 ipAddress; /* in host byte order */ + PRNetAddr addr; + + networkStart(); + + /* Assemble NetAddr struct for connections. */ + ipAddress = getIPAddress(hostName); + + addr.inet.family = PR_AF_INET; + addr.inet.port = PR_htons(port); + addr.inet.ip = PR_htonl(ipAddress); + + /* all suites except RSA_NULL_MD5 are enabled by Domestic Policy */ + NSS_SetDomesticPolicy(); + +/* all the SSL2 and SSL3 cipher suites are enabled by default. */ + if (cipherString) { + int ndx; + + /* disable all the ciphers, then enable the ones we want. */ + disableSSL2Ciphers(); + disableSSL3Ciphers(); + + while (0 != (ndx = *cipherString++)) { + int *cptr; + int cipher; + + if (! isalpha(ndx)) + Usage("strsclnt"); + cptr = islower(ndx) ? ssl3CipherSuites : ssl2CipherSuites; + for (ndx &= 0x1f; (cipher = *cptr++) != 0 && --ndx > 0; ) + /* do nothing */; + if (cipher) { + SSL_EnableCipher(cipher, SSL_ALLOWED); + } + } + } + + /* configure model SSL socket. */ + + model_sock = PR_NewTCPSocket(); + if (model_sock == NULL) { + errExit("PR_NewTCPSocket on model socket"); + } + + model_sock = SSL_ImportFD(NULL, model_sock); + if (model_sock == NULL) { + errExit("SSL_ImportFD"); + } + + /* do SSL configuration. */ + + rv = SSL_Enable(model_sock, SSL_SECURITY, 1); + if (rv < 0) { + errExit("SSL_Enable SSL_SECURITY"); + } + + if (bigBuf.data) { /* doing FDX */ + rv = SSL_Enable(model_sock, SSL_ENABLE_FDX, 1); + if (rv < 0) { + errExit("SSL_Enable SSL_ENABLE_FDX"); + } + } + + SSL_SetURL(model_sock, hostName); + + SSL_AuthCertificateHook(model_sock, mySSLAuthCertificate, + (void *)CERT_GetDefaultCertDB()); + + SSL_BadCertHook(model_sock, myBadCertHandler, NULL); + + SSL_GetClientAuthDataHook(model_sock, NSS_GetClientAuthData, nickName); + + /* I'm not going to set the HandshakeCallback function. */ + + /* end of ssl configuration. */ + + rv = launch_thread(do_connects, &addr, model_sock, 1); + + if (connections > 1) { + /* wait for the first connection to terminate, then launch the rest. */ + reap_threads(); + /* Start up the connections */ + for (i = 2; i <= connections; ++i) { + + rv = launch_thread(do_connects, &addr, model_sock, i); + + } + } + + reap_threads(); + destroy_thread_data(); + + PR_Close(model_sock); + + networkEnd(); +} + +SECStatus +readBigFile(const char * fileName) +{ + PRFileInfo info; + PRStatus status; + SECStatus rv = SECFailure; + int count; + int hdrLen; + PRFileDesc *local_file_fd = NULL; + + status = PR_GetFileInfo(fileName, &info); + + if (status == PR_SUCCESS && + info.type == PR_FILE_FILE && + info.size > 0 && + NULL != (local_file_fd = PR_Open(fileName, PR_RDONLY, 0))) { + + hdrLen = PORT_Strlen(outHeader); + bigBuf.len = hdrLen + info.size; + bigBuf.data = PORT_Malloc(bigBuf.len + 4095); + if (!bigBuf.data) { + errWarn("PORT_Malloc"); + goto done; + } + + PORT_Memcpy(bigBuf.data, outHeader, hdrLen); + + count = PR_Read(local_file_fd, bigBuf.data + hdrLen, info.size); + if (count != info.size) { + errWarn("PR_Read local file"); + goto done; + } + rv = SECSuccess; +done: + PR_Close(local_file_fd); + } + return rv; +} + +int +main(int argc, char **argv) +{ + char * dir = "."; + char * fNickName = NULL; + char * fileName = NULL; + char * hostName = NULL; + char * nickName = NULL; + char * progName = NULL; + char * tmp = NULL; + CERTCertificate * cert [kt_kea_size] = { NULL }; + SECKEYPrivateKey * privKey[kt_kea_size] = { NULL }; + int optchar; + int connections = 1; + unsigned short port = 443; + SECStatus rv; + PRBool useCommandLinePasswd = PR_FALSE; + char * passwd = NULL; + PLOptState *optstate; + PLOptStatus status; + + /* Call the NSPR initialization routines */ + PR_Init( PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1); + + tmp = strrchr(argv[0], '/'); + tmp = tmp ? tmp + 1 : argv[0]; + progName = strrchr(tmp, '\\'); + progName = progName ? progName + 1 : tmp; + + + optstate = PL_CreateOptState(argc, argv, "2:C:c:d:f:n:op:vw:"); + while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) { + switch(optstate->option) { + + case '2': + fileName = optstate->value; + break; + case 'C': + cipherString = optstate->value; + break; + + case 'c': + connections = PORT_Atoi(optstate->value); + break; + + case 'd': + dir = optstate->value; + break; + + case 'f': + fNickName = optstate->value; + break; + + case 'n': + nickName = optstate->value; + break; + case 'o': + MakeCertOK = 1; + break; + + case 'p': + port = PORT_Atoi(optstate->value); + break; + + case 'v': + verbose++; + break; + case 'w': + passwd = optstate->value; + useCommandLinePasswd = PR_TRUE; + break; + case '\0': + hostName = PL_strdup(optstate->value); + break; + default: + case '?': + Usage(progName); + break; + + } + } + if (!hostName || status == PL_OPT_BAD) + Usage(progName); + + if (port == 0) + Usage(progName); + + if (fileName) + readBigFile(fileName); + + /* set our password function */ + if ( useCommandLinePasswd ) { + PK11_SetPasswordFunc(ownPasswd); + } else { + PK11_SetPasswordFunc(SECU_GetModulePassword); + } + + /* Call the libsec initialization routines */ + rv = NSS_Init(dir); + if (rv != SECSuccess) { + fputs("NSS_Init failed.\n", stderr); + exit(1); + } + + if (nickName) { + + if (useCommandLinePasswd) { + cert[kt_rsa] = PK11_FindCertFromNickname(nickName, passwd); + } else { + cert[kt_rsa] = PK11_FindCertFromNickname(nickName, NULL); + } + if (cert[kt_rsa] == NULL) { + fprintf(stderr, "Can't find certificate %s\n", nickName); + exit(1); + } + + if (useCommandLinePasswd) { + privKey[kt_rsa] = PK11_FindKeyByAnyCert(cert[kt_rsa], passwd); + } else { + privKey[kt_rsa] = PK11_FindKeyByAnyCert(cert[kt_rsa], NULL); + } + + if (privKey[kt_rsa] == NULL) { + fprintf(stderr, "Can't find Private Key for cert %s\n", nickName); + exit(1); + } + + } + if (fNickName) { + cert[kt_fortezza] = PK11_FindCertFromNickname(fNickName, NULL); + if (cert[kt_fortezza] == NULL) { + fprintf(stderr, "Can't find certificate %s\n", fNickName); + exit(1); + } + + privKey[kt_fortezza] = PK11_FindKeyByAnyCert(cert[kt_fortezza], NULL); + if (privKey[kt_fortezza] == NULL) { + fprintf(stderr, "Can't find Private Key for cert %s\n", fNickName); + exit(1); + } + } + + client_main(port, connections, privKey, cert, hostName, nickName); + + /* some final stats. */ + printf("%ld cache hits; %ld cache misses, %ld cache not reusable\n", + ssl3_hsh_sid_cache_hits, + ssl3_hsh_sid_cache_misses, + ssl3_hsh_sid_cache_not_ok); + + NSS_Shutdown(); + PR_Cleanup(); + return 0; +} + diff --git a/security/nss/lib/fortcrypt/genci.h b/security/nss/lib/fortcrypt/genci.h new file mode 100644 index 000000000..7868e1853 --- /dev/null +++ b/security/nss/lib/fortcrypt/genci.h @@ -0,0 +1,145 @@ +/* + * The contents of this file are subject to the Mozilla Public + * License Version 1.1 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a copy of + * the License at http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS + * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or + * implied. See the License for the specific language governing + * rights and limitations under the License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is Netscape + * Communications Corporation. Portions created by Netscape are + * Copyright (C) 1994-2000 Netscape Communications Corporation. All + * Rights Reserved. + * + * Contributor(s): + * + * Alternatively, the contents of this file may be used under the + * terms of the GNU General Public License Version 2 or later (the + * "GPL"), in which case the provisions of the GPL are applicable + * instead of those above. If you wish to allow use of your + * version of this file only under the terms of the GPL and not to + * allow others to use your version of this file under the MPL, + * indicate your decision by deleting the provisions above and + * replace them with the notice and other provisions required by + * the GPL. If you do not delete the provisions above, a recipient + * may use your version of this file under either the MPL or the + * GPL. + */ +/* + * the following header file switches between MACI and CI based on + * compile options. That lest the rest of the source code operate + * without change, even if it only suports CI_ calls, not MACI_ calls + */ +#ifndef _GENCI_H_ +#define _GENCI_H_ 1 +#include "seccomon.h" + +#if defined (XP_UNIX) || defined (XP_WIN32) + +/* + * On unix, NT, and Windows '95 we use full maci + */ +#include "maci.h" + +#define MACI_SEL(x) + +/* + * for sec-for.c + */ +#define CI_Initialize MACI_Initialize +#define CI_Terminate() { HSESSION hs;\ + MACI_GetSessionID(&hs);\ + MACI_Terminate(hs); } + +#else + +/* + * On Mac we use the original CI_LIB + */ +#include "cryptint.h" + +/* + * MACI specific values not defined for CI lib + */ +#define MACI_SESSION_EXCEEDED (-53) + +#ifndef HSESSION_DEFINE +typedef unsigned int HSESSION; +#define HSESSION_DEFINE +#endif + +/* + * Map MACI_ calls to CI_ calls. NOTE: this assumes the proper CI_Select + * calls are issued in the CI_ case + */ +#define MACI_ChangePIN(s,pin,old,new) CI_ChangePIN(pin,old,new) +#define MACI_CheckPIN(s,type,pin) CI_CheckPIN(type,pin) +#define MACI_Close(s,flag,socket) CI_Close(flag,socket) +#define MACI_Decrypt(s,size,in,out) CI_Decrypt(size,in,out) +#define MACI_DeleteCertificate(s,cert) CI_DeleteCertificate(cert) +#define MACI_DeleteKey(s,index) CI_DeleteKey(index) +#define MACI_Encrypt(s,size,in,out) CI_Encrypt(size,in,out) +#define MACI_ExtractX(s,cert,type,pass,ySize,y,x,Ra,pgSize,qSize,p,q,g) \ + CI_ExtractX(cert,type,pass,ySize,y,x,Ra,pgSize,qSize,p,q,g) +#define MACI_FirmwareUpdate(s,flags,Cksum,len,size,data) \ + CI_FirmwareUpdate(flags,Cksum,len,size,data) +#define MACI_GenerateIV(s,iv) CI_GenerateIV(iv) +#define MACI_GenerateMEK(s,index,res) CI_GenerateMEK(index,res) +#define MACI_GenerateRa(s,Ra) CI_GenerateRa(Ra) +#define MACI_GenerateRandom(s,ran) CI_GenerateRandom(ran) +#define MACI_GenerateTEK(s,flag,index,Ra,Rb,size,Y) \ + CI_GenerateTEK(flag,index,Ra,Rb,size,Y) +#define MACI_GenerateX(s,cert,type,pgSize,qSize,p,q,g,ySize,y) \ + CI_GenerateX(cert,type,pgSize,qSize,p,q,g,ySize,y) +#define MACI_GetCertificate(s,cert,val) CI_GetCertificate(cert,val) +#define MACI_GetConfiguration(s,config) CI_GetConfiguration(config) +#define MACI_GetHash(s,size,data,val) CI_GetHash(size,data,val) +#define MACI_GetPersonalityList(s,cnt,list) CI_GetPersonalityList(cnt,list) +#define MACI_GetSessionID(s) CI_OK +#define MACI_GetState(s,state) CI_GetState(state) +#define MACI_GetStatus(s,status) CI_GetStatus(status) +#define MACI_GetTime(s,time) CI_GetTime(time) +#define MACI_Hash(s,size,data) CI_Hash(size,data) +#define MACI_Initialize(count) CI_Initialize(count) +#define MACI_InitializeHash(s) CI_InitializeHash() +#define MACI_InstallX(s,cert,type,pass,ySize,y,x,Ra,pgSize,qSize,p,q,g) \ + CI_InstallX(cert,type,pass,ySize,y,x,Ra,pgSize,qSize,p,q,g) +#define MACI_LoadCertificate(s,cert,label,data,res) \ + CI_LoadCertificate(cert,label,data,res) +#define MACI_LoadDSAParameters(s,pgSize,qSize,p,q,g) \ + CI_LoadDSAParameters(pgSize,qSize,p,q,g) +#define MACI_LoadInitValues(s,seed,Ks) CI_LoadInitValues(seed,Ks) +#define MACI_LoadIV(s,iv) CI_LoadIV(iv) +#define MACI_LoadX(s,cert,type,pgSize,qSize,p,q,g,x,ySize,y) \ + CI_LoadX(cert,type,pgSize,qSize,p,q,g,x,ySize,y) +#define MACI_Lock(s,flags) CI_Lock(flags) +#define MACI_Open(s,flags,index) CI_Open(flags,index) +#define MACI_RelayX(s,oPass,oSize,oY,oRa,oX,nPass,nSize,nY,nRa,nX) \ + CI_RelayX(oPass,oSize,oY,oRa,oX,nPass,nSize,nY,nRa,nX) +#define MACI_Reset(s) CI_Reset() +#define MACI_Restore(s,type,data) CI_Restore(type,data) +#define MACI_Save(s,type,data) CI_Save(type,data) +#define MACI_Select(s,socket) CI_Select(socket) +#define MACI_SetConfiguration(s,typ,sz,d) CI_SetConfiguration(typ,sz,d) +#define MACI_SetKey(s,key) CI_SetKey(key) +#define MACI_SetMode(s,type,mode) CI_SetMode(type,mode) +#define MACI_SetPersonality(s,index) CI_SetPersonality(index) +#define MACI_SetTime(s,time) CI_SetTime(time) +#define MACI_Sign(s,hash,sig) CI_Sign(hash,sig) +#define MACI_Terminate(s) CI_Terminate() +#define MACI_TimeStamp(s,val,sig,time) CI_TimeStamp(val,sig,time) +#define MACI_Unlock(s) CI_Unlock() +#define MACI_UnwrapKey(s,targ,wrap,key) CI_UnwrapKey(targ,wrap,key) +#define MACI_VerifySignature(s,h,siz,y,sig) CI_VerifySignature(h,siz,y,sig) +#define MACI_VerifyTimeStamp(s,hash,sig,tim) CI_VerityTimeStap(hash,sig,tim) +#define MACI_WrapKey(s,src,wrap,key) CI_WrapKey(src,wrap,key) +#define MACI_Zeroize(s) CI_Zeroize() + +#define MACI_SEL(x) CI_Select(x) +#endif /* ! XP_UNIX */ +#endif /* _GENCI_H_ */ diff --git a/security/nss/lib/jar/jarevil.c b/security/nss/lib/jar/jarevil.c new file mode 100644 index 000000000..08fa1ee6c --- /dev/null +++ b/security/nss/lib/jar/jarevil.c @@ -0,0 +1,571 @@ +/* + * The contents of this file are subject to the Mozilla Public + * License Version 1.1 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a copy of + * the License at http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS + * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or + * implied. See the License for the specific language governing + * rights and limitations under the License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is Netscape + * Communications Corporation. Portions created by Netscape are + * Copyright (C) 1994-2000 Netscape Communications Corporation. All + * Rights Reserved. + * + * Contributor(s): + * + * Alternatively, the contents of this file may be used under the + * terms of the GNU General Public License Version 2 or later (the + * "GPL"), in which case the provisions of the GPL are applicable + * instead of those above. If you wish to allow use of your + * version of this file only under the terms of the GPL and not to + * allow others to use your version of this file under the MPL, + * indicate your decision by deleting the provisions above and + * replace them with the notice and other provisions required by + * the GPL. If you do not delete the provisions above, a recipient + * may use your version of this file under either the MPL or the + * GPL. + */ + +/* + * JAREVIL + * + * Wrappers to callback in the mozilla thread + * + * Certificate code is unsafe when called outside the + * mozilla thread. These functions push an event on the + * queue to cause the cert function to run in that thread. + * + */ + +#include "jar.h" +#include "jarint.h" + +#include "jarevil.h" + +/* from libevent.h */ +#ifdef MOZILLA_CLIENT_OLD +typedef void (*ETVoidPtrFunc) (void * data); +extern void ET_moz_CallFunction (ETVoidPtrFunc fn, void *data); + +extern void *mozilla_event_queue; +#endif + + +/* Special macros facilitate running on Win 16 */ +#if defined(XP_PC) && !defined(_WIN32) /* then we are win 16 */ + + /* + * Allocate the data passed to the callback functions from the heap... + * + * This inter-thread structure cannot reside on a thread stack since the + * thread's stack is swapped away with the thread under Win16... + */ + + #define ALLOC_OR_DEFINE(type, pointer_var_name, out_of_memory_return_value) \ + type * pointer_var_name = PORT_ZAlloc (sizeof(type)); \ + do { \ + if (!pointer_var_name) \ + return (out_of_memory_return_value); \ + } while (0) /* and now a semicolon can follow :-) */ + + #define FREE_IF_ALLOC_IS_USED(pointer_var_name) PORT_Free(pointer_var_name) + +#else /* not win 16... so we can alloc via auto variables */ + + #define ALLOC_OR_DEFINE(type, pointer_var_name, out_of_memory_return_value) \ + type actual_structure_allocated_in_macro; \ + type * pointer_var_name = &actual_structure_allocated_in_macro; \ + PORT_Memset (pointer_var_name, 0, sizeof (*pointer_var_name)); \ + ((void) 0) /* and now a semicolon can follow */ + + #define FREE_IF_ALLOC_IS_USED(pointer_var_name) ((void) 0) + +#endif /* not Win 16 */ + +/* --- --- --- --- --- --- --- --- --- --- --- --- --- */ + +/* + * JAR_MOZ_encode + * + * Call SEC_PKCS7Encode inside + * the mozilla thread + * + */ + +struct EVIL_encode + { + int error; + SECStatus status; + SEC_PKCS7ContentInfo *cinfo; + SEC_PKCS7EncoderOutputCallback outputfn; + void *outputarg; + PK11SymKey *bulkkey; + SECKEYGetPasswordKey pwfn; + void *pwfnarg; + }; + + +/* This is called inside the mozilla thread */ + +PR_STATIC_CALLBACK(void) jar_moz_encode_fn (void *data) + { + SECStatus status; + struct EVIL_encode *encode_data = (struct EVIL_encode *)data; + + PORT_SetError (encode_data->error); + + status = SEC_PKCS7Encode (encode_data->cinfo, encode_data->outputfn, + encode_data->outputarg, encode_data->bulkkey, + encode_data->pwfn, encode_data->pwfnarg); + + encode_data->status = status; + encode_data->error = PORT_GetError(); + } + + +/* Wrapper for the ET_MOZ call */ + +SECStatus jar_moz_encode + ( + SEC_PKCS7ContentInfo *cinfo, + SEC_PKCS7EncoderOutputCallback outputfn, + void *outputarg, + PK11SymKey *bulkkey, + SECKEYGetPasswordKey pwfn, + void *pwfnarg + ) + { + SECStatus ret; + ALLOC_OR_DEFINE(struct EVIL_encode, encode_data, SECFailure); + + encode_data->error = PORT_GetError(); + encode_data->cinfo = cinfo; + encode_data->outputfn = outputfn; + encode_data->outputarg = outputarg; + encode_data->bulkkey = bulkkey; + encode_data->pwfn = pwfn; + encode_data->pwfnarg = pwfnarg; + + /* Synchronously invoke the callback function on the mozilla thread. */ +#ifdef MOZILLA_CLIENT_OLD + if (mozilla_event_queue) + ET_moz_CallFunction (jar_moz_encode_fn, encode_data); + else + jar_moz_encode_fn (encode_data); +#else + jar_moz_encode_fn (encode_data); +#endif + + PORT_SetError (encode_data->error); + ret = encode_data->status; + + /* Free the data passed to the callback function... */ + FREE_IF_ALLOC_IS_USED(encode_data); + return ret; + } + +/* --- --- --- --- --- --- --- --- --- --- --- --- --- */ + +/* + * JAR_MOZ_verify + * + * Call SEC_PKCS7VerifyDetachedSignature inside + * the mozilla thread + * + */ + +struct EVIL_verify + { + int error; + SECStatus status; + SEC_PKCS7ContentInfo *cinfo; + SECCertUsage certusage; + SECItem *detached_digest; + HASH_HashType digest_type; + PRBool keepcerts; + }; + +/* This is called inside the mozilla thread */ + +PR_STATIC_CALLBACK(void) jar_moz_verify_fn (void *data) + { + PRBool result; + struct EVIL_verify *verify_data = (struct EVIL_verify *)data; + + PORT_SetError (verify_data->error); + + result = SEC_PKCS7VerifyDetachedSignature + (verify_data->cinfo, verify_data->certusage, verify_data->detached_digest, + verify_data->digest_type, verify_data->keepcerts); + + + verify_data->status = result==PR_TRUE ? SECSuccess : SECFailure; + verify_data->error = PORT_GetError(); + } + + +/* Wrapper for the ET_MOZ call */ + +SECStatus jar_moz_verify + ( + SEC_PKCS7ContentInfo *cinfo, + SECCertUsage certusage, + SECItem *detached_digest, + HASH_HashType digest_type, + PRBool keepcerts + ) + { + SECStatus ret; + ALLOC_OR_DEFINE(struct EVIL_verify, verify_data, SECFailure); + + verify_data->error = PORT_GetError(); + verify_data->cinfo = cinfo; + verify_data->certusage = certusage; + verify_data->detached_digest = detached_digest; + verify_data->digest_type = digest_type; + verify_data->keepcerts = keepcerts; + + /* Synchronously invoke the callback function on the mozilla thread. */ +#ifdef MOZILLA_CLIENT_OLD + if (mozilla_event_queue) + ET_moz_CallFunction (jar_moz_verify_fn, verify_data); + else + jar_moz_verify_fn (verify_data); +#else + jar_moz_verify_fn (verify_data); +#endif + + PORT_SetError (verify_data->error); + ret = verify_data->status; + + /* Free the data passed to the callback function... */ + FREE_IF_ALLOC_IS_USED(verify_data); + return ret; + } + +/* --- --- --- --- --- --- --- --- --- --- --- --- --- */ + +/* + * JAR_MOZ_nickname + * + * Call CERT_FindCertByNickname inside + * the mozilla thread + * + */ + +struct EVIL_nickname + { + int error; + CERTCertDBHandle *certdb; + char *nickname; + CERTCertificate *cert; + }; + + +/* This is called inside the mozilla thread */ + +PR_STATIC_CALLBACK(void) jar_moz_nickname_fn (void *data) + { + CERTCertificate *cert; + struct EVIL_nickname *nickname_data = (struct EVIL_nickname *)data; + + PORT_SetError (nickname_data->error); + + cert = CERT_FindCertByNickname (nickname_data->certdb, nickname_data->nickname); + + nickname_data->cert = cert; + nickname_data->error = PORT_GetError(); + } + + +/* Wrapper for the ET_MOZ call */ + +CERTCertificate *jar_moz_nickname (CERTCertDBHandle *certdb, char *nickname) + { + CERTCertificate *cert; + ALLOC_OR_DEFINE(struct EVIL_nickname, nickname_data, NULL ); + + nickname_data->error = PORT_GetError(); + nickname_data->certdb = certdb; + nickname_data->nickname = nickname; + + /* Synchronously invoke the callback function on the mozilla thread. */ +#ifdef MOZILLA_CLIENT_OLD + if (mozilla_event_queue) + ET_moz_CallFunction (jar_moz_nickname_fn, nickname_data); + else + jar_moz_nickname_fn (nickname_data); +#else + jar_moz_nickname_fn (nickname_data); +#endif + + PORT_SetError (nickname_data->error); + cert = nickname_data->cert; + + /* Free the data passed to the callback function... */ + FREE_IF_ALLOC_IS_USED(nickname_data); + return cert; + } + +/* --- --- --- --- --- --- --- --- --- --- --- --- --- */ + +/* + * JAR_MOZ_perm + * + * Call CERT_AddTempCertToPerm inside + * the mozilla thread + * + */ + +struct EVIL_perm + { + int error; + SECStatus status; + CERTCertificate *cert; + char *nickname; + CERTCertTrust *trust; + }; + + +/* This is called inside the mozilla thread */ + +PR_STATIC_CALLBACK(void) jar_moz_perm_fn (void *data) + { + SECStatus status; + struct EVIL_perm *perm_data = (struct EVIL_perm *)data; + + PORT_SetError (perm_data->error); + + status = CERT_AddTempCertToPerm (perm_data->cert, perm_data->nickname, perm_data->trust); + + perm_data->status = status; + perm_data->error = PORT_GetError(); + } + + +/* Wrapper for the ET_MOZ call */ + +SECStatus jar_moz_perm + (CERTCertificate *cert, char *nickname, CERTCertTrust *trust) + { + SECStatus ret; + ALLOC_OR_DEFINE(struct EVIL_perm, perm_data, SECFailure); + + perm_data->error = PORT_GetError(); + perm_data->cert = cert; + perm_data->nickname = nickname; + perm_data->trust = trust; + + /* Synchronously invoke the callback function on the mozilla thread. */ +#ifdef MOZILLA_CLIENT_OLD + if (mozilla_event_queue) + ET_moz_CallFunction (jar_moz_perm_fn, perm_data); + else + jar_moz_perm_fn (perm_data); +#else + jar_moz_perm_fn (perm_data); +#endif + + PORT_SetError (perm_data->error); + ret = perm_data->status; + + /* Free the data passed to the callback function... */ + FREE_IF_ALLOC_IS_USED(perm_data); + return ret; + } + +/* --- --- --- --- --- --- --- --- --- --- --- --- --- */ + +/* + * JAR_MOZ_certkey + * + * Call CERT_FindCertByKey inside + * the mozilla thread + * + */ + +struct EVIL_certkey + { + int error; + CERTCertificate *cert; + CERTCertDBHandle *certdb; + SECItem *seckey; + }; + + +/* This is called inside the mozilla thread */ + +PR_STATIC_CALLBACK(void) jar_moz_certkey_fn (void *data) + { + CERTCertificate *cert; + struct EVIL_certkey *certkey_data = (struct EVIL_certkey *)data; + + PORT_SetError (certkey_data->error); + + cert = CERT_FindCertByKey (certkey_data->certdb, certkey_data->seckey); + + certkey_data->cert = cert; + certkey_data->error = PORT_GetError(); + } + + +/* Wrapper for the ET_MOZ call */ + +CERTCertificate *jar_moz_certkey (CERTCertDBHandle *certdb, SECItem *seckey) + { + CERTCertificate *cert; + ALLOC_OR_DEFINE(struct EVIL_certkey, certkey_data, NULL); + + certkey_data->error = PORT_GetError(); + certkey_data->certdb = certdb; + certkey_data->seckey = seckey; + + /* Synchronously invoke the callback function on the mozilla thread. */ +#ifdef MOZILLA_CLIENT_OLD + if (mozilla_event_queue) + ET_moz_CallFunction (jar_moz_certkey_fn, certkey_data); + else + jar_moz_certkey_fn (certkey_data); +#else + jar_moz_certkey_fn (certkey_data); +#endif + + PORT_SetError (certkey_data->error); + cert = certkey_data->cert; + + /* Free the data passed to the callback function... */ + FREE_IF_ALLOC_IS_USED(certkey_data); + return cert; + } + +/* --- --- --- --- --- --- --- --- --- --- --- --- --- */ + +/* + * JAR_MOZ_issuer + * + * Call CERT_FindCertIssuer inside + * the mozilla thread + * + */ + +struct EVIL_issuer + { + int error; + CERTCertificate *cert; + CERTCertificate *issuer; + }; + + +/* This is called inside the mozilla thread */ + +PR_STATIC_CALLBACK(void) jar_moz_issuer_fn (void *data) + { + CERTCertificate *issuer; + struct EVIL_issuer *issuer_data = (struct EVIL_issuer *)data; + + PORT_SetError (issuer_data->error); + + issuer = CERT_FindCertIssuer (issuer_data->cert, PR_Now(), + certUsageObjectSigner); + + issuer_data->issuer = issuer; + issuer_data->error = PORT_GetError(); + } + + +/* Wrapper for the ET_MOZ call */ + +CERTCertificate *jar_moz_issuer (CERTCertificate *cert) + { + CERTCertificate *issuer_cert; + ALLOC_OR_DEFINE(struct EVIL_issuer, issuer_data, NULL); + + issuer_data->error = PORT_GetError(); + issuer_data->cert = cert; + + /* Synchronously invoke the callback function on the mozilla thread. */ +#ifdef MOZILLA_CLIENT_OLD + if (mozilla_event_queue) + ET_moz_CallFunction (jar_moz_issuer_fn, issuer_data); + else + jar_moz_issuer_fn (issuer_data); +#else + jar_moz_issuer_fn (issuer_data); +#endif + + PORT_SetError (issuer_data->error); + issuer_cert = issuer_data->issuer; + + /* Free the data passed to the callback function... */ + FREE_IF_ALLOC_IS_USED(issuer_data); + return issuer_cert; + } + +/* --- --- --- --- --- --- --- --- --- --- --- --- --- */ + +/* + * JAR_MOZ_dup + * + * Call CERT_DupCertificate inside + * the mozilla thread + * + */ + +struct EVIL_dup + { + int error; + CERTCertificate *cert; + CERTCertificate *return_cert; + }; + + +/* This is called inside the mozilla thread */ + +PR_STATIC_CALLBACK(void) jar_moz_dup_fn (void *data) + { + CERTCertificate *return_cert; + struct EVIL_dup *dup_data = (struct EVIL_dup *)data; + + PORT_SetError (dup_data->error); + + return_cert = CERT_DupCertificate (dup_data->cert); + + dup_data->return_cert = return_cert; + dup_data->error = PORT_GetError(); + } + + +/* Wrapper for the ET_MOZ call */ + +CERTCertificate *jar_moz_dup (CERTCertificate *cert) + { + CERTCertificate *dup_cert; + ALLOC_OR_DEFINE(struct EVIL_dup, dup_data, NULL); + + dup_data->error = PORT_GetError(); + dup_data->cert = cert; + + /* Synchronously invoke the callback function on the mozilla thread. */ +#ifdef MOZILLA_CLIENT_OLD + if (mozilla_event_queue) + ET_moz_CallFunction (jar_moz_dup_fn, dup_data); + else + jar_moz_dup_fn (dup_data); +#else + jar_moz_dup_fn (dup_data); +#endif + + PORT_SetError (dup_data->error); + dup_cert = dup_data->return_cert; + + /* Free the data passed to the callback function... */ + FREE_IF_ALLOC_IS_USED(dup_data); + return dup_cert; + } + +/* --- --- --- --- --- --- --- --- --- --- --- --- --- */ diff --git a/security/coreconf/nsinstall/pathsub.h b/security/nss/lib/jar/jarnav.c index 718c2206f..865ded5da 100644 --- a/security/coreconf/nsinstall/pathsub.h +++ b/security/nss/lib/jar/jarnav.c @@ -1,4 +1,4 @@ -/* +/* * The contents of this file are subject to the Mozilla Public * License Version 1.1 (the "License"); you may not use this file * except in compliance with the License. You may obtain a copy of @@ -31,47 +31,77 @@ * GPL. */ -#ifndef pathsub_h___ -#define pathsub_h___ /* -** Pathname subroutines. -** -** Brendan Eich, 8/29/95 -*/ -#include <limits.h> -#include <sys/types.h> + * JARNAV.C + * + * JAR stuff needed for client only. + * + */ -#if SUNOS4 -#include "sunos4.h" -#endif +#include "jar.h" +#include "jarint.h" -#ifndef PATH_MAX -#define PATH_MAX 1024 +/* from proto.h */ +#ifdef MOZILLA_CLIENT_OLD +extern MWContext *XP_FindSomeContext(void); #endif +/* sigh */ +extern MWContext *FE_GetInitContext(void); + +/* To return an MWContext for Java */ +static MWContext *(*jar_fn_FindSomeContext) (void) = NULL; + +/* To fabricate an MWContext for FE_GetPassword */ +static MWContext *(*jar_fn_GetInitContext) (void) = NULL; + /* - * Just keep sane lengths + * J A R _ i n i t + * + * Initialize the JAR functions. + * */ -#undef NAME_MAX -#define NAME_MAX 256 -extern char *program; +void JAR_init (void) + { +#ifdef MOZILLA_CLIENT_OLD + JAR_init_callbacks (XP_GetString, XP_FindSomeContext, FE_GetInitContext); +#else + JAR_init_callbacks (XP_GetString, NULL, NULL); +#endif + } -extern void fail(char *format, ...); -extern char *getcomponent(char *path, char *name); -extern char *ino2name(ino_t ino, char *dir); -extern void *xmalloc(size_t size); -extern char *xstrdup(char *s); -extern char *xbasename(char *path); -extern void xchdir(char *dir); +/* + * J A R _ s e t _ c o n t e x t + * + * Set the jar window context for use by PKCS11, since + * it may be needed to prompt the user for a password. + * + */ -/* Relate absolute pathnames from and to returning the result in outpath. */ -extern int relatepaths(char *from, char *to, char *outpath); +int JAR_set_context (JAR *jar, MWContext *mw) + { + if (mw) + { + jar->mw = mw; + } + else + { + /* jar->mw = XP_FindSomeContext(); */ + jar->mw = NULL; -/* NOTE: changes current working directory -- caveat emptor */ -extern void reversepath(char *inpath, char *name, int len, char *outpath); + /* + * We can't find a context because we're in startup state and none + * exist yet. go get an FE_InitContext that only works at initialization + * time. + */ -/* stats every directory in path, reports results. */ -extern void diagnosePath(const char * path); + /* Turn on the mac when we get the FE_ function */ + if (jar->mw == NULL) + { + jar->mw = jar_fn_GetInitContext(); + } + } -#endif /* pathsub_h___ */ + return 0; + } diff --git a/security/nss/lib/jar/jarsign.c b/security/nss/lib/jar/jarsign.c new file mode 100644 index 000000000..d03f980b0 --- /dev/null +++ b/security/nss/lib/jar/jarsign.c @@ -0,0 +1,377 @@ +/* + * The contents of this file are subject to the Mozilla Public + * License Version 1.1 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a copy of + * the License at http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS + * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or + * implied. See the License for the specific language governing + * rights and limitations under the License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is Netscape + * Communications Corporation. Portions created by Netscape are + * Copyright (C) 1994-2000 Netscape Communications Corporation. All + * Rights Reserved. + * + * Contributor(s): + * + * Alternatively, the contents of this file may be used under the + * terms of the GNU General Public License Version 2 or later (the + * "GPL"), in which case the provisions of the GPL are applicable + * instead of those above. If you wish to allow use of your + * version of this file only under the terms of the GPL and not to + * allow others to use your version of this file under the MPL, + * indicate your decision by deleting the provisions above and + * replace them with the notice and other provisions required by + * the GPL. If you do not delete the provisions above, a recipient + * may use your version of this file under either the MPL or the + * GPL. + */ + +/* + * JARSIGN + * + * Routines used in signing archives. + */ + + +#define USE_MOZ_THREAD + +#include "jar.h" +#include "jarint.h" + +#ifdef USE_MOZ_THREAD +#include "jarevil.h" +#endif + +#include "pk11func.h" + +/* from libevent.h */ +typedef void (*ETVoidPtrFunc) (void * data); + +#ifdef MOZILLA_CLIENT_OLD + +extern void ET_moz_CallFunction (ETVoidPtrFunc fn, void *data); + +/* from proto.h */ +/* extern MWContext *XP_FindSomeContext(void); */ +extern void *XP_FindSomeContext(void); + +#endif + +/* key database wrapper */ + +/* static SECKEYKeyDBHandle *jar_open_key_database (void); */ + +/* CHUNQ is our bite size */ + +#define CHUNQ 64000 +#define FILECHUNQ 32768 + +/* + * J A R _ c a l c u l a t e _ d i g e s t + * + * Quick calculation of a digest for + * the specified block of memory. Will calculate + * for all supported algorithms, now MD5. + * + * This version supports huge pointers for WIN16. + * + */ + +JAR_Digest * PR_CALLBACK JAR_calculate_digest (void ZHUGEP *data, long length) + { + long chunq; + JAR_Digest *dig; + + unsigned int md5_length, sha1_length; + + PK11Context *md5 = 0; + PK11Context *sha1 = 0; + + dig = (JAR_Digest *) PORT_ZAlloc (sizeof (JAR_Digest)); + + if (dig == NULL) + { + /* out of memory allocating digest */ + return NULL; + } + +#if defined(XP_WIN16) + PORT_Assert ( !IsBadHugeReadPtr(data, length) ); +#endif + + md5 = PK11_CreateDigestContext (SEC_OID_MD5); + sha1 = PK11_CreateDigestContext (SEC_OID_SHA1); + + if (length >= 0) + { + PK11_DigestBegin (md5); + PK11_DigestBegin (sha1); + + do { + chunq = length; + +#ifdef XP_WIN16 + if (length > CHUNQ) chunq = CHUNQ; + + /* + * If the block of data crosses one or more segment + * boundaries then only pass the chunk of data in the + * first segment. + * + * This allows the data to be treated as FAR by the + * PK11_DigestOp(...) routine. + * + */ + + if (OFFSETOF(data) + chunq >= 0x10000) + chunq = 0x10000 - OFFSETOF(data); +#endif + + PK11_DigestOp (md5, (unsigned char*)data, chunq); + PK11_DigestOp (sha1, (unsigned char*)data, chunq); + + length -= chunq; + data = ((char ZHUGEP *) data + chunq); + } + while (length > 0); + + PK11_DigestFinal (md5, dig->md5, &md5_length, MD5_LENGTH); + PK11_DigestFinal (sha1, dig->sha1, &sha1_length, SHA1_LENGTH); + + PK11_DestroyContext (md5, PR_TRUE); + PK11_DestroyContext (sha1, PR_TRUE); + } + + return dig; + } + +/* + * J A R _ d i g e s t _ f i l e + * + * Calculates the MD5 and SHA1 digests for a file + * present on disk, and returns these in JAR_Digest struct. + * + */ + +int JAR_digest_file (char *filename, JAR_Digest *dig) + { + JAR_FILE fp; + + int num; + unsigned char *buf; + + PK11Context *md5 = 0; + PK11Context *sha1 = 0; + + unsigned int md5_length, sha1_length; + + buf = (unsigned char *) PORT_ZAlloc (FILECHUNQ); + if (buf == NULL) + { + /* out of memory */ + return JAR_ERR_MEMORY; + } + + if ((fp = JAR_FOPEN (filename, "rb")) == 0) + { + /* perror (filename); FIX XXX XXX XXX XXX XXX XXX */ + PORT_Free (buf); + return JAR_ERR_FNF; + } + + md5 = PK11_CreateDigestContext (SEC_OID_MD5); + sha1 = PK11_CreateDigestContext (SEC_OID_SHA1); + + if (md5 == NULL || sha1 == NULL) + { + /* can't generate digest contexts */ + PORT_Free (buf); + JAR_FCLOSE (fp); + return JAR_ERR_GENERAL; + } + + PK11_DigestBegin (md5); + PK11_DigestBegin (sha1); + + while (1) + { + if ((num = JAR_FREAD (fp, buf, FILECHUNQ)) == 0) + break; + + PK11_DigestOp (md5, buf, num); + PK11_DigestOp (sha1, buf, num); + } + + PK11_DigestFinal (md5, dig->md5, &md5_length, MD5_LENGTH); + PK11_DigestFinal (sha1, dig->sha1, &sha1_length, SHA1_LENGTH); + + PK11_DestroyContext (md5, PR_TRUE); + PK11_DestroyContext (sha1, PR_TRUE); + + PORT_Free (buf); + JAR_FCLOSE (fp); + + return 0; + } + +/* + * J A R _ o p e n _ k e y _ d a t a b a s e + * + */ + +SECKEYKeyDBHandle *jar_open_key_database (void) + { + SECKEYKeyDBHandle *keydb; + + keydb = SECKEY_GetDefaultKeyDB(); + + if (keydb == NULL) + { /* open by file if this fails, if jartool is to call this */ ; } + + return keydb; + } + +int jar_close_key_database (SECKEYKeyDBHandle *keydb) + { + /* We never do close it */ + return 0; + } + + +/* + * j a r _ c r e a t e _ p k 7 + * + */ + +static void jar_pk7_out (void *arg, const char *buf, unsigned long len) + { + JAR_FWRITE ((JAR_FILE) arg, buf, len); + } + +int jar_create_pk7 + (CERTCertDBHandle *certdb, SECKEYKeyDBHandle *keydb, + CERTCertificate *cert, char *password, JAR_FILE infp, JAR_FILE outfp) + { + int nb; + unsigned char buffer [4096], digestdata[32]; + SECHashObject *hashObj; + void *hashcx; + unsigned int len; + + int status = 0; + char *errstring; + + SECItem digest; + SEC_PKCS7ContentInfo *cinfo; + SECStatus rv; + + void /*MWContext*/ *mw; + + if (outfp == NULL || infp == NULL || cert == NULL) + return JAR_ERR_GENERAL; + + /* we sign with SHA */ + hashObj = &SECHashObjects [HASH_AlgSHA1]; + + hashcx = (* hashObj->create)(); + if (hashcx == NULL) + return JAR_ERR_GENERAL; + + (* hashObj->begin)(hashcx); + + while (1) + { + /* nspr2.0 doesn't support feof + if (feof (infp)) break; */ + + nb = JAR_FREAD (infp, buffer, sizeof (buffer)); + if (nb == 0) + { +#if 0 + if (ferror(infp)) + { + /* PORT_SetError(SEC_ERROR_IO); */ /* FIX */ + (* hashObj->destroy) (hashcx, PR_TRUE); + return JAR_ERR_GENERAL; + } +#endif + /* eof */ + break; + } + (* hashObj->update) (hashcx, buffer, nb); + } + + (* hashObj->end) (hashcx, digestdata, &len, 32); + (* hashObj->destroy) (hashcx, PR_TRUE); + + digest.data = digestdata; + digest.len = len; + + /* signtool must use any old context it can find since it's + calling from inside javaland. */ + +#ifdef MOZILLA_CLIENT_OLD + mw = XP_FindSomeContext(); +#else + mw = NULL; +#endif + + PORT_SetError (0); + + cinfo = SEC_PKCS7CreateSignedData + (cert, certUsageObjectSigner, NULL, + SEC_OID_SHA1, &digest, NULL, (void *) mw); + + if (cinfo == NULL) + return JAR_ERR_PK7; + + rv = SEC_PKCS7IncludeCertChain (cinfo, NULL); + if (rv != SECSuccess) + { + status = PORT_GetError(); + SEC_PKCS7DestroyContentInfo (cinfo); + return status; + } + + /* Having this here forces signtool to always include + signing time. */ + + rv = SEC_PKCS7AddSigningTime (cinfo); + if (rv != SECSuccess) + { + /* don't check error */ + } + + PORT_SetError (0); + +#ifdef USE_MOZ_THREAD + /* if calling from mozilla */ + rv = jar_moz_encode + (cinfo, jar_pk7_out, outfp, + NULL, /* pwfn */ NULL, /* pwarg */ (void *) mw); +#else + /* if calling from mozilla thread*/ + rv = SEC_PKCS7Encode + (cinfo, jar_pk7_out, outfp, + NULL, /* pwfn */ NULL, /* pwarg */ (void *) mw): +#endif + + if (rv != SECSuccess) + status = PORT_GetError(); + + SEC_PKCS7DestroyContentInfo (cinfo); + + if (rv != SECSuccess) + { + errstring = JAR_get_error (status); + /*XP_TRACE (("Jar signing failed (reason %d = %s)", status, errstring));*/ + return status < 0 ? status : JAR_ERR_GENERAL; + } + + return 0; + } diff --git a/security/nss/lib/jar/jarver.c b/security/nss/lib/jar/jarver.c new file mode 100644 index 000000000..914818479 --- /dev/null +++ b/security/nss/lib/jar/jarver.c @@ -0,0 +1,2029 @@ +/* + * The contents of this file are subject to the Mozilla Public + * License Version 1.1 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a copy of + * the License at http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS + * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or + * implied. See the License for the specific language governing + * rights and limitations under the License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is Netscape + * Communications Corporation. Portions created by Netscape are + * Copyright (C) 1994-2000 Netscape Communications Corporation. All + * Rights Reserved. + * + * Contributor(s): + * + * Alternatively, the contents of this file may be used under the + * terms of the GNU General Public License Version 2 or later (the + * "GPL"), in which case the provisions of the GPL are applicable + * instead of those above. If you wish to allow use of your + * version of this file only under the terms of the GPL and not to + * allow others to use your version of this file under the MPL, + * indicate your decision by deleting the provisions above and + * replace them with the notice and other provisions required by + * the GPL. If you do not delete the provisions above, a recipient + * may use your version of this file under either the MPL or the + * GPL. + */ + +/* + * JARVER + * + * Jarnature Parsing & Verification + */ + +#define USE_MOZ_THREAD + +#include "jar.h" +#include "jarint.h" + +#ifdef USE_MOZ_THREAD +#include "jarevil.h" +#endif +#include "cdbhdl.h" + +/* to use huge pointers in win16 */ + +#if !defined(XP_WIN16) +#define xp_HUGE_MEMCPY PORT_Memcpy +#define xp_HUGE_STRCPY PORT_Strcpy +#define xp_HUGE_STRLEN PORT_Strlen +#define xp_HUGE_STRNCASECMP PORT_Strncasecmp +#else +#define xp_HUGE_MEMCPY hmemcpy +int xp_HUGE_STRNCASECMP (char ZHUGEP *buf, char *key, int len); +size_t xp_HUGE_STRLEN (char ZHUGEP *s); +char *xp_HUGE_STRCPY (char *to, char ZHUGEP *from); +#endif + +/* from certdb.h */ +#define CERTDB_USER (1<<6) + +#if 0 +/* from certdb.h */ +extern PRBool SEC_CertNicknameConflict + (char *nickname, CERTCertDBHandle *handle); +/* from certdb.h */ +extern SECStatus SEC_AddTempNickname + (CERTCertDBHandle *handle, char *nickname, SECItem *certKey); +/* from certdb.h */ +typedef SECStatus (* PermCertCallback)(CERTCertificate *cert, SECItem *k, void *pdata); +#endif + +/* from certdb.h */ +SECStatus SEC_TraversePermCerts + (CERTCertDBHandle *handle, PermCertCallback certfunc, void *udata); + + +#define SZ 512 + +static int jar_validate_pkcs7 + (JAR *jar, JAR_Signer *signer, char *data, long length); + +static int jar_decode (JAR *jar, char *data, long length); + +static void jar_catch_bytes + (void *arg, const char *buf, unsigned long len); + +static int jar_gather_signers + (JAR *jar, JAR_Signer *signer, SEC_PKCS7ContentInfo *cinfo); + +static char ZHUGEP *jar_eat_line + (int lines, int eating, char ZHUGEP *data, long *len); + +static JAR_Digest *jar_digest_section + (char ZHUGEP *manifest, long length); + +static JAR_Digest *jar_get_mf_digest (JAR *jar, char *path); + +static int jar_parse_digital_signature + (char *raw_manifest, JAR_Signer *signer, long length, JAR *jar); + +static int jar_add_cert + (JAR *jar, JAR_Signer *signer, int type, CERTCertificate *cert); + +static CERTCertificate *jar_get_certificate + (JAR *jar, long keylen, void *key, int *result); + +static char *jar_cert_element (char *name, char *tag, int occ); + +static char *jar_choose_nickname (CERTCertificate *cert); + +static char *jar_basename (const char *path); + +static int jar_signal + (int status, JAR *jar, const char *metafile, char *pathname); + +static int jar_insanity_check (char ZHUGEP *data, long length); + +int jar_parse_mf + (JAR *jar, char ZHUGEP *raw_manifest, + long length, const char *path, const char *url); + +int jar_parse_sf + (JAR *jar, char ZHUGEP *raw_manifest, + long length, const char *path, const char *url); + +int jar_parse_sig + (JAR *jar, const char *path, char ZHUGEP *raw_manifest, long length); + +int jar_parse_any + (JAR *jar, int type, JAR_Signer *signer, char ZHUGEP *raw_manifest, + long length, const char *path, const char *url); + +static int jar_internal_digest + (JAR *jar, const char *path, char *x_name, JAR_Digest *dig); + +/* + * J A R _ p a r s e _ m a n i f e s t + * + * Pass manifest files to this function. They are + * decoded and placed into internal representations. + * + * Accepts both signature and manifest files. Use + * the same "jar" for both. + * + */ + +int JAR_parse_manifest + (JAR *jar, char ZHUGEP *raw_manifest, + long length, const char *path, const char *url) + { + +#if defined(XP_WIN16) + PORT_Assert( !IsBadHugeReadPtr(raw_manifest, length) ); +#endif + + /* fill in the path, if supplied. This is a the location + of the jar file on disk, if known */ + + if (jar->filename == NULL && path) + { + jar->filename = PORT_Strdup (path); + if (jar->filename == NULL) + return JAR_ERR_MEMORY; + } + + /* fill in the URL, if supplied. This is the place + from which the jar file was retrieved. */ + + if (jar->url == NULL && url) + { + jar->url = PORT_Strdup (url); + if (jar->url == NULL) + return JAR_ERR_MEMORY; + } + + /* Determine what kind of file this is from the META-INF + directory. It could be MF, SF, or a binary RSA/DSA file */ + + if (!xp_HUGE_STRNCASECMP (raw_manifest, "Manifest-Version:", 17)) + { + return jar_parse_mf (jar, raw_manifest, length, path, url); + } + else if (!xp_HUGE_STRNCASECMP (raw_manifest, "Signature-Version:", 18)) + { + return jar_parse_sf (jar, raw_manifest, length, path, url); + } + else + { + /* This is probably a binary signature */ + return jar_parse_sig (jar, path, raw_manifest, length); + } + } + +/* + * j a r _ p a r s e _ s i g + * + * Pass some manner of RSA or DSA digital signature + * on, after checking to see if it comes at an appropriate state. + * + */ + +int jar_parse_sig + (JAR *jar, const char *path, char ZHUGEP *raw_manifest, long length) + { + JAR_Signer *signer; + int status = JAR_ERR_ORDER; + + if (length <= 128) + { + /* signature is way too small */ + return JAR_ERR_SIG; + } + + /* make sure that MF and SF have already been processed */ + + if (jar->globalmeta == NULL) + return JAR_ERR_ORDER; + +#if 0 + /* XXX Turn this on to disable multiple signers */ + if (jar->digest == NULL) + return JAR_ERR_ORDER; +#endif + + /* Determine whether or not this RSA file has + has an associated SF file */ + + if (path) + { + char *owner; + owner = jar_basename (path); + + if (owner == NULL) + return JAR_ERR_MEMORY; + + signer = jar_get_signer (jar, owner); + + PORT_Free (owner); + } + else + signer = jar_get_signer (jar, "*"); + + if (signer == NULL) + return JAR_ERR_ORDER; + + + /* Do not pass a huge pointer to this function, + since the underlying security code is unaware. We will + never pass >64k through here. */ + + if (length > 64000) + { + /* this digital signature is way too big */ + return JAR_ERR_SIG; + } + +#ifdef XP_WIN16 + /* + * For Win16, copy the portion of the raw_buffer containing the digital + * signature into another buffer... This insures that the data will + * NOT cross a segment boundary. Therefore, + * jar_parse_digital_signature(...) does NOT need to deal with HUGE + * pointers... + */ + + { + unsigned char *manifest_copy; + + manifest_copy = (unsigned char *) PORT_ZAlloc (length); + if (manifest_copy) + { + xp_HUGE_MEMCPY (manifest_copy, raw_manifest, length); + + status = jar_parse_digital_signature + (manifest_copy, signer, length, jar); + + PORT_Free (manifest_copy); + } + else + { + /* out of memory */ + return JAR_ERR_MEMORY; + } + } +#else + /* don't expense unneeded calloc overhead on non-win16 */ + status = jar_parse_digital_signature + (raw_manifest, signer, length, jar); +#endif + + return status; + } + +/* + * j a r _ p a r s e _ m f + * + * Parse the META-INF/manifest.mf file, whose + * information applies to all signers. + * + */ + +int jar_parse_mf + (JAR *jar, char ZHUGEP *raw_manifest, + long length, const char *path, const char *url) + { + if (jar->globalmeta) + { + /* refuse a second manifest file, if passed for some reason */ + return JAR_ERR_ORDER; + } + + + /* remember a digest for the global section */ + + jar->globalmeta = jar_digest_section (raw_manifest, length); + + if (jar->globalmeta == NULL) + return JAR_ERR_MEMORY; + + + return jar_parse_any + (jar, jarTypeMF, NULL, raw_manifest, length, path, url); + } + +/* + * j a r _ p a r s e _ s f + * + * Parse META-INF/xxx.sf, a digitally signed file + * pointing to a subset of MF sections. + * + */ + +int jar_parse_sf + (JAR *jar, char ZHUGEP *raw_manifest, + long length, const char *path, const char *url) + { + JAR_Signer *signer = NULL; + int status = JAR_ERR_MEMORY; + + if (jar->globalmeta == NULL) + { + /* It is a requirement that the MF file be passed before the SF file */ + return JAR_ERR_ORDER; + } + + signer = JAR_new_signer(); + + if (signer == NULL) + goto loser; + + if (path) + { + signer->owner = jar_basename (path); + if (signer->owner == NULL) + goto loser; + } + + + /* check for priors. When someone doctors a jar file + to contain identical path entries, prevent the second + one from affecting JAR functions */ + + if (jar_get_signer (jar, signer->owner)) + { + /* someone is trying to spoof us */ + status = JAR_ERR_ORDER; + goto loser; + } + + + /* remember its digest */ + + signer->digest = JAR_calculate_digest (raw_manifest, length); + + if (signer->digest == NULL) + goto loser; + + /* Add this signer to the jar */ + + ADDITEM (jar->signers, jarTypeOwner, + signer->owner, signer, sizeof (JAR_Signer)); + + + return jar_parse_any + (jar, jarTypeSF, signer, raw_manifest, length, path, url); + +loser: + + if (signer) + JAR_destroy_signer (signer); + + return status; + } + +/* + * j a r _ p a r s e _ a n y + * + * Parse a MF or SF manifest file. + * + */ + +int jar_parse_any + (JAR *jar, int type, JAR_Signer *signer, char ZHUGEP *raw_manifest, + long length, const char *path, const char *url) + { + int status; + + long raw_len; + + JAR_Digest *dig, *mfdig = NULL; + + char line [SZ]; + char x_name [SZ], x_md5 [SZ], x_sha [SZ]; + + char *x_info; + + char *sf_md5 = NULL, *sf_sha1 = NULL; + + *x_name = 0; + *x_md5 = 0; + *x_sha = 0; + + PORT_Assert( length > 0 ); + raw_len = length; + +#ifdef DEBUG + if ((status = jar_insanity_check (raw_manifest, raw_len)) < 0) + return status; +#endif + + + /* null terminate the first line */ + raw_manifest = jar_eat_line (0, PR_TRUE, raw_manifest, &raw_len); + + + /* skip over the preliminary section */ + /* This is one section at the top of the file with global metainfo */ + + while (raw_len) + { + JAR_Metainfo *met; + + raw_manifest = jar_eat_line (1, PR_TRUE, raw_manifest, &raw_len); + if (!*raw_manifest) break; + + met = (JAR_Metainfo*)PORT_ZAlloc (sizeof (JAR_Metainfo)); + if (met == NULL) + return JAR_ERR_MEMORY; + + /* Parse out the header & info */ + + if (xp_HUGE_STRLEN (raw_manifest) >= SZ) + { + /* almost certainly nonsense */ + continue; + } + + xp_HUGE_STRCPY (line, raw_manifest); + x_info = line; + + while (*x_info && *x_info != ' ' && *x_info != '\t' && *x_info != ':') + x_info++; + + if (*x_info) *x_info++ = 0; + + while (*x_info == ' ' || *x_info == '\t') + x_info++; + + /* metainfo (name, value) pair is now (line, x_info) */ + + met->header = PORT_Strdup (line); + met->info = PORT_Strdup (x_info); + + if (type == jarTypeMF) + { + ADDITEM (jar->metainfo, jarTypeMeta, + /* pathname */ NULL, met, sizeof (JAR_Metainfo)); + } + + /* For SF files, this metadata may be the digests + of the MF file, still in the "met" structure. */ + + if (type == jarTypeSF) + { + if (!PORT_Strcasecmp (line, "MD5-Digest")) + sf_md5 = (char *) met->info; + + if (!PORT_Strcasecmp (line, "SHA1-Digest") || !PORT_Strcasecmp (line, "SHA-Digest")) + sf_sha1 = (char *) met->info; + } + } + + if (type == jarTypeSF && jar->globalmeta) + { + /* this is a SF file which may contain a digest of the manifest.mf's + global metainfo. */ + + int match = 0; + JAR_Digest *glob = jar->globalmeta; + + if (sf_md5) + { + unsigned int md5_length; + unsigned char *md5_digest; + + md5_digest = ATOB_AsciiToData (sf_md5, &md5_length); + PORT_Assert( md5_length == MD5_LENGTH ); + + if (md5_length != MD5_LENGTH) + return JAR_ERR_CORRUPT; + + match = PORT_Memcmp (md5_digest, glob->md5, MD5_LENGTH); + } + + if (sf_sha1 && match == 0) + { + unsigned int sha1_length; + unsigned char *sha1_digest; + + sha1_digest = ATOB_AsciiToData (sf_sha1, &sha1_length); + PORT_Assert( sha1_length == SHA1_LENGTH ); + + if (sha1_length != SHA1_LENGTH) + return JAR_ERR_CORRUPT; + + match = PORT_Memcmp (sha1_digest, glob->sha1, SHA1_LENGTH); + } + + if (match != 0) + { + /* global digest doesn't match, SF file therefore invalid */ + jar->valid = JAR_ERR_METADATA; + return JAR_ERR_METADATA; + } + } + + /* done with top section of global data */ + + + while (raw_len) + { + *x_md5 = 0; + *x_sha = 0; + *x_name = 0; + + + /* If this is a manifest file, attempt to get a digest of the following section, + without damaging it. This digest will be saved later. */ + + if (type == jarTypeMF) + { + char ZHUGEP *sec; + long sec_len = raw_len; + + if (!*raw_manifest || *raw_manifest == '\n') + { + /* skip the blank line */ + sec = jar_eat_line (1, PR_FALSE, raw_manifest, &sec_len); + } + else + sec = raw_manifest; + + if (!xp_HUGE_STRNCASECMP (sec, "Name:", 5)) + { + if (type == jarTypeMF) + mfdig = jar_digest_section (sec, sec_len); + else + mfdig = NULL; + } + } + + + while (raw_len) + { + raw_manifest = jar_eat_line (1, PR_TRUE, raw_manifest, &raw_len); + if (!*raw_manifest) break; /* blank line, done with this entry */ + + if (xp_HUGE_STRLEN (raw_manifest) >= SZ) + { + /* almost certainly nonsense */ + continue; + } + + + /* Parse out the name/value pair */ + + xp_HUGE_STRCPY (line, raw_manifest); + x_info = line; + + while (*x_info && *x_info != ' ' && *x_info != '\t' && *x_info != ':') + x_info++; + + if (*x_info) *x_info++ = 0; + + while (*x_info == ' ' || *x_info == '\t') + x_info++; + + + if (!PORT_Strcasecmp (line, "Name")) + PORT_Strcpy (x_name, x_info); + + else if (!PORT_Strcasecmp (line, "MD5-Digest")) + PORT_Strcpy (x_md5, x_info); + + else if (!PORT_Strcasecmp (line, "SHA1-Digest") + || !PORT_Strcasecmp (line, "SHA-Digest")) + { + PORT_Strcpy (x_sha, x_info); + } + + /* Algorithm list is meta info we don't care about; keeping it out + of metadata saves significant space for large jar files */ + + else if (!PORT_Strcasecmp (line, "Digest-Algorithms") + || !PORT_Strcasecmp (line, "Hash-Algorithms")) + { + continue; + } + + /* Meta info is only collected for the manifest.mf file, + since the JAR_get_metainfo call does not support identity */ + + else if (type == jarTypeMF) + { + JAR_Metainfo *met; + + /* this is meta-data */ + + met = (JAR_Metainfo*)PORT_ZAlloc (sizeof (JAR_Metainfo)); + + if (met == NULL) + return JAR_ERR_MEMORY; + + /* metainfo (name, value) pair is now (line, x_info) */ + + if ((met->header = PORT_Strdup (line)) == NULL) + return JAR_ERR_MEMORY; + + if ((met->info = PORT_Strdup (x_info)) == NULL) + return JAR_ERR_MEMORY; + + ADDITEM (jar->metainfo, jarTypeMeta, + x_name, met, sizeof (JAR_Metainfo)); + } + } + + if(!x_name || !*x_name) { + /* Whatever that was, it wasn't an entry, because we didn't get a name. + * We don't really have anything, so don't record this. */ + continue; + } + + dig = (JAR_Digest*)PORT_ZAlloc (sizeof (JAR_Digest)); + if (dig == NULL) + return JAR_ERR_MEMORY; + + if (*x_md5 ) + { + unsigned int binary_length; + unsigned char *binary_digest; + + binary_digest = ATOB_AsciiToData (x_md5, &binary_length); + PORT_Assert( binary_length == MD5_LENGTH ); + + if (binary_length != MD5_LENGTH) + return JAR_ERR_CORRUPT; + + memcpy (dig->md5, binary_digest, MD5_LENGTH); + dig->md5_status = jarHashPresent; + } + + if (*x_sha ) + { + unsigned int binary_length; + unsigned char *binary_digest; + + binary_digest = ATOB_AsciiToData (x_sha, &binary_length); + PORT_Assert( binary_length == SHA1_LENGTH ); + + if (binary_length != SHA1_LENGTH) + return JAR_ERR_CORRUPT; + + memcpy (dig->sha1, binary_digest, SHA1_LENGTH); + dig->sha1_status = jarHashPresent; + } + + PORT_Assert( type == jarTypeMF || type == jarTypeSF ); + + + if (type == jarTypeMF) + { + ADDITEM (jar->hashes, jarTypeMF, x_name, dig, sizeof (JAR_Digest)); + } + else if (type == jarTypeSF) + { + ADDITEM (signer->sf, jarTypeSF, x_name, dig, sizeof (JAR_Digest)); + } + else + return JAR_ERR_ORDER; + + /* we're placing these calculated digests of manifest.mf + sections in a list where they can subsequently be forgotten */ + + if (type == jarTypeMF && mfdig) + { + ADDITEM (jar->manifest, jarTypeSect, + x_name, mfdig, sizeof (JAR_Digest)); + + mfdig = NULL; + } + + + /* Retrieve our saved SHA1 digest from saved copy and check digests. + This is just comparing the digest of the MF section as indicated in + the SF file with the one we remembered from parsing the MF file */ + + if (type == jarTypeSF) + { + if ((status = jar_internal_digest (jar, path, x_name, dig)) < 0) + return status; + } + } + + return 0; + } + +static int jar_internal_digest + (JAR *jar, const char *path, char *x_name, JAR_Digest *dig) + { + int cv; + int status; + + JAR_Digest *savdig; + + savdig = jar_get_mf_digest (jar, x_name); + + if (savdig == NULL) + { + /* no .mf digest for this pathname */ + status = jar_signal (JAR_ERR_ENTRY, jar, path, x_name); + if (status < 0) + return 0; /* was continue; */ + else + return status; + } + + /* check for md5 consistency */ + if (dig->md5_status) + { + cv = PORT_Memcmp (savdig->md5, dig->md5, MD5_LENGTH); + /* md5 hash of .mf file is not what expected */ + if (cv) + { + status = jar_signal (JAR_ERR_HASH, jar, path, x_name); + + /* bad hash, man */ + + dig->md5_status = jarHashBad; + savdig->md5_status = jarHashBad; + + if (status < 0) + return 0; /* was continue; */ + else + return status; + } + } + + /* check for sha1 consistency */ + if (dig->sha1_status) + { + cv = PORT_Memcmp (savdig->sha1, dig->sha1, SHA1_LENGTH); + /* sha1 hash of .mf file is not what expected */ + if (cv) + { + status = jar_signal (JAR_ERR_HASH, jar, path, x_name); + + /* bad hash, man */ + + dig->sha1_status = jarHashBad; + savdig->sha1_status = jarHashBad; + + if (status < 0) + return 0; /* was continue; */ + else + return status; + } + } + return 0; + } + +#ifdef DEBUG +/* + * j a r _ i n s a n i t y _ c h e c k + * + * Check for illegal characters (or possibly so) + * in the manifest files, to detect potential memory + * corruption by our neighbors. Debug only, since + * not I18N safe. + * + */ + +static int jar_insanity_check (char ZHUGEP *data, long length) + { + int c; + long off; + + for (off = 0; off < length; off++) + { + c = data [off]; + + if (c == '\n' || c == '\r' || (c >= ' ' && c <= 128)) + continue; + + return JAR_ERR_CORRUPT; + } + + return 0; + } +#endif + +/* + * j a r _ p a r s e _ d i g i t a l _ s i g n a t u r e + * + * Parse an RSA or DSA (or perhaps other) digital signature. + * Right now everything is PKCS7. + * + */ + +static int jar_parse_digital_signature + (char *raw_manifest, JAR_Signer *signer, long length, JAR *jar) + { +#if defined(XP_WIN16) + PORT_Assert( LOWORD(raw_manifest) + length < 0xFFFF ); +#endif + return jar_validate_pkcs7 (jar, signer, raw_manifest, length); + } + +/* + * j a r _ a d d _ c e r t + * + * Add information for the given certificate + * (or whatever) to the JAR linked list. A pointer + * is passed for some relevant reference, say + * for example the original certificate. + * + */ + +static int jar_add_cert + (JAR *jar, JAR_Signer *signer, int type, CERTCertificate *cert) + { + JAR_Cert *fing; + + if (cert == NULL) + return JAR_ERR_ORDER; + + fing = (JAR_Cert*)PORT_ZAlloc (sizeof (JAR_Cert)); + + if (fing == NULL) + goto loser; + +#ifdef USE_MOZ_THREAD + fing->cert = jar_moz_dup (cert); +#else + fing->cert = CERT_DupCertificate (cert); +#endif + + /* get the certkey */ + + fing->length = cert->certKey.len; + + fing->key = (char *) PORT_ZAlloc (fing->length); + + if (fing->key == NULL) + goto loser; + + PORT_Memcpy (fing->key, cert->certKey.data, fing->length); + + ADDITEM (signer->certs, type, + /* pathname */ NULL, fing, sizeof (JAR_Cert)); + + return 0; + +loser: + + if (fing) + { + if (fing->cert) + CERT_DestroyCertificate (fing->cert); + + PORT_Free (fing); + } + + return JAR_ERR_MEMORY; + } + +/* + * e a t _ l i n e + * + * Consume an ascii line from the top of a file kept + * in memory. This destroys the file in place. This function + * handles PC, Mac, and Unix style text files. + * + */ + +static char ZHUGEP *jar_eat_line + (int lines, int eating, char ZHUGEP *data, long *len) + { + char ZHUGEP *ret; + + ret = data; + if (!*len) return ret; + + /* Eat the requisite number of lines, if any; + prior to terminating the current line with a 0. */ + + for (/* yip */ ; lines; lines--) + { + while (*data && *data != '\n') + data++; + + /* After the CR, ok to eat one LF */ + + if (*data == '\n') + data++; + + /* If there are zeros, we put them there */ + + while (*data == 0 && data - ret < *len) + data++; + } + + *len -= data - ret; + ret = data; + + if (eating) + { + /* Terminate this line with a 0 */ + + while (*data && *data != '\n' && *data != '\r') + data++; + + /* In any case we are allowed to eat CR */ + + if (*data == '\r') + *data++ = 0; + + /* After the CR, ok to eat one LF */ + + if (*data == '\n') + *data++ = 0; + } + + return ret; + } + +/* + * j a r _ d i g e s t _ s e c t i o n + * + * Return the digests of the next section of the manifest file. + * Does not damage the manifest file, unlike parse_manifest. + * + */ + +static JAR_Digest *jar_digest_section + (char ZHUGEP *manifest, long length) + { + long global_len; + char ZHUGEP *global_end; + + global_end = manifest; + global_len = length; + + while (global_len) + { + global_end = jar_eat_line (1, PR_FALSE, global_end, &global_len); + if (*global_end == 0 || *global_end == '\n') + break; + } + + return JAR_calculate_digest (manifest, global_end - manifest); + } + +/* + * J A R _ v e r i f y _ d i g e s t + * + * Verifies that a precalculated digest matches the + * expected value in the manifest. + * + */ + +int PR_CALLBACK JAR_verify_digest + (JAR *jar, const char *name, JAR_Digest *dig) + { + JAR_Item *it; + + JAR_Digest *shindig; + + ZZLink *link; + ZZList *list; + + int result1, result2; + + list = jar->hashes; + + result1 = result2 = 0; + + if (jar->valid < 0) + { + /* signature not valid */ + return JAR_ERR_SIG; + } + + if (ZZ_ListEmpty (list)) + { + /* empty list */ + return JAR_ERR_PNF; + } + + for (link = ZZ_ListHead (list); + !ZZ_ListIterDone (list, link); + link = link->next) + { + it = link->thing; + if (it->type == jarTypeMF + && it->pathname && !PORT_Strcmp (it->pathname, name)) + { + shindig = (JAR_Digest *) it->data; + + if (shindig->md5_status) + { + if (shindig->md5_status == jarHashBad) + return JAR_ERR_HASH; + else + result1 = memcmp (dig->md5, shindig->md5, MD5_LENGTH); + } + + if (shindig->sha1_status) + { + if (shindig->sha1_status == jarHashBad) + return JAR_ERR_HASH; + else + result2 = memcmp (dig->sha1, shindig->sha1, SHA1_LENGTH); + } + + return (result1 == 0 && result2 == 0) ? 0 : JAR_ERR_HASH; + } + } + + return JAR_ERR_PNF; + } + +/* + * J A R _ c e r t _ a t t r i b u t e + * + * Return the named certificate attribute from the + * certificate specified by the given key. + * + */ + +int PR_CALLBACK JAR_cert_attribute + (JAR *jar, jarCert attrib, long keylen, void *key, + void **result, unsigned long *length) + { + int status = 0; + char *ret = NULL; + + CERTCertificate *cert; + + CERTCertDBHandle *certdb; + + JAR_Digest *dig; + SECItem hexme; + + *length = 0; + + if (attrib == 0 || key == 0) + return JAR_ERR_GENERAL; + + if (attrib == jarCertJavaHack) + { + cert = (CERTCertificate *) NULL; + certdb = JAR_open_database(); + + if (certdb) + { +#ifdef USE_MOZ_THREAD + cert = jar_moz_nickname (certdb, (char*)key); +#else + cert = CERT_FindCertByNickname (certdb, key); +#endif + + if (cert) + { + *length = cert->certKey.len; + + *result = (void *) PORT_ZAlloc (*length); + + if (*result) + PORT_Memcpy (*result, cert->certKey.data, *length); + else + return JAR_ERR_MEMORY; + } + JAR_close_database (certdb); + } + + return cert ? 0 : JAR_ERR_GENERAL; + } + + if (jar && jar->pkcs7 == 0) + return JAR_ERR_GENERAL; + + cert = jar_get_certificate (jar, keylen, key, &status); + + if (cert == NULL || status < 0) + return JAR_ERR_GENERAL; + +#define SEP " <br> " +#define SEPLEN (PORT_Strlen(SEP)) + + switch (attrib) + { + case jarCertCompany: + + ret = cert->subjectName; + + /* This is pretty ugly looking but only used + here for this one purpose. */ + + if (ret) + { + int retlen = 0; + + char *cer_ou1, *cer_ou2, *cer_ou3; + char *cer_cn, *cer_e, *cer_o, *cer_l; + + cer_cn = CERT_GetCommonName (&cert->subject); + cer_e = CERT_GetCertEmailAddress (&cert->subject); + cer_ou3 = jar_cert_element (ret, "OU=", 3); + cer_ou2 = jar_cert_element (ret, "OU=", 2); + cer_ou1 = jar_cert_element (ret, "OU=", 1); + cer_o = CERT_GetOrgName (&cert->subject); + cer_l = CERT_GetCountryName (&cert->subject); + + if (cer_cn) retlen += SEPLEN + PORT_Strlen (cer_cn); + if (cer_e) retlen += SEPLEN + PORT_Strlen (cer_e); + if (cer_ou1) retlen += SEPLEN + PORT_Strlen (cer_ou1); + if (cer_ou2) retlen += SEPLEN + PORT_Strlen (cer_ou2); + if (cer_ou3) retlen += SEPLEN + PORT_Strlen (cer_ou3); + if (cer_o) retlen += SEPLEN + PORT_Strlen (cer_o); + if (cer_l) retlen += SEPLEN + PORT_Strlen (cer_l); + + ret = (char *) PORT_ZAlloc (1 + retlen); + + if (cer_cn) { PORT_Strcpy (ret, cer_cn); PORT_Strcat (ret, SEP); } + if (cer_e) { PORT_Strcat (ret, cer_e); PORT_Strcat (ret, SEP); } + if (cer_ou1) { PORT_Strcat (ret, cer_ou1); PORT_Strcat (ret, SEP); } + if (cer_ou2) { PORT_Strcat (ret, cer_ou2); PORT_Strcat (ret, SEP); } + if (cer_ou3) { PORT_Strcat (ret, cer_ou3); PORT_Strcat (ret, SEP); } + if (cer_o) { PORT_Strcat (ret, cer_o); PORT_Strcat (ret, SEP); } + if (cer_l) PORT_Strcat (ret, cer_l); + + /* return here to avoid unsightly memory leak */ + + *result = ret; + *length = PORT_Strlen (ret); + + return 0; + } + break; + + case jarCertCA: + + ret = cert->issuerName; + + if (ret) + { + int retlen = 0; + + char *cer_ou1, *cer_ou2, *cer_ou3; + char *cer_cn, *cer_e, *cer_o, *cer_l; + + /* This is pretty ugly looking but only used + here for this one purpose. */ + + cer_cn = CERT_GetCommonName (&cert->issuer); + cer_e = CERT_GetCertEmailAddress (&cert->issuer); + cer_ou3 = jar_cert_element (ret, "OU=", 3); + cer_ou2 = jar_cert_element (ret, "OU=", 2); + cer_ou1 = jar_cert_element (ret, "OU=", 1); + cer_o = CERT_GetOrgName (&cert->issuer); + cer_l = CERT_GetCountryName (&cert->issuer); + + if (cer_cn) retlen += SEPLEN + PORT_Strlen (cer_cn); + if (cer_e) retlen += SEPLEN + PORT_Strlen (cer_e); + if (cer_ou1) retlen += SEPLEN + PORT_Strlen (cer_ou1); + if (cer_ou2) retlen += SEPLEN + PORT_Strlen (cer_ou2); + if (cer_ou3) retlen += SEPLEN + PORT_Strlen (cer_ou3); + if (cer_o) retlen += SEPLEN + PORT_Strlen (cer_o); + if (cer_l) retlen += SEPLEN + PORT_Strlen (cer_l); + + ret = (char *) PORT_ZAlloc (1 + retlen); + + if (cer_cn) { PORT_Strcpy (ret, cer_cn); PORT_Strcat (ret, SEP); } + if (cer_e) { PORT_Strcat (ret, cer_e); PORT_Strcat (ret, SEP); } + if (cer_ou1) { PORT_Strcat (ret, cer_ou1); PORT_Strcat (ret, SEP); } + if (cer_ou2) { PORT_Strcat (ret, cer_ou2); PORT_Strcat (ret, SEP); } + if (cer_ou3) { PORT_Strcat (ret, cer_ou3); PORT_Strcat (ret, SEP); } + if (cer_o) { PORT_Strcat (ret, cer_o); PORT_Strcat (ret, SEP); } + if (cer_l) PORT_Strcat (ret, cer_l); + + /* return here to avoid unsightly memory leak */ + + *result = ret; + *length = PORT_Strlen (ret); + + return 0; + } + + break; + + case jarCertSerial: + + ret = CERT_Hexify (&cert->serialNumber, 1); + break; + + case jarCertExpires: + + ret = DER_UTCDayToAscii (&cert->validity.notAfter); + break; + + case jarCertNickname: + + ret = jar_choose_nickname (cert); + break; + + case jarCertFinger: + + dig = JAR_calculate_digest + ((char *) cert->derCert.data, cert->derCert.len); + + if (dig) + { + hexme.len = sizeof (dig->md5); + hexme.data = dig->md5; + ret = CERT_Hexify (&hexme, 1); + } + break; + + default: + + return JAR_ERR_GENERAL; + } + + *result = ret ? PORT_Strdup (ret) : NULL; + *length = ret ? PORT_Strlen (ret) : 0; + + return 0; + } + +/* + * j a r _ c e r t _ e l e m e n t + * + * Retrieve an element from an x400ish ascii + * designator, in a hackish sort of way. The right + * thing would probably be to sort AVATags. + * + */ + +static char *jar_cert_element (char *name, char *tag, int occ) + { + if (name && tag) + { + char *s; + int found = 0; + + while (occ--) + { + if (PORT_Strstr (name, tag)) + { + name = PORT_Strstr (name, tag) + PORT_Strlen (tag); + found = 1; + } + else + { + name = PORT_Strstr (name, "="); + if (name == NULL) return NULL; + found = 0; + } + } + + if (!found) return NULL; + + /* must mangle only the copy */ + name = PORT_Strdup (name); + + /* advance to next equal */ + for (s = name; *s && *s != '='; s++) + /* yip */ ; + + /* back up to previous comma */ + while (s > name && *s != ',') s--; + + /* zap the whitespace and return */ + *s = 0; + } + + return name; + } + +/* + * j a r _ c h o o s e _ n i c k n a m e + * + * Attempt to determine a suitable nickname for + * a certificate with a computer-generated "tmpcertxxx" + * nickname. It needs to be something a user can + * understand, so try a few things. + * + */ + +static char *jar_choose_nickname (CERTCertificate *cert) + { + char *cert_cn; + char *cert_o; + char *cert_cn_o; + + int cn_o_length; + + /* is the existing name ok */ + + if (cert->nickname && PORT_Strncmp (cert->nickname, "tmpcert", 7)) + return PORT_Strdup (cert->nickname); + + /* we have an ugly name here people */ + + /* Try the CN */ + cert_cn = CERT_GetCommonName (&cert->subject); + + if (cert_cn) + { + /* check for duplicate nickname */ + +#ifdef USE_MOZ_THREAD + if (jar_moz_nickname (CERT_GetDefaultCertDB(), cert_cn) == NULL) +#else + if (CERT_FindCertByNickname (CERT_GetDefaultCertDB(), cert_cn) == NULL) +#endif + return cert_cn; + + /* Try the CN plus O */ + cert_o = CERT_GetOrgName (&cert->subject); + + cn_o_length = PORT_Strlen (cert_cn) + 3 + PORT_Strlen (cert_o) + 20; + cert_cn_o = (char*)PORT_ZAlloc (cn_o_length); + + PR_snprintf (cert_cn_o, cn_o_length, + "%s's %s Certificate", cert_cn, cert_o); + +#ifdef USE_MOZ_THREAD + if (jar_moz_nickname (CERT_GetDefaultCertDB(), cert_cn_o) == NULL) +#else + if (CERT_FindCertByNickname (CERT_GetDefaultCertDB(), cert_cn_o) == NULL) +#endif + return cert_cn; + } + + /* If all that failed, use the ugly nickname */ + return cert->nickname ? PORT_Strdup (cert->nickname) : NULL; + } + +/* + * J A R _ c e r t _ h t m l + * + * Return an HTML representation of the certificate + * designated by the given fingerprint, in specified style. + * + * JAR is optional, but supply it if you can in order + * to optimize. + * + */ + +char *JAR_cert_html + (JAR *jar, int style, long keylen, void *key, int *result) + { + char *html; + CERTCertificate *cert; + + *result = -1; + + if (style != 0) + return NULL; + + cert = jar_get_certificate (jar, keylen, key, result); + + if (cert == NULL || *result < 0) + return NULL; + + *result = 0; + + html = CERT_HTMLCertInfo (cert, /* show images */ PR_TRUE, + /*show issuer*/PR_TRUE); + + if (html == NULL) + *result = -1; + + return html; + } + +/* + * J A R _ s t a s h _ c e r t + * + * Stash the certificate pointed to by this + * fingerprint, in persistent storage somewhere. + * + */ + +extern int PR_CALLBACK JAR_stash_cert + (JAR *jar, long keylen, void *key) + { + int result = 0; + + char *nickname; + CERTCertTrust trust; + + CERTCertDBHandle *certdb; + CERTCertificate *cert, *newcert; + + cert = jar_get_certificate (jar, keylen, key, &result); + + if (result < 0) + return result; + + if (cert == NULL) + return JAR_ERR_GENERAL; + + if ((certdb = JAR_open_database()) == NULL) + return JAR_ERR_GENERAL; + + /* Attempt to give a name to the newish certificate */ + nickname = jar_choose_nickname (cert); + +#ifdef USE_MOZ_THREAD + newcert = jar_moz_nickname (certdb, nickname); +#else + newcert = CERT_FindCertByNickname (certdb, nickname); +#endif + + if (newcert && newcert->isperm) + { + /* already in permanant database */ + return 0; + } + + if (newcert) cert = newcert; + + /* FIX, since FindCert returns a bogus dbhandle + set it ourselves */ + + cert->dbhandle = certdb; + +#if 0 + nickname = cert->subjectName; + if (nickname) + { + /* Not checking for a conflict here. But this should + be a new cert or it would have been found earlier. */ + + nickname = jar_cert_element (nickname, "CN=", 1); + + if (SEC_CertNicknameConflict (nickname, cert->dbhandle)) + { + /* conflict */ + nickname = PORT_Realloc (&nickname, PORT_Strlen (nickname) + 3); + + /* Beyond one copy, there are probably serious problems + so we will stop at two rather than counting.. */ + + PORT_Strcat (nickname, " #2"); + } + } +#endif + + if (nickname != NULL) + { + PORT_Memset ((void *) &trust, 0, sizeof(trust)); + +#ifdef USE_MOZ_THREAD + if (jar_moz_perm (cert, nickname, &trust) != SECSuccess) +#else + if (CERT_AddTempCertToPerm (cert, nickname, &trust) != SECSuccess) +#endif + { + /* XXX might want to call PORT_GetError here */ + result = JAR_ERR_GENERAL; + } + } + + JAR_close_database (certdb); + + return result; + } + +/* + * J A R _ f e t c h _ c e r t + * + * Given an opaque identifier of a certificate, + * return the full certificate. + * + * The new function, which retrieves by key. + * + */ + +void *JAR_fetch_cert (long length, void *key) + { + SECItem seckey; + CERTCertificate *cert = NULL; + + CERTCertDBHandle *certdb; + + certdb = JAR_open_database(); + + if (certdb) + { + seckey.len = length; + seckey.data = (unsigned char*)key; + +#ifdef USE_MOZ_THREAD + cert = jar_moz_certkey (certdb, &seckey); +#else + cert = CERT_FindCertByKey (certdb, &seckey); +#endif + + JAR_close_database (certdb); + } + + return (void *) cert; + } + +/* + * j a r _ g e t _ m f _ d i g e s t + * + * Retrieve a corresponding saved digest over a section + * of the main manifest file. + * + */ + +static JAR_Digest *jar_get_mf_digest (JAR *jar, char *pathname) + { + JAR_Item *it; + + JAR_Digest *dig; + + ZZLink *link; + ZZList *list; + + list = jar->manifest; + + if (ZZ_ListEmpty (list)) + return NULL; + + for (link = ZZ_ListHead (list); + !ZZ_ListIterDone (list, link); + link = link->next) + { + it = link->thing; + if (it->type == jarTypeSect + && it->pathname && !PORT_Strcmp (it->pathname, pathname)) + { + dig = (JAR_Digest *) it->data; + return dig; + } + } + + return NULL; + } + +/* + * j a r _ b a s e n a m e + * + * Return the basename -- leading components of path stripped off, + * extension ripped off -- of a path. + * + */ + +static char *jar_basename (const char *path) + { + char *pith, *e, *basename, *ext; + + if (path == NULL) + return PORT_Strdup (""); + + pith = PORT_Strdup (path); + + basename = pith; + + while (1) + { + for (e = basename; *e && *e != '/' && *e != '\\'; e++) + /* yip */ ; + if (*e) + basename = ++e; + else + break; + } + + if ((ext = PORT_Strrchr (basename, '.')) != NULL) + *ext = 0; + + /* We already have the space allocated */ + PORT_Strcpy (pith, basename); + + return pith; + } + +/* + * + + + + + + + + + + + + + + + + * + * CRYPTO ROUTINES FOR JAR + * + * The following functions are the cryptographic + * interface to PKCS7 for Jarnatures. + * + * + + + + + + + + + + + + + + + + * + */ + +/* + * j a r _ c a t c h _ b y t e s + * + * In the event signatures contain enveloped data, it will show up here. + * But note that the lib/pkcs7 routines aren't ready for it. + * + */ + +static void jar_catch_bytes + (void *arg, const char *buf, unsigned long len) + { + /* Actually this should never be called, since there is + presumably no data in the signature itself. */ + } + +/* + * j a r _ v a l i d a t e _ p k c s 7 + * + * Validate (and decode, if necessary) a binary pkcs7 + * signature in DER format. + * + */ + +static int jar_validate_pkcs7 + (JAR *jar, JAR_Signer *signer, char *data, long length) + { + SECItem detdig; + + SEC_PKCS7ContentInfo *cinfo; + SEC_PKCS7DecoderContext *dcx; + + int status = 0; + char *errstring = NULL; + + PORT_Assert( jar != NULL && signer != NULL ); + + if (jar == NULL || signer == NULL) + return JAR_ERR_ORDER; + + signer->valid = JAR_ERR_SIG; + + /* We need a context if we can get one */ + +#ifdef MOZILLA_CLIENT_OLD + if (jar->mw == NULL) { + JAR_set_context (jar, NULL); + } +#endif + + + dcx = SEC_PKCS7DecoderStart + (jar_catch_bytes, NULL /*cb_arg*/, NULL /*getpassword*/, jar->mw, + NULL, NULL, NULL); + + if (dcx != NULL) + { + SEC_PKCS7DecoderUpdate (dcx, data, length); + cinfo = SEC_PKCS7DecoderFinish (dcx); + } + + if (cinfo == NULL) + { + /* strange pkcs7 failure */ + return JAR_ERR_PK7; + } + + if (SEC_PKCS7ContentIsEncrypted (cinfo)) + { + /* content was encrypted, fail */ + return JAR_ERR_PK7; + } + + if (SEC_PKCS7ContentIsSigned (cinfo) == PR_FALSE) + { + /* content was not signed, fail */ + return JAR_ERR_PK7; + } + + PORT_SetError (0); + + /* use SHA1 only */ + + detdig.len = SHA1_LENGTH; + detdig.data = signer->digest->sha1; + +#ifdef USE_MOZ_THREAD + if (jar_moz_verify + (cinfo, certUsageObjectSigner, &detdig, HASH_AlgSHA1, PR_FALSE)== + SECSuccess) +#else + if (SEC_PKCS7VerifyDetachedSignature + (cinfo, certUsageObjectSigner, &detdig, HASH_AlgSHA1, PR_FALSE)== + PR_TRUE) +#endif + { + /* signature is valid */ + signer->valid = 0; + jar_gather_signers (jar, signer, cinfo); + } + else + { + status = PORT_GetError(); + + PORT_Assert( status < 0 ); + if (status >= 0) status = JAR_ERR_SIG; + + jar->valid = status; + signer->valid = status; + + errstring = JAR_get_error (status); + /*XP_TRACE(("JAR signature invalid (reason %d = %s)", status, errstring));*/ + } + + jar->pkcs7 = PR_TRUE; + signer->pkcs7 = PR_TRUE; + + SEC_PKCS7DestroyContentInfo (cinfo); + + return status; + } + +/* + * j a r _ g a t h e r _ s i g n e r s + * + * Add the single signer of this signature to the + * certificate linked list. + * + */ + +static int jar_gather_signers + (JAR *jar, JAR_Signer *signer, SEC_PKCS7ContentInfo *cinfo) + { + int result; + + CERTCertificate *cert; + CERTCertDBHandle *certdb; + + SEC_PKCS7SignedData *sdp; + SEC_PKCS7SignerInfo **pksigners, *pksigner; + + sdp = cinfo->content.signedData; + + if (sdp == NULL) + return JAR_ERR_PK7; + + pksigners = sdp->signerInfos; + + /* permit exactly one signer */ + + if (pksigners == NULL || pksigners [0] == NULL || pksigners [1] != NULL) + return JAR_ERR_PK7; + + pksigner = *pksigners; + cert = pksigner->cert; + + if (cert == NULL) + return JAR_ERR_PK7; + + certdb = JAR_open_database(); + + if (certdb == NULL) + return JAR_ERR_GENERAL; + + result = jar_add_cert (jar, signer, jarTypeSign, cert); + + JAR_close_database (certdb); + + return result; + } + +/* + * j a r _ o p e n _ d a t a b a s e + * + * Open the certificate database, + * for use by JAR functions. + * + */ + +CERTCertDBHandle *JAR_open_database (void) + { + int keepcerts = 0; + CERTCertDBHandle *certdb; + + /* local_certdb will only be used if calling from a command line tool */ + static CERTCertDBHandle local_certdb; + + certdb = CERT_GetDefaultCertDB(); + + if (certdb == NULL) + { + if (CERT_OpenCertDBFilename (&local_certdb, NULL, (PRBool)!keepcerts) != + SECSuccess) + { + return NULL; + } + certdb = &local_certdb; + } + + return certdb; + } + +/* + * j a r _ c l o s e _ d a t a b a s e + * + * Close the certificate database. + * For use by JAR functions. + * + */ + +int JAR_close_database (CERTCertDBHandle *certdb) + { + CERTCertDBHandle *defaultdb; + + /* This really just retrieves the handle, nothing more */ + defaultdb = CERT_GetDefaultCertDB(); + + /* If there is no default db, it means we opened + the permanent database for some reason */ + + if (defaultdb == NULL && certdb != NULL) + CERT_ClosePermCertDB (certdb); + + return 0; + } + +/* + * j a r _ g e t _ c e r t i f i c a t e + * + * Return the certificate referenced + * by a given fingerprint, or NULL if not found. + * Error code is returned in result. + * + */ + +static CERTCertificate *jar_get_certificate + (JAR *jar, long keylen, void *key, int *result) + { + int found = 0; + + JAR_Item *it; + JAR_Cert *fing; + + JAR_Context *ctx; + + if (jar == NULL) + { + void *cert; + cert = JAR_fetch_cert (keylen, key); + *result = (cert == NULL) ? JAR_ERR_GENERAL : 0; + return (CERTCertificate *) cert; + } + + ctx = JAR_find (jar, NULL, jarTypeSign); + + while (JAR_find_next (ctx, &it) >= 0) + { + fing = (JAR_Cert *) it->data; + + if (keylen != fing->length) + continue; + + PORT_Assert( keylen < 0xFFFF ); + if (!PORT_Memcmp (fing->key, key, keylen)) + { + found = 1; + break; + } + } + + JAR_find_end (ctx); + + if (found == 0) + { + *result = JAR_ERR_GENERAL; + return NULL; + } + + *result = 0; + return fing->cert; + } + +/* + * j a r _ s i g n a l + * + * Nonfatal errors come here to callback Java. + * + */ + +static int jar_signal + (int status, JAR *jar, const char *metafile, char *pathname) + { + char *errstring; + + errstring = JAR_get_error (status); + + if (jar->signal) + { + (*jar->signal) (status, jar, metafile, pathname, errstring); + return 0; + } + + return status; + } + +/* + * j a r _ a p p e n d + * + * Tack on an element to one of a JAR's linked + * lists, with rudimentary error handling. + * + */ + +int jar_append (ZZList *list, int type, + char *pathname, void *data, size_t size) + { + JAR_Item *it; + ZZLink *entity; + + it = (JAR_Item*)PORT_ZAlloc (sizeof (JAR_Item)); + + if (it == NULL) + goto loser; + + if (pathname) + { + it->pathname = PORT_Strdup (pathname); + if (it->pathname == NULL) + goto loser; + } + + it->type = (jarType)type; + it->data = (unsigned char *) data; + it->size = size; + + entity = ZZ_NewLink (it); + + if (entity) + { + ZZ_AppendLink (list, entity); + return 0; + } + +loser: + + if (it) + { + if (it->pathname) PORT_Free (it->pathname); + PORT_Free (it); + } + + return JAR_ERR_MEMORY; + } + +/* + * W I N 1 6 s t u f f + * + * These functions possibly belong in xp_mem.c, they operate + * on huge string pointers for win16. + * + */ + +#if defined(XP_WIN16) +int xp_HUGE_STRNCASECMP (char ZHUGEP *buf, char *key, int len) + { + while (len--) + { + char c1, c2; + + c1 = *buf++; + c2 = *key++; + + if (c1 >= 'a' && c1 <= 'z') c1 -= ('a' - 'A'); + if (c2 >= 'a' && c2 <= 'z') c2 -= ('a' - 'A'); + + if (c1 != c2) + return (c1 < c2) ? -1 : 1; + } + return 0; + } + +size_t xp_HUGE_STRLEN (char ZHUGEP *s) + { + size_t len = 0L; + while (*s++) len++; + return len; + } + +char *xp_HUGE_STRCPY (char *to, char ZHUGEP *from) + { + char *ret = to; + + while (*from) + *to++ = *from++; + *to = 0; + + return ret; + } +#endif diff --git a/security/nss/lib/pk11wrap/pk11skey.c b/security/nss/lib/pk11wrap/pk11skey.c new file mode 100644 index 000000000..12489b889 --- /dev/null +++ b/security/nss/lib/pk11wrap/pk11skey.c @@ -0,0 +1,4866 @@ +/* + * The contents of this file are subject to the Mozilla Public + * License Version 1.1 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a copy of + * the License at http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS + * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or + * implied. See the License for the specific language governing + * rights and limitations under the License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is Netscape + * Communications Corporation. Portions created by Netscape are + * Copyright (C) 1994-2000 Netscape Communications Corporation. All + * Rights Reserved. + * + * Contributor(s): + * + * Alternatively, the contents of this file may be used under the + * terms of the GNU General Public License Version 2 or later (the + * "GPL"), in which case the provisions of the GPL are applicable + * instead of those above. If you wish to allow use of your + * version of this file only under the terms of the GPL and not to + * allow others to use your version of this file under the MPL, + * indicate your decision by deleting the provisions above and + * replace them with the notice and other provisions required by + * the GPL. If you do not delete the provisions above, a recipient + * may use your version of this file under either the MPL or the + * GPL. + */ +/* + * This file implements the Symkey wrapper and the PKCS context + * Interfaces. + */ + +#include "seccomon.h" +#include "secmod.h" +#include "prlock.h" +#include "secmodi.h" +#include "pkcs11.h" +#include "pk11func.h" +#include "secitem.h" +#include "key.h" +#include "secoid.h" +#include "secasn1.h" +#include "sechash.h" +#include "cert.h" +#include "secerr.h" + +#define PAIRWISE_SECITEM_TYPE siBuffer +#define PAIRWISE_DIGEST_LENGTH SHA1_LENGTH /* 160-bits */ +#define PAIRWISE_MESSAGE_LENGTH 20 /* 160-bits */ + +/* forward static declarations. */ +static PK11SymKey *pk11_DeriveWithTemplate(PK11SymKey *baseKey, + CK_MECHANISM_TYPE derive, SECItem *param, CK_MECHANISM_TYPE target, + CK_ATTRIBUTE_TYPE operation, int keySize, CK_ATTRIBUTE *userAttr, + unsigned int numAttrs); + + +/* + * strip leading zero's from key material + */ +void +pk11_SignedToUnsigned(CK_ATTRIBUTE *attrib) { + char *ptr = (char *)attrib->pValue; + unsigned long len = attrib->ulValueLen; + + while (len && (*ptr == 0)) { + len--; + ptr++; + } + attrib->pValue = ptr; + attrib->ulValueLen = len; +} + +/* + * get a new session on a slot. If we run out of session, use the slot's + * 'exclusive' session. In this case owner becomes false. + */ +static CK_SESSION_HANDLE +pk11_GetNewSession(PK11SlotInfo *slot,PRBool *owner) +{ + CK_SESSION_HANDLE session; + *owner = PR_TRUE; + if (!slot->isThreadSafe) PK11_EnterSlotMonitor(slot); + if ( PK11_GETTAB(slot)->C_OpenSession(slot->slotID,CKF_SERIAL_SESSION, + slot,pk11_notify,&session) != CKR_OK) { + *owner = PR_FALSE; + session = slot->session; + } + if (!slot->isThreadSafe) PK11_ExitSlotMonitor(slot); + + return session; +} + +static void +pk11_CloseSession(PK11SlotInfo *slot,CK_SESSION_HANDLE session,PRBool owner) +{ + if (!owner) return; + if (!slot->isThreadSafe) PK11_EnterSlotMonitor(slot); + (void) PK11_GETTAB(slot)->C_CloseSession(session); + if (!slot->isThreadSafe) PK11_ExitSlotMonitor(slot); +} + + +SECStatus +PK11_CreateNewObject(PK11SlotInfo *slot, CK_SESSION_HANDLE session, + CK_ATTRIBUTE *theTemplate, int count, + PRBool token, CK_OBJECT_HANDLE *objectID) +{ + CK_SESSION_HANDLE rwsession; + CK_RV crv; + SECStatus rv = SECSuccess; + + rwsession = session; + if (rwsession == CK_INVALID_SESSION) { + if (token) { + rwsession = PK11_GetRWSession(slot); + } else { + rwsession = slot->session; + PK11_EnterSlotMonitor(slot); + } + } + crv = PK11_GETTAB(slot)->C_CreateObject(rwsession, theTemplate, + count,objectID); + if(crv != CKR_OK) { + PORT_SetError( PK11_MapError(crv) ); + rv = SECFailure; + } + + if (session == CK_INVALID_SESSION) { + if (token) { + PK11_RestoreROSession(slot, rwsession); + } else { + PK11_ExitSlotMonitor(slot); + } + } + + return rv; +} + +static void +pk11_EnterKeyMonitor(PK11SymKey *symKey) { + if (!symKey->sessionOwner || !(symKey->slot->isThreadSafe)) + PK11_EnterSlotMonitor(symKey->slot); +} + +static void +pk11_ExitKeyMonitor(PK11SymKey *symKey) { + if (!symKey->sessionOwner || !(symKey->slot->isThreadSafe)) + PK11_ExitSlotMonitor(symKey->slot); +} + + +static PK11SymKey *pk11SymKeyHead = NULL; +static PK11SymKey * +pk11_getKeyFromList(PK11SlotInfo *slot) { + PK11SymKey *symKey = NULL; + + + PK11_USE_THREADS(PR_Lock(slot->freeListLock);) + if (slot->freeSymKeysHead) { + symKey = slot->freeSymKeysHead; + slot->freeSymKeysHead = symKey->next; + slot->keyCount--; + } + PK11_USE_THREADS(PR_Unlock(slot->freeListLock);) + if (symKey) { + symKey->next = NULL; + if (!symKey->sessionOwner) + symKey->session = pk11_GetNewSession(slot,&symKey->sessionOwner); + return symKey; + } + + symKey = (PK11SymKey *)PORT_ZAlloc(sizeof(PK11SymKey)); + if (symKey == NULL) { + return NULL; + } + symKey->refLock = PR_NewLock(); + if (symKey->refLock == NULL) { + PORT_Free(symKey); + return NULL; + } + symKey->session = pk11_GetNewSession(slot,&symKey->sessionOwner); + symKey->next = NULL; + return symKey; +} + +void +PK11_CleanKeyList(PK11SlotInfo *slot) +{ + PK11SymKey *symKey = NULL; + + while (slot->freeSymKeysHead) { + symKey = slot->freeSymKeysHead; + slot->freeSymKeysHead = symKey->next; + pk11_CloseSession(symKey->slot, symKey->session,symKey->sessionOwner); + PK11_USE_THREADS(PR_DestroyLock(symKey->refLock);) + PORT_Free(symKey); + }; + return; +} + +/* + * create a symetric key: + * Slot is the slot to create the key in. + * type is the mechainism type + */ +PK11SymKey * +PK11_CreateSymKey(PK11SlotInfo *slot, CK_MECHANISM_TYPE type, void *wincx) +{ + + PK11SymKey *symKey = pk11_getKeyFromList(slot); + + + if (symKey == NULL) { + return NULL; + } + + symKey->type = type; + symKey->data.data = NULL; + symKey->data.len = 0; + symKey->owner = PR_TRUE; + symKey->objectID = CK_INVALID_KEY; + symKey->slot = slot; + symKey->series = slot->series; + symKey->cx = wincx; + symKey->size = 0; + symKey->refCount = 1; + symKey->origin = PK11_OriginNULL; + symKey->origin = PK11_OriginNULL; + PK11_ReferenceSlot(slot); + return symKey; +} + +/* + * destroy a symetric key + */ +void +PK11_FreeSymKey(PK11SymKey *symKey) +{ + PRBool destroy = PR_FALSE; + PK11SlotInfo *slot; + PRBool freeit = PR_TRUE; + + PK11_USE_THREADS(PR_Lock(symKey->refLock);) + if (symKey->refCount-- == 1) { + destroy= PR_TRUE; + } + PK11_USE_THREADS(PR_Unlock(symKey->refLock);) + if (destroy) { + if ((symKey->owner) && symKey->objectID != CK_INVALID_KEY) { + pk11_EnterKeyMonitor(symKey); + (void) PK11_GETTAB(symKey->slot)-> + C_DestroyObject(symKey->session, symKey->objectID); + pk11_ExitKeyMonitor(symKey); + } + if (symKey->data.data) { + PORT_Memset(symKey->data.data, 0, symKey->data.len); + PORT_Free(symKey->data.data); + } + slot = symKey->slot; + PK11_USE_THREADS(PR_Lock(slot->freeListLock);) + if (slot->keyCount < slot->maxKeyCount) { + symKey->next = slot->freeSymKeysHead; + slot->freeSymKeysHead = symKey; + slot->keyCount++; + symKey->slot = NULL; + freeit = PR_FALSE; + } + PK11_USE_THREADS(PR_Unlock(slot->freeListLock);) + if (freeit) { + pk11_CloseSession(symKey->slot, symKey->session, + symKey->sessionOwner); + PK11_USE_THREADS(PR_DestroyLock(symKey->refLock);) + PORT_Free(symKey); + } + PK11_FreeSlot(slot); + } +} + +PK11SymKey * +PK11_ReferenceSymKey(PK11SymKey *symKey) +{ + PK11_USE_THREADS(PR_Lock(symKey->refLock);) + symKey->refCount++; + PK11_USE_THREADS(PR_Unlock(symKey->refLock);) + return symKey; +} + +/* + * turn key handle into an appropriate key object + */ +PK11SymKey * +PK11_SymKeyFromHandle(PK11SlotInfo *slot, PK11SymKey *parent, PK11Origin origin, + CK_MECHANISM_TYPE type, CK_OBJECT_HANDLE keyID, PRBool owner, void *wincx) +{ + PK11SymKey *symKey; + + if (keyID == CK_INVALID_KEY) { + return NULL; + } + + symKey = PK11_CreateSymKey(slot,type,wincx); + if (symKey == NULL) { + return NULL; + } + + symKey->objectID = keyID; + symKey->origin = origin; + symKey->owner = owner; + + /* adopt the parent's session */ + /* This is only used by SSL. What we really want here is a session + * structure with a ref count so the session goes away only after all the + * keys do. */ + if (owner && parent) { + pk11_CloseSession(symKey->slot, symKey->session,symKey->sessionOwner); + symKey->sessionOwner = parent->sessionOwner; + symKey->session = parent->session; + parent->sessionOwner = PR_FALSE; + } + + return symKey; +} + +/* + * turn key handle into an appropriate key object + */ +PK11SymKey * +PK11_GetWrapKey(PK11SlotInfo *slot, int wrap, CK_MECHANISM_TYPE type, + int series, void *wincx) +{ + PK11SymKey *symKey = NULL; + + if (slot->series != series) return NULL; + if (slot->refKeys[wrap] == CK_INVALID_KEY) return NULL; + if (type == CKM_INVALID_MECHANISM) type = slot->wrapMechanism; + + symKey = PK11_SymKeyFromHandle(slot, NULL, PK11_OriginDerive, + slot->wrapMechanism, slot->refKeys[wrap], PR_FALSE, wincx); + return symKey; +} + +void +PK11_SetWrapKey(PK11SlotInfo *slot, int wrap, PK11SymKey *wrapKey) +{ + /* save the handle and mechanism for the wrapping key */ + /* mark the key and session as not owned by us to they don't get freed + * when the key goes way... that lets us reuse the key later */ + slot->refKeys[wrap] = wrapKey->objectID; + wrapKey->owner = PR_FALSE; + wrapKey->sessionOwner = PR_FALSE; + slot->wrapMechanism = wrapKey->type; +} + +CK_MECHANISM_TYPE +PK11_GetMechanism(PK11SymKey *symKey) +{ + return symKey->type; +} + +/* + * figure out if a key is still valid or if it is stale. + */ +PRBool +PK11_VerifyKeyOK(PK11SymKey *key) { + if (!PK11_IsPresent(key->slot)) { + return PR_FALSE; + } + return (PRBool)(key->series == key->slot->series); +} + +static PK11SymKey * +pk11_ImportSymKeyWithTempl(PK11SlotInfo *slot, CK_MECHANISM_TYPE type, + PK11Origin origin, CK_ATTRIBUTE *keyTemplate, + unsigned int templateCount, SECItem *key, void *wincx) +{ + PK11SymKey * symKey; + SECStatus rv; + + symKey = PK11_CreateSymKey(slot,type,wincx); + if (symKey == NULL) { + return NULL; + } + + symKey->size = key->len; + + PK11_SETATTRS(&keyTemplate[templateCount], CKA_VALUE, key->data, key->len); + templateCount++; + + if (SECITEM_CopyItem(NULL,&symKey->data,key) != SECSuccess) { + PK11_FreeSymKey(symKey); + return NULL; + } + + symKey->origin = origin; + + /* import the keys */ + rv = PK11_CreateNewObject(slot, symKey->session, keyTemplate, + templateCount, PR_FALSE, &symKey->objectID); + if ( rv != SECSuccess) { + PK11_FreeSymKey(symKey); + return NULL; + } + + return symKey; +} + +/* + * turn key bits into an appropriate key object + */ +PK11SymKey * +PK11_ImportSymKey(PK11SlotInfo *slot, CK_MECHANISM_TYPE type, + PK11Origin origin, CK_ATTRIBUTE_TYPE operation, SECItem *key,void *wincx) +{ + PK11SymKey * symKey; + unsigned int templateCount = 0; + CK_OBJECT_CLASS keyClass = CKO_SECRET_KEY; + CK_KEY_TYPE keyType = CKK_GENERIC_SECRET; + CK_BBOOL cktrue = CK_TRUE; /* sigh */ + CK_ATTRIBUTE keyTemplate[5]; + CK_ATTRIBUTE * attrs = keyTemplate; + + PK11_SETATTRS(attrs, CKA_CLASS, &keyClass, sizeof(keyClass) ); attrs++; + PK11_SETATTRS(attrs, CKA_KEY_TYPE, &keyType, sizeof(keyType) ); attrs++; + PK11_SETATTRS(attrs, operation, &cktrue, 1); attrs++; + /* PK11_SETATTRS(attrs, CKA_VALUE, key->data, key->len); attrs++; */ + templateCount = attrs - keyTemplate; + PR_ASSERT(templateCount <= sizeof(keyTemplate)/sizeof(CK_ATTRIBUTE)); + + keyType = PK11_GetKeyType(type,key->len); + symKey = pk11_ImportSymKeyWithTempl(slot, type, origin, keyTemplate, + templateCount, key, wincx); + return symKey; +} + +/* + * import a public key into the desired slot + */ +CK_OBJECT_HANDLE +PK11_ImportPublicKey(PK11SlotInfo *slot, SECKEYPublicKey *pubKey, + PRBool isToken) +{ + CK_BBOOL cktrue = CK_TRUE; + CK_BBOOL ckfalse = CK_FALSE; + CK_OBJECT_CLASS keyClass = CKO_PUBLIC_KEY; + CK_KEY_TYPE keyType = CKK_GENERIC_SECRET; + CK_OBJECT_HANDLE objectID; + CK_ATTRIBUTE theTemplate[10]; + CK_ATTRIBUTE *signedattr = NULL; + CK_ATTRIBUTE *attrs = theTemplate; + int signedcount = 0; + int templateCount = 0; + SECStatus rv; + + /* if we already have an object in the desired slot, use it */ + if (!isToken && pubKey->pkcs11Slot == slot) { + return pubKey->pkcs11ID; + } + + /* free the existing key */ + if (pubKey->pkcs11Slot != NULL) { + PK11SlotInfo *oSlot = pubKey->pkcs11Slot; + PK11_EnterSlotMonitor(oSlot); + (void) PK11_GETTAB(oSlot)->C_DestroyObject(oSlot->session, + pubKey->pkcs11ID); + PK11_ExitSlotMonitor(oSlot); + PK11_FreeSlot(oSlot); + pubKey->pkcs11Slot = NULL; + } + PK11_SETATTRS(attrs, CKA_CLASS, &keyClass, sizeof(keyClass) ); attrs++; + PK11_SETATTRS(attrs, CKA_KEY_TYPE, &keyType, sizeof(keyType) ); attrs++; + PK11_SETATTRS(attrs, CKA_TOKEN, isToken ? &cktrue : &ckfalse, + sizeof(CK_BBOOL) ); attrs++; + + /* now import the key */ + { + switch (pubKey->keyType) { + case rsaKey: + keyType = CKK_RSA; + PK11_SETATTRS(attrs, CKA_WRAP, &cktrue, sizeof(CK_BBOOL) ); attrs++; + PK11_SETATTRS(attrs, CKA_ENCRYPT, &cktrue, + sizeof(CK_BBOOL) ); attrs++; + PK11_SETATTRS(attrs, CKA_VERIFY, &cktrue, sizeof(CK_BBOOL)); attrs++; + signedattr = attrs; + PK11_SETATTRS(attrs, CKA_MODULUS, pubKey->u.rsa.modulus.data, + pubKey->u.rsa.modulus.len); attrs++; + PK11_SETATTRS(attrs, CKA_PUBLIC_EXPONENT, + pubKey->u.rsa.publicExponent.data, + pubKey->u.rsa.publicExponent.len); attrs++; + break; + case dsaKey: + keyType = CKK_DSA; + PK11_SETATTRS(attrs, CKA_VERIFY, &cktrue, sizeof(CK_BBOOL));attrs++; + signedattr = attrs; + PK11_SETATTRS(attrs, CKA_PRIME, pubKey->u.dsa.params.prime.data, + pubKey->u.dsa.params.prime.len); attrs++; + PK11_SETATTRS(attrs,CKA_SUBPRIME,pubKey->u.dsa.params.subPrime.data, + pubKey->u.dsa.params.subPrime.len); attrs++; + PK11_SETATTRS(attrs, CKA_BASE, pubKey->u.dsa.params.base.data, + pubKey->u.dsa.params.base.len); attrs++; + PK11_SETATTRS(attrs, CKA_VALUE, pubKey->u.dsa.publicValue.data, + pubKey->u.dsa.publicValue.len); attrs++; + break; + case fortezzaKey: + keyType = CKK_DSA; + PK11_SETATTRS(attrs, CKA_VERIFY, &cktrue, sizeof(CK_BBOOL));attrs++; + signedattr = attrs; + PK11_SETATTRS(attrs, CKA_PRIME,pubKey->u.fortezza.params.prime.data, + pubKey->u.fortezza.params.prime.len); attrs++; + PK11_SETATTRS(attrs,CKA_SUBPRIME, + pubKey->u.fortezza.params.subPrime.data, + pubKey->u.fortezza.params.subPrime.len);attrs++; + PK11_SETATTRS(attrs, CKA_BASE, pubKey->u.fortezza.params.base.data, + pubKey->u.fortezza.params.base.len); attrs++; + PK11_SETATTRS(attrs, CKA_VALUE, pubKey->u.fortezza.DSSKey.data, + pubKey->u.fortezza.DSSKey.len); attrs++; + break; + case dhKey: + keyType = CKK_DH; + PK11_SETATTRS(attrs, CKA_DERIVE, &cktrue, sizeof(CK_BBOOL));attrs++; + signedattr = attrs; + PK11_SETATTRS(attrs, CKA_PRIME, pubKey->u.dh.prime.data, + pubKey->u.dh.prime.len); attrs++; + PK11_SETATTRS(attrs, CKA_BASE, pubKey->u.dh.base.data, + pubKey->u.dh.base.len); attrs++; + PK11_SETATTRS(attrs, CKA_VALUE, pubKey->u.dh.publicValue.data, + pubKey->u.dh.publicValue.len); attrs++; + break; + /* what about fortezza??? */ + default: + PORT_SetError( SEC_ERROR_BAD_KEY ); + return CK_INVALID_KEY; + } + + templateCount = attrs - theTemplate; + signedcount = attrs - signedattr; + PORT_Assert(templateCount <= (sizeof(theTemplate)/sizeof(CK_ATTRIBUTE))); + for (attrs=signedattr; signedcount; attrs++, signedcount--) { + pk11_SignedToUnsigned(attrs); + } + rv = PK11_CreateNewObject(slot, CK_INVALID_SESSION, theTemplate, + templateCount, isToken, &objectID); + if ( rv != SECSuccess) { + return CK_INVALID_KEY; + } + } + + pubKey->pkcs11ID = objectID; + pubKey->pkcs11Slot = PK11_ReferenceSlot(slot); + + return objectID; +} + + +/* + * return the slot associated with a symetric key + */ +PK11SlotInfo * +PK11_GetSlotFromKey(PK11SymKey *symKey) +{ + return PK11_ReferenceSlot(symKey->slot); +} + +PK11SymKey * +PK11_FindFixedKey(PK11SlotInfo *slot, CK_MECHANISM_TYPE type, SECItem *keyID, + void *wincx) +{ + CK_ATTRIBUTE findTemp[4]; + CK_ATTRIBUTE *attrs; + CK_BBOOL ckTrue = CK_TRUE; + CK_OBJECT_CLASS keyclass = CKO_SECRET_KEY; + int tsize = 0; + CK_OBJECT_HANDLE key_id; + + attrs = findTemp; + PK11_SETATTRS(attrs, CKA_CLASS, &keyclass, sizeof(keyclass)); attrs++; + PK11_SETATTRS(attrs, CKA_TOKEN, &ckTrue, sizeof(ckTrue)); attrs++; + if (keyID) { + PK11_SETATTRS(attrs, CKA_ID, keyID->data, keyID->len); attrs++; + } + tsize = attrs - findTemp; + PORT_Assert(tsize <= sizeof(findTemp)/sizeof(CK_ATTRIBUTE)); + + key_id = pk11_FindObjectByTemplate(slot,findTemp,tsize); + if (key_id == CK_INVALID_KEY) { + return NULL; + } + return PK11_SymKeyFromHandle(slot, NULL, PK11_OriginDerive, type, key_id, + PR_FALSE, wincx); +} + +void * +PK11_GetWindow(PK11SymKey *key) +{ + return key->cx; +} + + +/* + * extract a symetric key value. NOTE: if the key is sensitive, we will + * not be able to do this operation. This function is used to move + * keys from one token to another */ +SECStatus +PK11_ExtractKeyValue(PK11SymKey *symKey) +{ + + if (symKey->data.data != NULL) return SECSuccess; + + if (symKey->slot == NULL) { + PORT_SetError( SEC_ERROR_INVALID_KEY ); + return SECFailure; + } + + return PK11_ReadAttribute(symKey->slot,symKey->objectID,CKA_VALUE,NULL, + &symKey->data); +} + +SECItem * +PK11_GetKeyData(PK11SymKey *symKey) +{ + return &symKey->data; +} + +/* + * take an attribute and copy it into a secitem, converting unsigned to signed. + */ +static CK_RV +pk11_Attr2SecItem(PRArenaPool *arena, CK_ATTRIBUTE *attr, SECItem *item) { + unsigned char *dataPtr; + + item->len = attr->ulValueLen; + dataPtr = (unsigned char*) PORT_ArenaAlloc(arena, item->len+1); + if ( dataPtr == NULL) { + return CKR_HOST_MEMORY; + } + *dataPtr = 0; + item->data = dataPtr+1; + PORT_Memcpy(item->data,attr->pValue,item->len); + if (item->data[0] & 0x80) { + item->data = item->data-1; + item->len++; + } + return CKR_OK; +} +/* + * extract a public key from a slot and id + */ +SECKEYPublicKey * +PK11_ExtractPublicKey(PK11SlotInfo *slot,KeyType keyType,CK_OBJECT_HANDLE id) +{ + CK_OBJECT_CLASS keyClass = CKO_PUBLIC_KEY; + PRArenaPool *arena; + PRArenaPool *tmp_arena; + SECKEYPublicKey *pubKey; + int templateCount = 0; + CK_KEY_TYPE pk11KeyType; + CK_RV crv; + CK_ATTRIBUTE template[8]; + CK_ATTRIBUTE *attrs= template; + CK_ATTRIBUTE *modulus,*exponent,*base,*prime,*subprime,*value; + + /* if we didn't know the key type, get it */ + if (keyType== nullKey) { + + pk11KeyType = PK11_ReadULongAttribute(slot,id,CKA_KEY_TYPE); + if (pk11KeyType == CK_UNAVAILABLE_INFORMATION) { + PORT_SetError( PK11_MapError(crv) ); + return NULL; + } + switch (pk11KeyType) { + case CKK_RSA: + keyType = rsaKey; + break; + case CKK_DSA: + keyType = dsaKey; + break; + case CKK_DH: + keyType = dhKey; + break; + default: + PORT_SetError( SEC_ERROR_BAD_KEY ); + return NULL; + } + } + + + /* now we need to create space for the public key */ + arena = PORT_NewArena( DER_DEFAULT_CHUNKSIZE); + if (arena == NULL) return NULL; + tmp_arena = PORT_NewArena( DER_DEFAULT_CHUNKSIZE); + if (tmp_arena == NULL) { + PORT_FreeArena (arena, PR_FALSE); + return NULL; + } + + + pubKey = (SECKEYPublicKey *) + PORT_ArenaZAlloc(arena, sizeof(SECKEYPublicKey)); + if (pubKey == NULL) { + PORT_FreeArena (arena, PR_FALSE); + PORT_FreeArena (tmp_arena, PR_FALSE); + return NULL; + } + + pubKey->arena = arena; + pubKey->keyType = keyType; + pubKey->pkcs11Slot = PK11_ReferenceSlot(slot); + pubKey->pkcs11ID = id; + PK11_SETATTRS(attrs, CKA_CLASS, &keyClass, + sizeof(keyClass)); attrs++; + PK11_SETATTRS(attrs, CKA_KEY_TYPE, &pk11KeyType, + sizeof(pk11KeyType) ); attrs++; + switch (pubKey->keyType) { + case rsaKey: + modulus = attrs; + PK11_SETATTRS(attrs, CKA_MODULUS, NULL, 0); attrs++; + exponent = attrs; + PK11_SETATTRS(attrs, CKA_PUBLIC_EXPONENT, NULL, 0); attrs++; + + templateCount = attrs - template; + PR_ASSERT(templateCount <= sizeof(template)/sizeof(CK_ATTRIBUTE)); + crv = PK11_GetAttributes(tmp_arena,slot,id,template,templateCount); + if (crv != CKR_OK) break; + + if ((keyClass != CKO_PUBLIC_KEY) || (pk11KeyType != CKK_RSA)) { + crv = CKR_OBJECT_HANDLE_INVALID; + break; + } + crv = pk11_Attr2SecItem(arena,modulus,&pubKey->u.rsa.modulus); + if (crv != CKR_OK) break; + crv = pk11_Attr2SecItem(arena,exponent,&pubKey->u.rsa.publicExponent); + if (crv != CKR_OK) break; + break; + case dsaKey: + prime = attrs; + PK11_SETATTRS(attrs, CKA_PRIME, NULL, 0); attrs++; + subprime = attrs; + PK11_SETATTRS(attrs, CKA_SUBPRIME, NULL, 0); attrs++; + base = attrs; + PK11_SETATTRS(attrs, CKA_BASE, NULL, 0); attrs++; + value = attrs; + PK11_SETATTRS(attrs, CKA_VALUE, NULL, 0); attrs++; + templateCount = attrs - template; + PR_ASSERT(templateCount <= sizeof(template)/sizeof(CK_ATTRIBUTE)); + crv = PK11_GetAttributes(tmp_arena,slot,id,template,templateCount); + if (crv != CKR_OK) break; + + if ((keyClass != CKO_PUBLIC_KEY) || (pk11KeyType != CKK_DSA)) { + crv = CKR_OBJECT_HANDLE_INVALID; + break; + } + crv = pk11_Attr2SecItem(arena,prime,&pubKey->u.dsa.params.prime); + if (crv != CKR_OK) break; + crv = pk11_Attr2SecItem(arena,subprime,&pubKey->u.dsa.params.subPrime); + if (crv != CKR_OK) break; + crv = pk11_Attr2SecItem(arena,base,&pubKey->u.dsa.params.base); + if (crv != CKR_OK) break; + crv = pk11_Attr2SecItem(arena,value,&pubKey->u.dsa.publicValue); + if (crv != CKR_OK) break; + break; + case dhKey: + prime = attrs; + PK11_SETATTRS(attrs, CKA_PRIME, NULL, 0); attrs++; + base = attrs; + PK11_SETATTRS(attrs, CKA_BASE, NULL, 0); attrs++; + value =attrs; + PK11_SETATTRS(attrs, CKA_VALUE, NULL, 0); attrs++; + templateCount = attrs - template; + PR_ASSERT(templateCount <= sizeof(template)/sizeof(CK_ATTRIBUTE)); + crv = PK11_GetAttributes(tmp_arena,slot,id,template,templateCount); + if (crv != CKR_OK) break; + + if ((keyClass != CKO_PUBLIC_KEY) || (pk11KeyType != CKK_DSA)) { + crv = CKR_OBJECT_HANDLE_INVALID; + break; + } + crv = pk11_Attr2SecItem(arena,prime,&pubKey->u.dh.prime); + if (crv != CKR_OK) break; + crv = pk11_Attr2SecItem(arena,base,&pubKey->u.dh.base); + if (crv != CKR_OK) break; + crv = pk11_Attr2SecItem(arena,value,&pubKey->u.dh.publicValue); + if (crv != CKR_OK) break; + break; + case fortezzaKey: + case nullKey: + default: + crv = CKR_OBJECT_HANDLE_INVALID; + break; + } + + PORT_FreeArena(tmp_arena,PR_FALSE); + + if (crv != CKR_OK) { + PORT_FreeArena(arena,PR_FALSE); + PK11_FreeSlot(slot); + PORT_SetError( PK11_MapError(crv) ); + return NULL; + } + + return pubKey; +} + +/* + * Build a Private Key structure from raw PKCS #11 information. + */ +SECKEYPrivateKey * +PK11_MakePrivKey(PK11SlotInfo *slot, KeyType keyType, + PRBool isTemp, CK_OBJECT_HANDLE privID, void *wincx) +{ + PRArenaPool *arena; + SECKEYPrivateKey *privKey; + + /* don't know? look it up */ + if (keyType == nullKey) { + CK_KEY_TYPE pk11Type = CKK_RSA; + + pk11Type = PK11_ReadULongAttribute(slot,privID,CKA_KEY_TYPE); + isTemp = (PRBool)!PK11_HasAttributeSet(slot,privID,CKA_TOKEN); + switch (pk11Type) { + case CKK_RSA: keyType = rsaKey; break; + case CKK_DSA: keyType = dsaKey; break; + case CKK_DH: keyType = dhKey; break; + case CKK_KEA: keyType = fortezzaKey; break; + default: + break; + } + } + + /* now we need to create space for the private key */ + arena = PORT_NewArena( DER_DEFAULT_CHUNKSIZE); + if (arena == NULL) return NULL; + + privKey = (SECKEYPrivateKey *) + PORT_ArenaZAlloc(arena, sizeof(SECKEYPrivateKey)); + if (privKey == NULL) { + PORT_FreeArena(arena, PR_FALSE); + return NULL; + } + + privKey->arena = arena; + privKey->keyType = keyType; + privKey->pkcs11Slot = PK11_ReferenceSlot(slot); + privKey->pkcs11ID = privID; + privKey->pkcs11IsTemp = isTemp; + privKey->wincx = wincx; + + return privKey; +} + +/* return the keylength if possible. '0' if not */ +unsigned int +PK11_GetKeyLength(PK11SymKey *key) +{ + if (key->size != 0) return key->size ; + if (key->data.data == NULL) { + PK11_ExtractKeyValue(key); + } + /* key is probably secret. Look up it's type and length */ + /* this is new PKCS #11 version 2.0 functionality. */ + if (key->size == 0) { + CK_ULONG keyLength; + + keyLength = PK11_ReadULongAttribute(key->slot,key->objectID,CKA_VALUE_LEN); + /* doesn't have a length field, check the known PKCS #11 key types, + * which don't have this field */ + if (keyLength == CK_UNAVAILABLE_INFORMATION) { + CK_KEY_TYPE keyType; + keyType = PK11_ReadULongAttribute(key->slot,key->objectID,CKA_KEY_TYPE); + switch (keyType) { + case CKK_DES: key->size = 8; break; + case CKK_DES2: key->size = 16; break; + case CKK_DES3: key->size = 24; break; + case CKK_SKIPJACK: key->size = 10; break; + case CKK_BATON: key->size = 20; break; + case CKK_JUNIPER: key->size = 20; break; + case CKK_GENERIC_SECRET: + if (key->type == CKM_SSL3_PRE_MASTER_KEY_GEN) { + key->size=48; + } + break; + default: break; + } + } else { + key->size = (unsigned int)keyLength; + } + } + + return key->size; +} + +/* return the strength of a key. This is different from length in that + * 1) it returns the size in bits, and 2) it returns only the secret portions + * of the key minus any checksums or parity. + */ +unsigned int +PK11_GetKeyStrength(PK11SymKey *key, SECAlgorithmID *algid) +{ + int size=0; + CK_MECHANISM_TYPE mechanism= CKM_INVALID_MECHANISM; /* RC2 only */ + SECItem *param = NULL; /* RC2 only */ + CK_RC2_CBC_PARAMS *rc2_params = NULL; /* RC2 ONLY */ + unsigned int effectiveBits = 0; /* RC2 ONLY */ + + switch (PK11_GetKeyType(key->type,0)) { + case CKK_CDMF: + return 40; + case CKK_DES: + return 56; + case CKK_DES3: + case CKK_DES2: + size = PK11_GetKeyLength(key); + if (size == 16) { + /* double des */ + return 112; /* 16*7 */ + } + return 168; + /* + * RC2 has is different than other ciphers in that it allows the user + * to deprecating keysize while still requiring all the bits for the + * original key. The info + * on what the effective key strength is in the parameter for the key. + * In S/MIME this parameter is stored in the DER encoded algid. In Our + * other uses of RC2, effectiveBits == keyBits, so this code functions + * correctly without an algid. + */ + case CKK_RC2: + /* if no algid was provided, fall through to default */ + if (!algid) { + break; + } + /* verify that the algid is for RC2 */ + mechanism = PK11_AlgtagToMechanism(SECOID_GetAlgorithmTag(algid)); + if ((mechanism != CKM_RC2_CBC) && (mechanism != CKM_RC2_ECB)) { + break; + } + + /* now get effective bits from the algorithm ID. */ + param = PK11_ParamFromAlgid(algid); + /* if we couldn't get memory just use key length */ + if (param == NULL) { + break; + } + + rc2_params = (CK_RC2_CBC_PARAMS *) param->data; + /* paranoia... shouldn't happen */ + PORT_Assert(param->data != NULL); + if (param->data == NULL) { + SECITEM_FreeItem(param,PR_TRUE); + break; + } + effectiveBits = (unsigned int)rc2_params->ulEffectiveBits; + SECITEM_FreeItem(param,PR_TRUE); + param = NULL; rc2_params=NULL; /* paranoia */ + + /* we have effective bits, is and allocated memory is free, now + * we need to return the smaller of effective bits and keysize */ + size = PK11_GetKeyLength(key); + if ((unsigned int)size*8 > effectiveBits) { + return effectiveBits; + } + + return size*8; /* the actual key is smaller, the strength can't be + * greater than the actual key size */ + + default: + break; + } + return PK11_GetKeyLength(key) * 8; +} + +/* Make a Key type to an appropriate signing/verification mechanism */ +static CK_MECHANISM_TYPE +pk11_mapSignKeyType(KeyType keyType) +{ + switch (keyType) { + case rsaKey: + return CKM_RSA_PKCS; + case fortezzaKey: + case dsaKey: + return CKM_DSA; + case dhKey: + default: + break; + } + return CKM_INVALID_MECHANISM; +} + +static CK_MECHANISM_TYPE +pk11_mapWrapKeyType(KeyType keyType) +{ + switch (keyType) { + case rsaKey: + return CKM_RSA_PKCS; + /* Add fortezza?? */ + default: + break; + } + return CKM_INVALID_MECHANISM; +} + +/* + * Some non-compliant PKCS #11 vendors do not give us the modulus, so actually + * set up a signature to get the signaure length. + */ +static int +pk11_backupGetSignLength(SECKEYPrivateKey *key) +{ + PK11SlotInfo *slot = key->pkcs11Slot; + CK_MECHANISM mech = {0, NULL, 0 }; + PRBool owner = PR_TRUE; + CK_SESSION_HANDLE session; + CK_ULONG len; + CK_RV crv; + unsigned char h_data[20] = { 0 }; + unsigned char buf[20]; /* obviously to small */ + CK_ULONG smallLen = sizeof(buf); + + mech.mechanism = pk11_mapSignKeyType(key->keyType); + + session = pk11_GetNewSession(slot,&owner); + if (!owner || !(slot->isThreadSafe)) PK11_EnterSlotMonitor(slot); + crv = PK11_GETTAB(slot)->C_SignInit(session,&mech,key->pkcs11ID); + if (crv != CKR_OK) { + if (!owner || !(slot->isThreadSafe)) PK11_ExitSlotMonitor(slot); + pk11_CloseSession(slot,session,owner); + PORT_SetError( PK11_MapError(crv) ); + return -1; + } + len = 0; + crv = PK11_GETTAB(slot)->C_Sign(session,h_data,sizeof(h_data), + NULL, &len); + /* now call C_Sign with too small a buffer to clear the session state */ + (void) PK11_GETTAB(slot)-> + C_Sign(session,h_data,sizeof(h_data),buf,&smallLen); + + if (!owner || !(slot->isThreadSafe)) PK11_ExitSlotMonitor(slot); + pk11_CloseSession(slot,session,owner); + if (crv != CKR_OK) { + PORT_SetError( PK11_MapError(crv) ); + return -1; + } + return len; +} +/* + * get the length of a signature object based on the key + */ +int +PK11_SignatureLen(SECKEYPrivateKey *key) +{ + PK11SlotInfo *slot = key->pkcs11Slot; + int val; + + switch (key->keyType) { + case rsaKey: + val = PK11_GetPrivateModulusLen(key); + if (val == -1) { + break; /* failed */ + } + return (unsigned long) val; + + case fortezzaKey: + case dsaKey: + return 40; + + default: + break; + } + PORT_SetError( SEC_ERROR_INVALID_KEY ); + return 0; +} + +PK11SlotInfo * +PK11_GetSlotFromPrivateKey(SECKEYPrivateKey *key) +{ + PK11SlotInfo *slot = key->pkcs11Slot; + slot = PK11_ReferenceSlot(slot); + return slot; +} + +/* + * Get the modulus length for raw parsing + */ +int +PK11_GetPrivateModulusLen(SECKEYPrivateKey *key) +{ + CK_ATTRIBUTE theTemplate = { CKA_MODULUS, NULL, 0 }; + PK11SlotInfo *slot = key->pkcs11Slot; + CK_RV crv; + int length; + + switch (key->keyType) { + case rsaKey: + crv = PK11_GetAttributes(NULL, slot, key->pkcs11ID, &theTemplate, 1); + if (crv != CKR_OK) { + PORT_SetError( PK11_MapError(crv) ); + return -1; + } + length = theTemplate.ulValueLen; + if ( *(unsigned char *)theTemplate.pValue == 0) { + length--; + } + if (theTemplate.pValue != NULL) + PORT_Free(theTemplate.pValue); + return (int) length; + + case fortezzaKey: + case dsaKey: + case dhKey: + default: + break; + } + if (theTemplate.pValue != NULL) + PORT_Free(theTemplate.pValue); + PORT_SetError( SEC_ERROR_INVALID_KEY ); + return -1; +} + +/* + * copy a key (or any other object) on a token + */ +CK_OBJECT_HANDLE +PK11_CopyKey(PK11SlotInfo *slot, CK_OBJECT_HANDLE srcObject) +{ + CK_OBJECT_HANDLE destObject; + CK_RV crv; + + PK11_EnterSlotMonitor(slot); + crv = PK11_GETTAB(slot)->C_CopyObject(slot->session,srcObject,NULL,0, + &destObject); + PK11_ExitSlotMonitor(slot); + if (crv == CKR_OK) return destObject; + PORT_SetError( PK11_MapError(crv) ); + return CK_INVALID_KEY; +} + + +PK11SymKey * +pk11_KeyExchange(PK11SlotInfo *slot,CK_MECHANISM_TYPE type, + CK_ATTRIBUTE_TYPE operation, PK11SymKey *symKey); + +/* + * The next two utilities are to deal with the fact that a given operation + * may be a multi-slot affair. This creates a new key object that is copied + * into the new slot. + */ +PK11SymKey * +pk11_CopyToSlot(PK11SlotInfo *slot,CK_MECHANISM_TYPE type, + CK_ATTRIBUTE_TYPE operation, PK11SymKey *symKey) +{ + SECStatus rv; + PK11SymKey *newKey = NULL; + + /* Extract the raw key data if possible */ + if (symKey->data.data == NULL) { + rv = PK11_ExtractKeyValue(symKey); + /* KEY is sensitive, we're try key exchanging it. */ + if (rv != SECSuccess) { + return pk11_KeyExchange(slot, type, operation, symKey); + } + } + newKey = PK11_ImportSymKey(slot, type, symKey->origin, operation, + &symKey->data, symKey->cx); + if (newKey == NULL) newKey = pk11_KeyExchange(slot,type,operation,symKey); + return newKey; +} + +/* + * Make sure the slot we are in the correct slot for the operation + */ +static PK11SymKey * +pk11_ForceSlot(PK11SymKey *symKey,CK_MECHANISM_TYPE type, + CK_ATTRIBUTE_TYPE operation) +{ + PK11SlotInfo *slot = symKey->slot; + PK11SymKey *newKey = NULL; + + if ((slot== NULL) || !PK11_DoesMechanism(slot,type)) { + slot = PK11_GetBestSlot(type,symKey->cx); + if (slot == NULL) { + PORT_SetError( SEC_ERROR_NO_MODULE ); + return NULL; + } + newKey = pk11_CopyToSlot(slot, type, operation, symKey); + PK11_FreeSlot(slot); + } + return newKey; +} + +/* + * Use the token to Generate a key. keySize must be 'zero' for fixed key + * length algorithms. NOTE: this means we can never generate a DES2 key + * from this interface! + */ +PK11SymKey * +PK11_TokenKeyGen(PK11SlotInfo *slot, CK_MECHANISM_TYPE type, SECItem *param, + int keySize, SECItem *keyid, PRBool isToken, void *wincx) +{ + PK11SymKey *symKey; + CK_ATTRIBUTE genTemplate[4]; + CK_ATTRIBUTE *attrs = genTemplate; + int count = sizeof(genTemplate)/sizeof(genTemplate[0]); + CK_SESSION_HANDLE session; + CK_MECHANISM mechanism; + CK_RV crv; + PRBool weird = PR_FALSE; /* hack for fortezza */ + CK_BBOOL ckfalse = CK_FALSE; + CK_BBOOL cktrue = CK_TRUE; + + if ((keySize == -1) && (type == CKM_SKIPJACK_CBC64)) { + weird = PR_TRUE; + keySize = 0; + } + + /* TNH: Isn't this redundant, since "handleKey" will set defaults? */ + PK11_SETATTRS(attrs, (!weird) + ? CKA_ENCRYPT : CKA_DECRYPT, &cktrue, sizeof(CK_BBOOL)); attrs++; + + if (keySize != 0) { + CK_ULONG key_size = keySize; /* Convert to PK11 type */ + + PK11_SETATTRS(attrs, CKA_VALUE_LEN, &key_size, sizeof(key_size)); + attrs++; + } + + /* Include key id value if provided */ + if (keyid) { + PK11_SETATTRS(attrs, CKA_ID, keyid->data, keyid->len); attrs++; + } + + if (isToken) { + PK11_SETATTRS(attrs, CKA_TOKEN, &cktrue, sizeof(cktrue)); attrs++; + } + + count = attrs - genTemplate; + PR_ASSERT(count <= sizeof(genTemplate)/sizeof(CK_ATTRIBUTE)); + + /* find a slot to generate the key into */ + /* Only do slot management if this is not a token key */ + if (!isToken && (slot == NULL || !PK11_DoesMechanism(slot,type))) { + PK11SlotInfo *bestSlot; + + bestSlot = PK11_GetBestSlot(type,wincx); /* TNH: references the slot? */ + if (bestSlot == NULL) { + PORT_SetError( SEC_ERROR_NO_MODULE ); + return NULL; + } + + symKey = PK11_CreateSymKey(bestSlot,type,wincx); + + PK11_FreeSlot(bestSlot); + } else { + symKey = PK11_CreateSymKey(slot, type, wincx); + } + if (symKey == NULL) return NULL; + + symKey->size = keySize; + symKey->origin = (!weird) ? PK11_OriginGenerated : PK11_OriginFortezzaHack; + + /* Initialize the Key Gen Mechanism */ + mechanism.mechanism = PK11_GetKeyGen(type); + if (mechanism.mechanism == CKM_FAKE_RANDOM) { + PORT_SetError( SEC_ERROR_NO_MODULE ); + return NULL; + } + + /* Set the parameters for the key gen if provided */ + mechanism.pParameter = NULL; + mechanism.ulParameterLen = 0; + if (param) { + mechanism.pParameter = param->data; + mechanism.ulParameterLen = param->len; + } + + /* Get session and perform locking */ + if (isToken) { + session = PK11_GetRWSession(symKey->slot); /* Should always be original slot */ + } else { + session = symKey->session; + pk11_EnterKeyMonitor(symKey); + } + + crv = PK11_GETTAB(symKey->slot)->C_GenerateKey(session, + &mechanism, genTemplate, count, &symKey->objectID); + + /* Release lock and session */ + if (isToken) { + PK11_RestoreROSession(symKey->slot, session); + } else { + pk11_ExitKeyMonitor(symKey); + } + + if (crv != CKR_OK) { + PK11_FreeSymKey(symKey); + PORT_SetError( PK11_MapError(crv) ); + return NULL; + } + + return symKey; +} + +PK11SymKey * +PK11_KeyGen(PK11SlotInfo *slot, CK_MECHANISM_TYPE type, SECItem *param, + int keySize, void *wincx) +{ + return PK11_TokenKeyGen(slot, type, param, keySize, 0, PR_FALSE, wincx); +} + +/* --- */ +PK11SymKey * +PK11_GenDES3TokenKey(PK11SlotInfo *slot, SECItem *keyid, void *cx) +{ + return PK11_TokenKeyGen(slot, CKM_DES3_CBC, 0, 0, keyid, PR_TRUE, cx); +} + +/* + * PKCS #11 pairwise consistency check utilized to validate key pair. + */ +static SECStatus +pk11_PairwiseConsistencyCheck(SECKEYPublicKey *pubKey, + SECKEYPrivateKey *privKey, CK_MECHANISM *mech, void* wincx ) +{ + /* Variables used for Encrypt/Decrypt functions. */ + unsigned char *known_message = (unsigned char *)"Known Crypto Message"; + CK_BBOOL isEncryptable = CK_FALSE; + CK_BBOOL canSignVerify = CK_FALSE; + CK_BBOOL isDerivable = CK_FALSE; + unsigned char plaintext[PAIRWISE_MESSAGE_LENGTH]; + CK_ULONG bytes_decrypted; + PK11SlotInfo *slot; + CK_OBJECT_HANDLE id; + unsigned char *ciphertext; + unsigned char *text_compared; + CK_ULONG max_bytes_encrypted; + CK_ULONG bytes_encrypted; + CK_ULONG bytes_compared; + CK_RV crv; + + /* Variables used for Signature/Verification functions. */ + unsigned char *known_digest = (unsigned char *)"Mozilla Rules World!"; + SECItem signature; + SECItem digest; /* always uses SHA-1 digest */ + int signature_length; + SECStatus rv; + + /**************************************************/ + /* Pairwise Consistency Check of Encrypt/Decrypt. */ + /**************************************************/ + + isEncryptable = PK11_HasAttributeSet( privKey->pkcs11Slot, + privKey->pkcs11ID, CKA_DECRYPT ); + + /* If the encryption attribute is set; attempt to encrypt */ + /* with the public key and decrypt with the private key. */ + if( isEncryptable ) { + /* Find a module to encrypt against */ + slot = PK11_GetBestSlot(pk11_mapWrapKeyType(privKey->keyType),wincx); + if (slot == NULL) { + PORT_SetError( SEC_ERROR_NO_MODULE ); + return SECFailure; + } + + id = PK11_ImportPublicKey(slot,pubKey,PR_FALSE); + if (id == CK_INVALID_KEY) { + PK11_FreeSlot(slot); + return SECFailure; + } + + /* Compute max bytes encrypted from modulus length of private key. */ + max_bytes_encrypted = PK11_GetPrivateModulusLen( privKey ); + + + /* Prepare for encryption using the public key. */ + PK11_EnterSlotMonitor(slot); + crv = PK11_GETTAB( slot )->C_EncryptInit( slot->session, + mech, id ); + if( crv != CKR_OK ) { + PK11_ExitSlotMonitor(slot); + PORT_SetError( PK11_MapError( crv ) ); + PK11_FreeSlot(slot); + return SECFailure; + } + + /* Allocate space for ciphertext. */ + ciphertext = (unsigned char *) PORT_Alloc( max_bytes_encrypted ); + if( ciphertext == NULL ) { + PK11_ExitSlotMonitor(slot); + PORT_SetError( SEC_ERROR_NO_MEMORY ); + PK11_FreeSlot(slot); + return SECFailure; + } + + /* Initialize bytes encrypted to max bytes encrypted. */ + bytes_encrypted = max_bytes_encrypted; + + /* Encrypt using the public key. */ + crv = PK11_GETTAB( slot )->C_Encrypt( slot->session, + known_message, + PAIRWISE_MESSAGE_LENGTH, + ciphertext, + &bytes_encrypted ); + PK11_ExitSlotMonitor(slot); + PK11_FreeSlot(slot); + if( crv != CKR_OK ) { + PORT_SetError( PK11_MapError( crv ) ); + PORT_Free( ciphertext ); + return SECFailure; + } + + /* Always use the smaller of these two values . . . */ + bytes_compared = ( bytes_encrypted > PAIRWISE_MESSAGE_LENGTH ) + ? PAIRWISE_MESSAGE_LENGTH + : bytes_encrypted; + + /* If there was a failure, the plaintext */ + /* goes at the end, therefore . . . */ + text_compared = ( bytes_encrypted > PAIRWISE_MESSAGE_LENGTH ) + ? (ciphertext + bytes_encrypted - + PAIRWISE_MESSAGE_LENGTH ) + : ciphertext; + + /* Check to ensure that ciphertext does */ + /* NOT EQUAL known input message text */ + /* per FIPS PUB 140-1 directive. */ + if( ( bytes_encrypted != max_bytes_encrypted ) || + ( PORT_Memcmp( text_compared, known_message, + bytes_compared ) == 0 ) ) { + /* Set error to Invalid PRIVATE Key. */ + PORT_SetError( SEC_ERROR_INVALID_KEY ); + PORT_Free( ciphertext ); + return SECFailure; + } + + slot = privKey->pkcs11Slot; + /* Prepare for decryption using the private key. */ + PK11_EnterSlotMonitor(slot); + crv = PK11_GETTAB( slot )->C_DecryptInit( slot->session, + mech, + privKey->pkcs11ID ); + if( crv != CKR_OK ) { + PK11_ExitSlotMonitor(slot); + PORT_SetError( PK11_MapError(crv) ); + PORT_Free( ciphertext ); + PK11_FreeSlot(slot); + return SECFailure; + } + + /* Initialize bytes decrypted to be the */ + /* expected PAIRWISE_MESSAGE_LENGTH. */ + bytes_decrypted = PAIRWISE_MESSAGE_LENGTH; + + /* Decrypt using the private key. */ + /* NOTE: No need to reset the */ + /* value of bytes_encrypted. */ + crv = PK11_GETTAB( slot )->C_Decrypt( slot->session, + ciphertext, + bytes_encrypted, + plaintext, + &bytes_decrypted ); + PK11_ExitSlotMonitor(slot); + + /* Finished with ciphertext; free it. */ + PORT_Free( ciphertext ); + + if( crv != CKR_OK ) { + PORT_SetError( PK11_MapError(crv) ); + PK11_FreeSlot(slot); + return SECFailure; + } + + /* Check to ensure that the output plaintext */ + /* does EQUAL known input message text. */ + if( ( bytes_decrypted != PAIRWISE_MESSAGE_LENGTH ) || + ( PORT_Memcmp( plaintext, known_message, + PAIRWISE_MESSAGE_LENGTH ) != 0 ) ) { + /* Set error to Bad PUBLIC Key. */ + PORT_SetError( SEC_ERROR_BAD_KEY ); + PK11_FreeSlot(slot); + return SECFailure; + } + } + + /**********************************************/ + /* Pairwise Consistency Check of Sign/Verify. */ + /**********************************************/ + + canSignVerify = PK11_HasAttributeSet ( privKey->pkcs11Slot, + privKey->pkcs11ID, CKA_VERIFY); + + if (canSignVerify) + { + /* Initialize signature and digest data. */ + signature.data = NULL; + digest.data = NULL; + + /* Determine length of signature. */ + signature_length = PK11_SignatureLen( privKey ); + if( signature_length == 0 ) + goto failure; + + /* Allocate space for signature data. */ + signature.data = (unsigned char *) PORT_Alloc( signature_length ); + if( signature.data == NULL ) { + PORT_SetError( SEC_ERROR_NO_MEMORY ); + goto failure; + } + + /* Allocate space for known digest data. */ + digest.data = (unsigned char *) PORT_Alloc( PAIRWISE_DIGEST_LENGTH ); + if( digest.data == NULL ) { + PORT_SetError( SEC_ERROR_NO_MEMORY ); + goto failure; + } + + /* "Fill" signature type and length. */ + signature.type = PAIRWISE_SECITEM_TYPE; + signature.len = signature_length; + + /* "Fill" digest with known SHA-1 digest parameters. */ + digest.type = PAIRWISE_SECITEM_TYPE; + PORT_Memcpy( digest.data, known_digest, PAIRWISE_DIGEST_LENGTH ); + digest.len = PAIRWISE_DIGEST_LENGTH; + + /* Sign the known hash using the private key. */ + rv = PK11_Sign( privKey, &signature, &digest ); + if( rv != SECSuccess ) + goto failure; + + /* Verify the known hash using the public key. */ + rv = PK11_Verify( pubKey, &signature, &digest, wincx ); + if( rv != SECSuccess ) + goto failure; + + /* Free signature and digest data. */ + PORT_Free( signature.data ); + PORT_Free( digest.data ); + } + + + + /**********************************************/ + /* Pairwise Consistency Check for Derivation */ + /**********************************************/ + + isDerivable = PK11_HasAttributeSet ( privKey->pkcs11Slot, + privKey->pkcs11ID, CKA_DERIVE); + + if (isDerivable) + { + /* + * We are not doing consistency check for Diffie-Hellman Key - + * otherwise it would be here + */ + + } + + return SECSuccess; + +failure: + if( signature.data != NULL ) + PORT_Free( signature.data ); + if( digest.data != NULL ) + PORT_Free( digest.data ); + + return SECFailure; +} + + + +/* + * take a private key in one pkcs11 module and load it into another: + * NOTE: the source private key is a rare animal... it can't be sensitive. + * This is used to do a key gen using one pkcs11 module and storing the + * result into another. + */ +SECKEYPrivateKey * +pk11_loadPrivKey(PK11SlotInfo *slot,SECKEYPrivateKey *privKey, + SECKEYPublicKey *pubKey, PRBool token, PRBool sensitive) +{ + CK_ATTRIBUTE privTemplate[] = { + /* class must be first */ + { CKA_CLASS, NULL, 0 }, + { CKA_KEY_TYPE, NULL, 0 }, + /* these three must be next */ + { CKA_TOKEN, NULL, 0 }, + { CKA_PRIVATE, NULL, 0 }, + { CKA_SENSITIVE, NULL, 0 }, + { CKA_ID, NULL, 0 }, +#ifdef notdef + { CKA_LABEL, NULL, 0 }, + { CKA_SUBJECT, NULL, 0 }, +#endif + /* RSA */ + { CKA_MODULUS, NULL, 0 }, + { CKA_PRIVATE_EXPONENT, NULL, 0 }, + { CKA_PUBLIC_EXPONENT, NULL, 0 }, + { CKA_PRIME_1, NULL, 0 }, + { CKA_PRIME_2, NULL, 0 }, + { CKA_EXPONENT_1, NULL, 0 }, + { CKA_EXPONENT_2, NULL, 0 }, + { CKA_COEFFICIENT, NULL, 0 }, + }; + CK_ATTRIBUTE *attrs = NULL, *ap; + int templateSize = sizeof(privTemplate)/sizeof(privTemplate[0]); + PRArenaPool *arena; + CK_OBJECT_HANDLE objectID; + int i, count = 0; + int extra_count = 0; + CK_RV crv; + SECStatus rv; + + for (i=0; i < templateSize; i++) { + if (privTemplate[i].type == CKA_MODULUS) { + attrs= &privTemplate[i]; + count = i; + break; + } + } + PORT_Assert(attrs != NULL); + if (attrs == NULL) { + PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); + return NULL; + } + + ap = attrs; + + switch (privKey->keyType) { + case rsaKey: + count = templateSize; + extra_count = templateSize - (attrs - privTemplate); + break; + case dsaKey: + ap->type = CKA_PRIME; ap++; count++; extra_count++; + ap->type = CKA_SUBPRIME; ap++; count++; extra_count++; + ap->type = CKA_BASE; ap++; count++; extra_count++; + ap->type = CKA_VALUE; ap++; count++; extra_count++; + break; + case dhKey: + ap->type = CKA_PRIME; ap++; count++; extra_count++; + ap->type = CKA_BASE; ap++; count++; extra_count++; + ap->type = CKA_VALUE; ap++; count++; extra_count++; + break; + default: + count = 0; + extra_count = 0; + break; + } + + if (count == 0) { + PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); + return NULL; + } + + arena = PORT_NewArena( DER_DEFAULT_CHUNKSIZE); + if (arena == NULL) return NULL; + /* + * read out the old attributes. + */ + crv = PK11_GetAttributes(arena, privKey->pkcs11Slot, privKey->pkcs11ID, + privTemplate,count); + if (crv != CKR_OK) { + PORT_SetError( PK11_MapError(crv) ); + PORT_FreeArena(arena, PR_TRUE); + return NULL; + } + + /* Reset sensitive, token, and private */ + *(CK_BBOOL *)(privTemplate[2].pValue) = token ? CK_TRUE : CK_FALSE; + *(CK_BBOOL *)(privTemplate[3].pValue) = token ? CK_TRUE : CK_FALSE; + *(CK_BBOOL *)(privTemplate[4].pValue) = sensitive ? CK_TRUE : CK_FALSE; + + /* Not everyone can handle zero padded key values, give + * them the raw data as unsigned */ + for (ap=attrs; extra_count; ap++, extra_count--) { + pk11_SignedToUnsigned(ap); + } + + /* now Store the puppies */ + rv = PK11_CreateNewObject(slot, CK_INVALID_SESSION, privTemplate, + count, token, &objectID); + PORT_FreeArena(arena, PR_TRUE); + if (rv != SECSuccess) { + return NULL; + } + + /* try loading the public key as a token object */ + if (pubKey) { + PK11_ImportPublicKey(slot, pubKey, PR_TRUE); + if (pubKey->pkcs11Slot) { + PK11_FreeSlot(pubKey->pkcs11Slot); + pubKey->pkcs11Slot = NULL; + pubKey->pkcs11ID = CK_INVALID_KEY; + } + } + + /* build new key structure */ + return PK11_MakePrivKey(slot, privKey->keyType, (PRBool)!token, + objectID, privKey->wincx); +} + + +/* + * Use the token to Generate a key. keySize must be 'zero' for fixed key + * length algorithms. NOTE: this means we can never generate a DES2 key + * from this interface! + */ +SECKEYPrivateKey * +PK11_GenerateKeyPair(PK11SlotInfo *slot,CK_MECHANISM_TYPE type, + void *param, SECKEYPublicKey **pubKey, PRBool token, + PRBool sensitive, void *wincx) +{ + /* we have to use these native types because when we call PKCS 11 modules + * we have to make sure that we are using the correct sizes for all the + * parameters. */ + CK_BBOOL ckfalse = CK_FALSE; + CK_BBOOL cktrue = CK_TRUE; + CK_ULONG modulusBits; + CK_BYTE publicExponent[4]; + CK_ATTRIBUTE privTemplate[] = { + { CKA_SENSITIVE, NULL, 0}, + { CKA_TOKEN, NULL, 0}, + { CKA_PRIVATE, NULL, 0}, + { CKA_DERIVE, NULL, 0}, + { CKA_UNWRAP, NULL, 0}, + { CKA_SIGN, NULL, 0}, + { CKA_DECRYPT, NULL, 0}, + }; + CK_ATTRIBUTE rsaPubTemplate[] = { + { CKA_MODULUS_BITS, NULL, 0}, + { CKA_PUBLIC_EXPONENT, NULL, 0}, + { CKA_TOKEN, NULL, 0}, + { CKA_DERIVE, NULL, 0}, + { CKA_WRAP, NULL, 0}, + { CKA_VERIFY, NULL, 0}, + { CKA_VERIFY_RECOVER, NULL, 0}, + { CKA_ENCRYPT, NULL, 0}, + }; + CK_ATTRIBUTE dsaPubTemplate[] = { + { CKA_PRIME, NULL, 0 }, + { CKA_SUBPRIME, NULL, 0 }, + { CKA_BASE, NULL, 0 }, + { CKA_TOKEN, NULL, 0}, + { CKA_DERIVE, NULL, 0}, + { CKA_WRAP, NULL, 0}, + { CKA_VERIFY, NULL, 0}, + { CKA_VERIFY_RECOVER, NULL, 0}, + { CKA_ENCRYPT, NULL, 0}, + }; + CK_ATTRIBUTE dhPubTemplate[] = { + { CKA_PRIME, NULL, 0 }, + { CKA_BASE, NULL, 0 }, + { CKA_TOKEN, NULL, 0}, + { CKA_DERIVE, NULL, 0}, + { CKA_WRAP, NULL, 0}, + { CKA_VERIFY, NULL, 0}, + { CKA_VERIFY_RECOVER, NULL, 0}, + { CKA_ENCRYPT, NULL, 0}, + }; + + int dsaPubCount = sizeof(dsaPubTemplate)/sizeof(dsaPubTemplate[0]); + /*CK_ULONG key_size = 0;*/ + CK_ATTRIBUTE *pubTemplate; + int privCount = sizeof(privTemplate)/sizeof(privTemplate[0]); + int rsaPubCount = sizeof(rsaPubTemplate)/sizeof(rsaPubTemplate[0]); + int dhPubCount = sizeof(dhPubTemplate)/sizeof(dhPubTemplate[0]); + int pubCount = 0; + PK11RSAGenParams *rsaParams; + PQGParams *dsaParams; + DHParams * dhParams; + CK_MECHANISM mechanism; + CK_MECHANISM test_mech; + CK_SESSION_HANDLE session_handle; + CK_RV crv; + CK_OBJECT_HANDLE privID,pubID; + SECKEYPrivateKey *privKey; + KeyType keyType; + PRBool restore; + int peCount,i; + CK_ATTRIBUTE *attrs; + CK_ATTRIBUTE *privattrs; + SECItem *pubKeyIndex; + CK_ATTRIBUTE setTemplate; + SECStatus rv; + CK_MECHANISM_INFO mechanism_info; + CK_OBJECT_CLASS keyClass; + SECItem *cka_id; + PRBool haslock = PR_FALSE; + PRBool pubIsToken = PR_FALSE; + + PORT_Assert(slot != NULL); + if (slot == NULL) { + PORT_SetError( SEC_ERROR_NO_MODULE); + return NULL; + } + + /* if our slot really doesn't do this mechanism, Generate the key + * in our internal token and write it out */ + if (!PK11_DoesMechanism(slot,type)) { + PK11SlotInfo *int_slot = PK11_GetInternalSlot(); + + /* don't loop forever looking for a slot */ + if (slot == int_slot) { + PK11_FreeSlot(int_slot); + PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); + return NULL; + } + + /* if there isn't a suitable slot, then we can't do the keygen */ + if (int_slot == NULL) { + PORT_SetError( SEC_ERROR_NO_MODULE ); + return NULL; + } + + /* generate the temporary key to load */ + privKey = PK11_GenerateKeyPair(int_slot,type, param, pubKey, PR_FALSE, + PR_FALSE, wincx); + PK11_FreeSlot(int_slot); + + /* if successful, load the temp key into the new token */ + if (privKey != NULL) { + SECKEYPrivateKey *newPrivKey = pk11_loadPrivKey(slot,privKey, + *pubKey,token,sensitive); + SECKEY_DestroyPrivateKey(privKey); + if (newPrivKey == NULL) { + SECKEY_DestroyPublicKey(*pubKey); + *pubKey = NULL; + } + return newPrivKey; + } + return NULL; + } + + + mechanism.mechanism = type; + mechanism.pParameter = NULL; + mechanism.ulParameterLen = 0; + test_mech.pParameter = NULL; + test_mech.ulParameterLen = 0; + + /* set up the private key template */ + privattrs = privTemplate; + PK11_SETATTRS(privattrs, CKA_SENSITIVE, sensitive ? &cktrue : &ckfalse, + sizeof(CK_BBOOL)); privattrs++; + PK11_SETATTRS(privattrs, CKA_TOKEN, token ? &cktrue : &ckfalse, + sizeof(CK_BBOOL)); privattrs++; + PK11_SETATTRS(privattrs, CKA_PRIVATE, sensitive ? &cktrue : &ckfalse, + sizeof(CK_BBOOL)); privattrs++; + + /* set up the mechanism specific info */ + switch (type) { + case CKM_RSA_PKCS_KEY_PAIR_GEN: + rsaParams = (PK11RSAGenParams *)param; + modulusBits = rsaParams->keySizeInBits; + peCount = 0; + + /* convert pe to a PKCS #11 string */ + for (i=0; i < 4; i++) { + if (peCount || (rsaParams->pe & + ((unsigned long)0xff000000L >> (i*8)))) { + publicExponent[peCount] = + (CK_BYTE)((rsaParams->pe >> (3-i)*8) & 0xff); + peCount++; + } + } + PORT_Assert(peCount != 0); + attrs = rsaPubTemplate; + PK11_SETATTRS(attrs, CKA_MODULUS_BITS, + &modulusBits, sizeof(modulusBits)); attrs++; + PK11_SETATTRS(attrs, CKA_PUBLIC_EXPONENT, + publicExponent, peCount);attrs++; + pubTemplate = rsaPubTemplate; + pubCount = rsaPubCount; + keyType = rsaKey; + test_mech.mechanism = CKM_RSA_PKCS; + break; + case CKM_DSA_KEY_PAIR_GEN: + dsaParams = (PQGParams *)param; + attrs = dsaPubTemplate; + PK11_SETATTRS(attrs, CKA_PRIME, dsaParams->prime.data, + dsaParams->prime.len); attrs++; + PK11_SETATTRS(attrs, CKA_SUBPRIME, dsaParams->subPrime.data, + dsaParams->subPrime.len); attrs++; + PK11_SETATTRS(attrs, CKA_BASE, dsaParams->base.data, + dsaParams->base.len); attrs++; + pubTemplate = dsaPubTemplate; + pubCount = dsaPubCount; + keyType = dsaKey; + test_mech.mechanism = CKM_DSA; + break; + case CKM_DH_PKCS_KEY_PAIR_GEN: + dhParams = (DHParams *)param; + attrs = dhPubTemplate; + PK11_SETATTRS(attrs, CKA_PRIME, dhParams->prime.data, + dhParams->prime.len); attrs++; + PK11_SETATTRS(attrs, CKA_BASE, dhParams->base.data, + dhParams->base.len); attrs++; + pubTemplate = dhPubTemplate; + pubCount = dhPubCount; + keyType = dhKey; + test_mech.mechanism = CKM_DH_PKCS_DERIVE; + break; + default: + PORT_SetError( SEC_ERROR_BAD_KEY ); + return NULL; + } + + /* now query the slot to find out how "good" a key we can generate */ + if (!slot->isThreadSafe) PK11_EnterSlotMonitor(slot); + crv = PK11_GETTAB(slot)->C_GetMechanismInfo(slot->slotID, + test_mech.mechanism,&mechanism_info); + if (!slot->isThreadSafe) PK11_ExitSlotMonitor(slot); + if ((crv != CKR_OK) || (mechanism_info.flags == 0)) { + /* must be old module... guess what it should be... */ + switch (test_mech.mechanism) { + case CKM_RSA_PKCS: + mechanism_info.flags = (CKF_SIGN | CKF_DECRYPT | + CKF_WRAP | CKF_VERIFY_RECOVER | CKF_ENCRYPT | CKF_WRAP);; + break; + case CKM_DSA: + mechanism_info.flags = CKF_SIGN | CKF_VERIFY; + break; + case CKM_DH_PKCS_DERIVE: + mechanism_info.flags = CKF_DERIVE; + break; + default: + break; + } + } + /* set the public key objects */ + PK11_SETATTRS(attrs, CKA_TOKEN, token ? &cktrue : &ckfalse, + sizeof(CK_BBOOL)); attrs++; + PK11_SETATTRS(attrs, CKA_DERIVE, + mechanism_info.flags & CKF_DERIVE ? &cktrue : &ckfalse, + sizeof(CK_BBOOL)); attrs++; + PK11_SETATTRS(attrs, CKA_WRAP, + mechanism_info.flags & CKF_WRAP ? &cktrue : &ckfalse, + sizeof(CK_BBOOL)); attrs++; + PK11_SETATTRS(attrs, CKA_VERIFY, + mechanism_info.flags & CKF_VERIFY ? &cktrue : &ckfalse, + sizeof(CK_BBOOL)); attrs++; + PK11_SETATTRS(attrs, CKA_VERIFY_RECOVER, + mechanism_info.flags & CKF_VERIFY_RECOVER ? &cktrue : &ckfalse, + sizeof(CK_BBOOL)); attrs++; + PK11_SETATTRS(attrs, CKA_ENCRYPT, + mechanism_info.flags & CKF_ENCRYPT? &cktrue : &ckfalse, + sizeof(CK_BBOOL)); attrs++; + PK11_SETATTRS(privattrs, CKA_DERIVE, + mechanism_info.flags & CKF_DERIVE ? &cktrue : &ckfalse, + sizeof(CK_BBOOL)); privattrs++; + PK11_SETATTRS(privattrs, CKA_UNWRAP, + mechanism_info.flags & CKF_UNWRAP ? &cktrue : &ckfalse, + sizeof(CK_BBOOL)); privattrs++; + PK11_SETATTRS(privattrs, CKA_SIGN, + mechanism_info.flags & CKF_SIGN ? &cktrue : &ckfalse, + sizeof(CK_BBOOL)); privattrs++; + PK11_SETATTRS(privattrs, CKA_DECRYPT, + mechanism_info.flags & CKF_DECRYPT ? &cktrue : &ckfalse, + sizeof(CK_BBOOL)); privattrs++; + + if (token) { + session_handle = PK11_GetRWSession(slot); + haslock = PK11_RWSessionHasLock(slot,session_handle); + restore = PR_TRUE; + } else { + PK11_EnterSlotMonitor(slot); /* gross!! */ + session_handle = slot->session; + restore = PR_FALSE; + haslock = PR_TRUE; + } + + crv = PK11_GETTAB(slot)->C_GenerateKeyPair(session_handle, &mechanism, + pubTemplate,pubCount,privTemplate,privCount,&pubID,&privID); + + + if (crv != CKR_OK) { + if (restore) { + PK11_RestoreROSession(slot,session_handle); + } else PK11_ExitSlotMonitor(slot); + PORT_SetError( PK11_MapError(crv) ); + return NULL; + } + /* This locking code is dangerous and needs to be more thought + * out... the real problem is that we're holding the mutex open this long + */ + if (haslock) { PK11_ExitSlotMonitor(slot); } + + /* swap around the ID's for older PKCS #11 modules */ + keyClass = PK11_ReadULongAttribute(slot,pubID,CKA_CLASS); + if (keyClass != CKO_PUBLIC_KEY) { + CK_OBJECT_HANDLE tmp = pubID; + pubID = privID; + privID = tmp; + } + + *pubKey = PK11_ExtractPublicKey(slot, keyType, pubID); + if (*pubKey == NULL) { + if (restore) { + /* we may have to restore the mutex so it get's exited properly + * in RestoreROSession */ + if (haslock) PK11_EnterSlotMonitor(slot); + PK11_RestoreROSession(slot,session_handle); + } + PK11_DestroyObject(slot,pubID); + PK11_DestroyObject(slot,privID); + return NULL; + } + + /* set the ID to the public key so we can find it again */ + pubKeyIndex = NULL; + switch (type) { + case CKM_RSA_PKCS_KEY_PAIR_GEN: + pubKeyIndex = &(*pubKey)->u.rsa.modulus; + break; + case CKM_DSA_KEY_PAIR_GEN: + pubKeyIndex = &(*pubKey)->u.dsa.publicValue; + break; + case CKM_DH_PKCS_KEY_PAIR_GEN: + pubKeyIndex = &(*pubKey)->u.dh.publicValue; + break; + } + PORT_Assert(pubKeyIndex != NULL); + + cka_id = PK11_MakeIDFromPubKey(pubKeyIndex); + pubIsToken = (PRBool)PK11_HasAttributeSet(slot,pubID, CKA_TOKEN); + + PK11_SETATTRS(&setTemplate, CKA_ID, cka_id->data, cka_id->len); + + if (haslock) { PK11_EnterSlotMonitor(slot); } + crv = PK11_GETTAB(slot)->C_SetAttributeValue(session_handle, privID, + &setTemplate, 1); + + if (crv == CKR_OK && pubIsToken) { + crv = PK11_GETTAB(slot)->C_SetAttributeValue(session_handle, pubID, + &setTemplate, 1); + } + + + if (restore) { + PK11_RestoreROSession(slot,session_handle); + } else { + PK11_ExitSlotMonitor(slot); + } + SECITEM_FreeItem(cka_id,PR_TRUE); + + + if (crv != CKR_OK) { + PK11_DestroyObject(slot,pubID); + PK11_DestroyObject(slot,privID); + PORT_SetError( PK11_MapError(crv) ); + *pubKey = NULL; + return NULL; + } + + privKey = PK11_MakePrivKey(slot,keyType,(PRBool)!token,privID,wincx); + if (privKey == NULL) { + SECKEY_DestroyPublicKey(*pubKey); + PK11_DestroyObject(slot,privID); + *pubKey = NULL; + return NULL; /* due to pairwise consistency check */ + } + + /* Perform PKCS #11 pairwise consistency check. */ + rv = pk11_PairwiseConsistencyCheck( *pubKey, privKey, &test_mech, wincx ); + if( rv != SECSuccess ) { + SECKEY_DestroyPublicKey( *pubKey ); + SECKEY_DestroyPrivateKey( privKey ); + *pubKey = NULL; + privKey = NULL; + return NULL; + } + + return privKey; +} + +/* + * This function does a straight public key wrap (which only RSA can do). + * Use PK11_PubGenKey and PK11_WrapSymKey to implement the FORTEZZA and + * Diffie-Hellman Ciphers. */ +SECStatus +PK11_PubWrapSymKey(CK_MECHANISM_TYPE type, SECKEYPublicKey *pubKey, + PK11SymKey *symKey, SECItem *wrappedKey) +{ + PK11SlotInfo *slot; + CK_ULONG len = wrappedKey->len; + PK11SymKey *newKey = NULL; + CK_OBJECT_HANDLE id; + CK_MECHANISM mechanism; + PRBool owner = PR_TRUE; + CK_SESSION_HANDLE session; + CK_RV crv; + + /* if this slot doesn't support the mechanism, go to a slot that does */ + newKey = pk11_ForceSlot(symKey,type,CKA_ENCRYPT); + if (newKey != NULL) { + symKey = newKey; + } + + if ((symKey == NULL) || (symKey->slot == NULL)) { + PORT_SetError( SEC_ERROR_NO_MODULE ); + return SECFailure; + } + + slot = symKey->slot; + mechanism.mechanism = pk11_mapWrapKeyType(pubKey->keyType); + mechanism.pParameter = NULL; + mechanism.ulParameterLen = 0; + + id = PK11_ImportPublicKey(slot,pubKey,PR_FALSE); + + session = pk11_GetNewSession(slot,&owner); + if (!owner || !(slot->isThreadSafe)) PK11_EnterSlotMonitor(slot); + crv = PK11_GETTAB(slot)->C_WrapKey(session,&mechanism, + id,symKey->objectID,wrappedKey->data,&len); + if (!owner || !(slot->isThreadSafe)) PK11_ExitSlotMonitor(slot); + pk11_CloseSession(slot,session,owner); + if (newKey) { + PK11_FreeSymKey(newKey); + } + + if (crv != CKR_OK) { + PORT_SetError( PK11_MapError(crv) ); + return SECFailure; + } + wrappedKey->len = len; + return SECSuccess; +} + +/* + * this little function uses the Encrypt function to wrap a key, just in + * case we have problems with the wrap implementation for a token. + */ +static SECStatus +pk11_HandWrap(PK11SymKey *wrappingKey, SECItem *param, CK_MECHANISM_TYPE type, + SECItem *inKey, SECItem *outKey) +{ + PK11SlotInfo *slot; + CK_ULONG len; + SECItem *data; + CK_MECHANISM mech; + PRBool owner = PR_TRUE; + CK_SESSION_HANDLE session; + CK_RV crv; + + slot = wrappingKey->slot; + /* use NULL IV's for wrapping */ + mech.mechanism = type; + if (param) { + mech.pParameter = param->data; + mech.ulParameterLen = param->len; + } else { + mech.pParameter = NULL; + mech.ulParameterLen = 0; + } + session = pk11_GetNewSession(slot,&owner); + if (!owner || !(slot->isThreadSafe)) PK11_EnterSlotMonitor(slot); + crv = PK11_GETTAB(slot)->C_EncryptInit(session,&mech, + wrappingKey->objectID); + if (crv != CKR_OK) { + if (!owner || !(slot->isThreadSafe)) PK11_ExitSlotMonitor(slot); + pk11_CloseSession(slot,session,owner); + PORT_SetError( PK11_MapError(crv) ); + return SECFailure; + } + + /* keys are almost always aligned, but if we get this far, + * we've gone above and beyond anyway... */ + data = PK11_BlockData(inKey,PK11_GetBlockSize(type,param)); + if (data == NULL) { + if (!owner || !(slot->isThreadSafe)) PK11_ExitSlotMonitor(slot); + pk11_CloseSession(slot,session,owner); + PORT_SetError(SEC_ERROR_NO_MEMORY); + return SECFailure; + } + len = outKey->len; + crv = PK11_GETTAB(slot)->C_Encrypt(session,data->data,data->len, + outKey->data, &len); + if (!owner || !(slot->isThreadSafe)) PK11_ExitSlotMonitor(slot); + pk11_CloseSession(slot,session,owner); + SECITEM_FreeItem(data,PR_TRUE); + outKey->len = len; + if (crv != CKR_OK) { + PORT_SetError( PK11_MapError(crv) ); + return SECFailure; + } + return SECSuccess; +} + +/* + * This function does a symetric based wrap. + */ +SECStatus +PK11_WrapSymKey(CK_MECHANISM_TYPE type, SECItem *param, + PK11SymKey *wrappingKey, PK11SymKey *symKey, SECItem *wrappedKey) +{ + PK11SlotInfo *slot; + CK_ULONG len = wrappedKey->len; + PK11SymKey *newKey = NULL; + SECItem *param_save = NULL; + CK_MECHANISM mechanism; + PRBool owner = PR_TRUE; + CK_SESSION_HANDLE session; + CK_RV crv; + SECStatus rv; + + /* if this slot doesn't support the mechanism, go to a slot that does */ + /* Force symKey and wrappingKey into the same slot */ + if ((wrappingKey->slot == NULL) || (symKey->slot != wrappingKey->slot)) { + /* first try copying the wrapping Key to the symKey slot */ + if (symKey->slot && PK11_DoesMechanism(symKey->slot,type)) { + newKey = pk11_CopyToSlot(symKey->slot,type,CKA_WRAP,wrappingKey); + } + /* Nope, try it the other way */ + if (newKey == NULL) { + if (wrappingKey->slot) { + newKey = pk11_CopyToSlot(wrappingKey->slot, + symKey->type, CKA_ENCRYPT, symKey); + } + /* just not playing... one last thing, can we get symKey's data? + * If it's possible, we it should already be in the + * symKey->data.data pointer because pk11_CopyToSlot would have + * tried to put it there. */ + if (newKey == NULL) { + /* Can't get symKey's data: Game Over */ + if (symKey->data.data == NULL) { + PORT_SetError( SEC_ERROR_NO_MODULE ); + return SECFailure; + } + if (param == NULL) { + param_save = param = PK11_ParamFromIV(type,NULL); + } + rv = pk11_HandWrap(wrappingKey, param, type, + &symKey->data,wrappedKey); + if (param_save) SECITEM_FreeItem(param_save,PR_TRUE); + return rv; + } + /* we successfully moved the sym Key */ + symKey = newKey; + } else { + /* we successfully moved the wrapping Key */ + wrappingKey = newKey; + } + } + + /* at this point both keys are in the same token */ + slot = wrappingKey->slot; + mechanism.mechanism = type; + /* use NULL IV's for wrapping */ + if (param == NULL) { + param_save = param = PK11_ParamFromIV(type,NULL); + } + if (param) { + mechanism.pParameter = param->data; + mechanism.ulParameterLen = param->len; + } else { + mechanism.pParameter = NULL; + mechanism.ulParameterLen = 0; + } + + len = wrappedKey->len; + + session = pk11_GetNewSession(slot,&owner); + if (!owner || !(slot->isThreadSafe)) PK11_EnterSlotMonitor(slot); + crv = PK11_GETTAB(slot)->C_WrapKey(session, &mechanism, + wrappingKey->objectID, symKey->objectID, + wrappedKey->data, &len); + if (!owner || !(slot->isThreadSafe)) PK11_ExitSlotMonitor(slot); + pk11_CloseSession(slot,session,owner); + rv = SECSuccess; + if (crv != CKR_OK) { + /* can't wrap it? try hand wrapping it... */ + do { + if (symKey->data.data == NULL) { + rv = PK11_ExtractKeyValue(symKey); + if (rv != SECSuccess) break; + } + rv = pk11_HandWrap(wrappingKey, param, type, &symKey->data, + wrappedKey); + } while (PR_FALSE); + } else { + wrappedKey->len = len; + } + if (newKey) PK11_FreeSymKey(newKey); + if (param_save) SECITEM_FreeItem(param_save,PR_TRUE); + return rv; +} + +/* + * This Generates a new key based on a symetricKey + */ +PK11SymKey * +PK11_Derive( PK11SymKey *baseKey, CK_MECHANISM_TYPE derive, SECItem *param, + CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation, + int keySize) +{ + return pk11_DeriveWithTemplate(baseKey, derive, param, target, operation, + keySize, NULL, 0); +} + +#define MAX_TEMPL_ATTRS 16 /* maximum attributes in template */ + +/* This mask includes all CK_FLAGs with an equivalent CKA_ attribute. */ +#define CKF_KEY_OPERATION_FLAGS 0x000e7b00UL + +static unsigned int +pk11_FlagsToAttributes(CK_FLAGS flags, CK_ATTRIBUTE *attrs, CK_BBOOL *ckTrue) +{ + + const static CK_ATTRIBUTE_TYPE attrTypes[12] = { + CKA_ENCRYPT, CKA_DECRYPT, 0 /* DIGEST */, CKA_SIGN, + CKA_SIGN_RECOVER, CKA_VERIFY, CKA_VERIFY_RECOVER, 0 /* GEN */, + 0 /* GEN PAIR */, CKA_WRAP, CKA_UNWRAP, CKA_DERIVE + }; + + const CK_ATTRIBUTE_TYPE *pType = attrTypes; + CK_ATTRIBUTE *attr = attrs; + CK_FLAGS test = CKF_ENCRYPT; + + + PR_ASSERT(!(flags & ~CKF_KEY_OPERATION_FLAGS)); + flags &= CKF_KEY_OPERATION_FLAGS; + + for (; flags && test <= CKF_DERIVE; test <<= 1, ++pType) { + if (test & flags) { + flags ^= test; + PK11_SETATTRS(attr, *pType, ckTrue, sizeof *ckTrue); + ++attr; + } + } + return (attr - attrs); +} + +PK11SymKey * +PK11_DeriveWithFlags( PK11SymKey *baseKey, CK_MECHANISM_TYPE derive, + SECItem *param, CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation, + int keySize, CK_FLAGS flags) +{ + CK_BBOOL ckTrue = CK_TRUE; + CK_ATTRIBUTE keyTemplate[MAX_TEMPL_ATTRS]; + unsigned int templateCount; + + templateCount = pk11_FlagsToAttributes(flags, keyTemplate, &ckTrue); + return pk11_DeriveWithTemplate(baseKey, derive, param, target, operation, + keySize, keyTemplate, templateCount); +} + +static PRBool +pk11_FindAttrInTemplate(CK_ATTRIBUTE * attr, + unsigned int numAttrs, + CK_ATTRIBUTE_TYPE target) +{ + for (; numAttrs > 0; ++attr, --numAttrs) { + if (attr->type == target) + return PR_TRUE; + } + return PR_FALSE; +} + +static PK11SymKey * +pk11_DeriveWithTemplate( PK11SymKey *baseKey, CK_MECHANISM_TYPE derive, + SECItem *param, CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation, + int keySize, CK_ATTRIBUTE *userAttr, unsigned int numAttrs) +{ + PK11SlotInfo * slot = baseKey->slot; + PK11SymKey * symKey; + PK11SymKey * newBaseKey = NULL; + CK_BBOOL cktrue = CK_TRUE; + CK_OBJECT_CLASS keyClass = CKO_SECRET_KEY; + CK_KEY_TYPE keyType = CKK_GENERIC_SECRET; + CK_ULONG valueLen = 0; + CK_MECHANISM mechanism; + CK_RV crv; + CK_ATTRIBUTE keyTemplate[MAX_TEMPL_ATTRS]; + CK_ATTRIBUTE * attrs = keyTemplate; + unsigned int templateCount; + + if (numAttrs > MAX_TEMPL_ATTRS) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return NULL; + } + /* first copy caller attributes in. */ + for (templateCount = 0; templateCount < numAttrs; ++templateCount) { + *attrs++ = *userAttr++; + } + + /* We only add the following attributes to the template if the caller + ** didn't already supply them. + */ + if (!pk11_FindAttrInTemplate(keyTemplate, numAttrs, CKA_CLASS)) { + PK11_SETATTRS(attrs, CKA_CLASS, &keyClass, sizeof keyClass); + attrs++; + } + if (!pk11_FindAttrInTemplate(keyTemplate, numAttrs, CKA_KEY_TYPE)) { + keyType = PK11_GetKeyType(target, keySize); + PK11_SETATTRS(attrs, CKA_KEY_TYPE, &keyType, sizeof keyType ); + attrs++; + } + if (keySize > 0 && + !pk11_FindAttrInTemplate(keyTemplate, numAttrs, CKA_VALUE_LEN)) { + valueLen = (CK_ULONG)keySize; + PK11_SETATTRS(attrs, CKA_VALUE_LEN, &valueLen, sizeof valueLen); + attrs++; + } + if (!pk11_FindAttrInTemplate(keyTemplate, numAttrs, operation)) { + PK11_SETATTRS(attrs, operation, &cktrue, sizeof cktrue); attrs++; + } + + templateCount = attrs - keyTemplate; + PR_ASSERT(templateCount <= MAX_TEMPL_ATTRS); + + /* move the key to a slot that can do the function */ + if (!PK11_DoesMechanism(slot,derive)) { + /* get a new base key & slot */ + PK11SlotInfo *newSlot = PK11_GetBestSlot(derive, baseKey->cx); + + if (newSlot == NULL) return NULL; + + newBaseKey = pk11_CopyToSlot (newSlot, derive, CKA_DERIVE, + baseKey); + PK11_FreeSlot(newSlot); + if (newBaseKey == NULL) return NULL; + baseKey = newBaseKey; + slot = baseKey->slot; + } + + + /* get our key Structure */ + symKey = PK11_CreateSymKey(slot,target,baseKey->cx); + if (symKey == NULL) { + return NULL; + } + + symKey->size = keySize; + + mechanism.mechanism = derive; + if (param) { + mechanism.pParameter = param->data; + mechanism.ulParameterLen = param->len; + } else { + mechanism.pParameter = NULL; + mechanism.ulParameterLen = 0; + } + symKey->origin=PK11_OriginDerive; + + pk11_EnterKeyMonitor(symKey); + crv = PK11_GETTAB(slot)->C_DeriveKey(symKey->session, &mechanism, + baseKey->objectID, keyTemplate, templateCount, &symKey->objectID); + pk11_ExitKeyMonitor(symKey); + + if (newBaseKey) PK11_FreeSymKey(newBaseKey); + if (crv != CKR_OK) { + PK11_FreeSymKey(symKey); + return NULL; + } + return symKey; +} + +/* build a public KEA key from the public value */ +SECKEYPublicKey * +PK11_MakeKEAPubKey(unsigned char *keyData,int length) +{ + SECKEYPublicKey *pubk; + SECItem pkData; + SECStatus rv; + PRArenaPool *arena; + + pkData.data = keyData; + pkData.len = length; + + arena = PORT_NewArena (DER_DEFAULT_CHUNKSIZE); + if (arena == NULL) + return NULL; + + pubk = (SECKEYPublicKey *) PORT_ArenaZAlloc(arena, sizeof(SECKEYPublicKey)); + if (pubk == NULL) { + PORT_FreeArena (arena, PR_FALSE); + return NULL; + } + + pubk->arena = arena; + pubk->pkcs11Slot = 0; + pubk->pkcs11ID = CK_INVALID_KEY; + pubk->keyType = fortezzaKey; + rv = SECITEM_CopyItem(arena, &pubk->u.fortezza.KEAKey, &pkData); + if (rv != SECSuccess) { + PORT_FreeArena (arena, PR_FALSE); + return NULL; + } + return pubk; +} + + +/* + * This Generates a wrapping key based on a privateKey, publicKey, and two + * random numbers. For Mail usage RandomB should be NULL. In the Sender's + * case RandomA is generate, outherwize it is passed. + */ +static unsigned char *rb_email = NULL; + +PK11SymKey * +PK11_PubDerive(SECKEYPrivateKey *privKey, SECKEYPublicKey *pubKey, + PRBool isSender, SECItem *randomA, SECItem *randomB, + CK_MECHANISM_TYPE derive, CK_MECHANISM_TYPE target, + CK_ATTRIBUTE_TYPE operation, int keySize,void *wincx) +{ + PK11SlotInfo *slot = privKey->pkcs11Slot; + CK_MECHANISM mechanism; + PK11SymKey *symKey; + CK_RV crv; + + + if (rb_email == NULL) { + rb_email = PORT_ZAlloc(128); + if (rb_email == NULL) { + return NULL; + } + rb_email[127] = 1; + } + + /* get our key Structure */ + symKey = PK11_CreateSymKey(slot,target,wincx); + if (symKey == NULL) { + return NULL; + } + + symKey->origin = PK11_OriginDerive; + + switch (privKey->keyType) { + case rsaKey: + case nullKey: + PORT_SetError(SEC_ERROR_BAD_KEY); + break; + /* case keaKey: */ + case dsaKey: + case fortezzaKey: + { + CK_KEA_DERIVE_PARAMS param; + param.isSender = (CK_BBOOL) isSender; + param.ulRandomLen = randomA->len; + param.pRandomA = randomA->data; + param.pRandomB = rb_email; + if (randomB) + param.pRandomB = randomB->data; + if (pubKey->keyType == fortezzaKey) { + param.ulPublicDataLen = pubKey->u.fortezza.KEAKey.len; + param.pPublicData = pubKey->u.fortezza.KEAKey.data; + } else { + /* assert type == keaKey */ + /* XXX change to match key key types */ + param.ulPublicDataLen = pubKey->u.fortezza.KEAKey.len; + param.pPublicData = pubKey->u.fortezza.KEAKey.data; + } + + mechanism.mechanism = derive; + mechanism.pParameter = ¶m; + mechanism.ulParameterLen = sizeof(param); + + /* get a new symKey structure */ + pk11_EnterKeyMonitor(symKey); + crv=PK11_GETTAB(slot)->C_DeriveKey(symKey->session, &mechanism, + privKey->pkcs11ID, NULL, 0, &symKey->objectID); + pk11_ExitKeyMonitor(symKey); + if (crv == CKR_OK) return symKey; + PORT_SetError( PK11_MapError(crv) ); + } + break; + case dhKey: + { + CK_BBOOL cktrue = CK_TRUE; + CK_OBJECT_CLASS keyClass = CKO_SECRET_KEY; + CK_KEY_TYPE keyType = CKK_GENERIC_SECRET; + CK_ULONG key_size = 0; + CK_ATTRIBUTE keyTemplate[4]; + int templateCount; + CK_ATTRIBUTE *attrs = keyTemplate; + + if (pubKey->keyType != dhKey) { + PORT_SetError(SEC_ERROR_BAD_KEY); + break; + } + + PK11_SETATTRS(attrs, CKA_CLASS, &keyClass, sizeof(keyClass)); + attrs++; + PK11_SETATTRS(attrs, CKA_KEY_TYPE, &keyType, sizeof(keyType)); + attrs++; + PK11_SETATTRS(attrs, operation, &cktrue, 1); attrs++; + PK11_SETATTRS(attrs, CKA_VALUE_LEN, &key_size, sizeof(key_size)); + attrs++; + templateCount = attrs - keyTemplate; + PR_ASSERT(templateCount <= sizeof(keyTemplate)/sizeof(CK_ATTRIBUTE)); + + keyType = PK11_GetKeyType(target,keySize); + key_size = keySize; + symKey->size = keySize; + if (key_size == 0) templateCount--; + + mechanism.mechanism = derive; + + /* we can undefine these when we define diffie-helman keys */ + mechanism.pParameter = pubKey->u.dh.publicValue.data; + mechanism.ulParameterLen = pubKey->u.dh.publicValue.len; + + pk11_EnterKeyMonitor(symKey); + crv = PK11_GETTAB(slot)->C_DeriveKey(symKey->session, &mechanism, + privKey->pkcs11ID, keyTemplate, templateCount, &symKey->objectID); + pk11_ExitKeyMonitor(symKey); + if (crv == CKR_OK) return symKey; + PORT_SetError( PK11_MapError(crv) ); + } + break; + } + + PK11_FreeSymKey(symKey); + return NULL; +} + +/* + * this little function uses the Decrypt function to unwrap a key, just in + * case we are having problem with unwrap. NOTE: The key size may + * not be preserved properly for some algorithms! + */ +static PK11SymKey * +pk11_HandUnwrap(PK11SlotInfo *slot, CK_OBJECT_HANDLE wrappingKey, + CK_MECHANISM *mech, SECItem *inKey, CK_MECHANISM_TYPE target, + CK_ATTRIBUTE *keyTemplate, unsigned int templateCount, + int key_size, void * wincx) +{ + CK_ULONG len; + SECItem outKey; + PK11SymKey *symKey; + CK_RV crv; + PRBool owner = PR_TRUE; + PRBool bool = PR_TRUE; + CK_SESSION_HANDLE session; + + /* remove any VALUE_LEN parameters */ + if (keyTemplate[templateCount-1].type == CKA_VALUE_LEN) { + templateCount--; + } + + /* keys are almost always aligned, but if we get this far, + * we've gone above and beyond anyway... */ + outKey.data = (unsigned char*)PORT_Alloc(inKey->len); + if (outKey.data == NULL) { + PORT_SetError( SEC_ERROR_NO_MEMORY ); + return NULL; + } + len = inKey->len; + + /* use NULL IV's for wrapping */ + session = pk11_GetNewSession(slot,&owner); + if (!owner || !(slot->isThreadSafe)) PK11_EnterSlotMonitor(slot); + crv = PK11_GETTAB(slot)->C_DecryptInit(session,mech,wrappingKey); + if (crv != CKR_OK) { + if (!owner || !(slot->isThreadSafe)) PK11_ExitSlotMonitor(slot); + pk11_CloseSession(slot,session,owner); + PORT_Free(outKey.data); + PORT_SetError( PK11_MapError(crv) ); + return NULL; + } + crv = PK11_GETTAB(slot)->C_Decrypt(session,inKey->data,inKey->len, + outKey.data, &len); + if (!owner || !(slot->isThreadSafe)) PK11_ExitSlotMonitor(slot); + pk11_CloseSession(slot,session,owner); + if (crv != CKR_OK) { + PORT_Free(outKey.data); + PORT_SetError( PK11_MapError(crv) ); + return NULL; + } + + outKey.len = (key_size == 0) ? len : key_size; + + if (PK11_DoesMechanism(slot,target)) { + symKey = pk11_ImportSymKeyWithTempl(slot, target, PK11_OriginUnwrap, + keyTemplate, templateCount, + &outKey, wincx); + } else { + slot = PK11_GetBestSlot(target,wincx); + if (slot == NULL) { + PORT_SetError( SEC_ERROR_NO_MODULE ); + PORT_Free(outKey.data); + return NULL; + } + symKey = pk11_ImportSymKeyWithTempl(slot, target, PK11_OriginUnwrap, + keyTemplate, templateCount, + &outKey, wincx); + PK11_FreeSlot(slot); + } + PORT_Free(outKey.data); + return symKey; +} + +/* + * The wrap/unwrap function is pretty much the same for private and + * public keys. It's just getting the Object ID and slot right. This is + * the combined unwrap function. + */ +static PK11SymKey * +pk11_AnyUnwrapKey(PK11SlotInfo *slot, CK_OBJECT_HANDLE wrappingKey, + CK_MECHANISM_TYPE wrapType, SECItem *param, SECItem *wrappedKey, + CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation, int keySize, + void *wincx, CK_ATTRIBUTE *userAttr, unsigned int numAttrs) +{ + PK11SymKey * symKey; + SECItem * param_free = NULL; + CK_BBOOL ckfalse = CK_FALSE; + CK_BBOOL cktrue = CK_TRUE; + CK_OBJECT_CLASS keyClass = CKO_SECRET_KEY; + CK_KEY_TYPE keyType = CKK_GENERIC_SECRET; + CK_ULONG valueLen = 0; + CK_MECHANISM mechanism; + CK_RV crv; + CK_MECHANISM_INFO mechanism_info; + CK_ATTRIBUTE keyTemplate[MAX_TEMPL_ATTRS]; + CK_ATTRIBUTE * attrs = keyTemplate; + unsigned int templateCount; + + if (numAttrs > MAX_TEMPL_ATTRS) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return NULL; + } + /* first copy caller attributes in. */ + for (templateCount = 0; templateCount < numAttrs; ++templateCount) { + *attrs++ = *userAttr++; + } + + /* We only add the following attributes to the template if the caller + ** didn't already supply them. + */ + if (!pk11_FindAttrInTemplate(keyTemplate, numAttrs, CKA_CLASS)) { + PK11_SETATTRS(attrs, CKA_CLASS, &keyClass, sizeof keyClass); + attrs++; + } + if (!pk11_FindAttrInTemplate(keyTemplate, numAttrs, CKA_KEY_TYPE)) { + keyType = PK11_GetKeyType(target, keySize); + PK11_SETATTRS(attrs, CKA_KEY_TYPE, &keyType, sizeof keyType ); + attrs++; + } + if (!pk11_FindAttrInTemplate(keyTemplate, numAttrs, operation)) { + PK11_SETATTRS(attrs, operation, &cktrue, 1); attrs++; + } + + /* + * must be last in case we need to use this template to import the key + */ + if (keySize > 0 && + !pk11_FindAttrInTemplate(keyTemplate, numAttrs, CKA_VALUE_LEN)) { + valueLen = (CK_ULONG)keySize; + PK11_SETATTRS(attrs, CKA_VALUE_LEN, &valueLen, sizeof valueLen); + attrs++; + } + + templateCount = attrs - keyTemplate; + PR_ASSERT(templateCount <= sizeof(keyTemplate)/sizeof(CK_ATTRIBUTE)); + + + /* find out if we can do wrap directly. Because the RSA case if *very* + * common, cache the results for it. */ + if ((wrapType == CKM_RSA_PKCS) && (slot->hasRSAInfo)) { + mechanism_info.flags = slot->RSAInfoFlags; + } else { + if (!slot->isThreadSafe) PK11_EnterSlotMonitor(slot); + crv = PK11_GETTAB(slot)->C_GetMechanismInfo(slot->slotID,wrapType, + &mechanism_info); + if (!slot->isThreadSafe) PK11_ExitSlotMonitor(slot); + if (crv != CKR_OK) { + mechanism_info.flags = 0; + } + if (wrapType == CKM_RSA_PKCS) { + slot->RSAInfoFlags = mechanism_info.flags; + slot->hasRSAInfo = PR_TRUE; + } + } + + /* initialize the mechanism structure */ + mechanism.mechanism = wrapType; + /* use NULL IV's for wrapping */ + if (param == NULL) param = param_free = PK11_ParamFromIV(wrapType,NULL); + if (param) { + mechanism.pParameter = param->data; + mechanism.ulParameterLen = param->len; + } else { + mechanism.pParameter = NULL; + mechanism.ulParameterLen = 0; + } + + if ((mechanism_info.flags & CKF_DECRYPT) + && !PK11_DoesMechanism(slot,target)) { + symKey = pk11_HandUnwrap(slot, wrappingKey, &mechanism, wrappedKey, + target, keyTemplate, templateCount, keySize, + wincx); + if (symKey) { + if (param_free) SECITEM_FreeItem(param_free,PR_TRUE); + return symKey; + } + /* fall through, maybe they incorrectly set CKF_DECRYPT */ + } + + /* get our key Structure */ + symKey = PK11_CreateSymKey(slot,target,wincx); + if (symKey == NULL) { + if (param_free) SECITEM_FreeItem(param_free,PR_TRUE); + return NULL; + } + + symKey->size = keySize; + symKey->origin = PK11_OriginUnwrap; + + pk11_EnterKeyMonitor(symKey); + crv = PK11_GETTAB(slot)->C_UnwrapKey(symKey->session,&mechanism,wrappingKey, + wrappedKey->data, wrappedKey->len, keyTemplate, templateCount, + &symKey->objectID); + pk11_ExitKeyMonitor(symKey); + if (param_free) SECITEM_FreeItem(param_free,PR_TRUE); + if (crv != CKR_OK) { + /* try hand Unwrapping */ + PK11_FreeSymKey(symKey); + symKey = pk11_HandUnwrap(slot, wrappingKey, &mechanism, wrappedKey, + target, keyTemplate, templateCount, keySize, + wincx); + } + + return symKey; +} + +/* use a symetric key to unwrap another symetric key */ +PK11SymKey * +PK11_UnwrapSymKey( PK11SymKey *wrappingKey, CK_MECHANISM_TYPE wrapType, + SECItem *param, SECItem *wrappedKey, + CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation, + int keySize) +{ + return pk11_AnyUnwrapKey(wrappingKey->slot, wrappingKey->objectID, + wrapType, param, wrappedKey, target, operation, keySize, + wrappingKey->cx, NULL, 0); +} + +/* use a symetric key to unwrap another symetric key */ +PK11SymKey * +PK11_UnwrapSymKeyWithFlags(PK11SymKey *wrappingKey, CK_MECHANISM_TYPE wrapType, + SECItem *param, SECItem *wrappedKey, + CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation, + int keySize, CK_FLAGS flags) +{ + CK_BBOOL ckTrue = CK_TRUE; + CK_ATTRIBUTE keyTemplate[MAX_TEMPL_ATTRS]; + unsigned int templateCount; + + templateCount = pk11_FlagsToAttributes(flags, keyTemplate, &ckTrue); + return pk11_AnyUnwrapKey(wrappingKey->slot, wrappingKey->objectID, + wrapType, param, wrappedKey, target, operation, keySize, + wrappingKey->cx, keyTemplate, templateCount); +} + + +/* unwrap a symetric key with a private key. */ +PK11SymKey * +PK11_PubUnwrapSymKey(SECKEYPrivateKey *wrappingKey, SECItem *wrappedKey, + CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation, int keySize) +{ + CK_MECHANISM_TYPE wrapType = pk11_mapWrapKeyType(wrappingKey->keyType); + + PK11_HandlePasswordCheck(wrappingKey->pkcs11Slot,wrappingKey->wincx); + + return pk11_AnyUnwrapKey(wrappingKey->pkcs11Slot, wrappingKey->pkcs11ID, + wrapType, NULL, wrappedKey, target, operation, keySize, + wrappingKey->wincx, NULL, 0); +} + +/* + * Recover the Signed data. We need this because our old verify can't + * figure out which hash algorithm to use until we decryptted this. + */ +SECStatus +PK11_VerifyRecover(SECKEYPublicKey *key, + SECItem *sig, SECItem *dsig, void *wincx) +{ + PK11SlotInfo *slot = key->pkcs11Slot; + CK_OBJECT_HANDLE id = key->pkcs11ID; + CK_MECHANISM mech = {0, NULL, 0 }; + PRBool owner = PR_TRUE; + CK_SESSION_HANDLE session; + CK_ULONG len; + CK_RV crv; + + mech.mechanism = pk11_mapSignKeyType(key->keyType); + + if (slot == NULL) { + slot = PK11_GetBestSlot(mech.mechanism,wincx); + if (slot == NULL) { + PORT_SetError( SEC_ERROR_NO_MODULE ); + return SECFailure; + } + id = PK11_ImportPublicKey(slot,key,PR_FALSE); + } + + session = pk11_GetNewSession(slot,&owner); + if (!owner || !(slot->isThreadSafe)) PK11_EnterSlotMonitor(slot); + crv = PK11_GETTAB(slot)->C_VerifyRecoverInit(session,&mech,id); + if (crv != CKR_OK) { + if (!owner || !(slot->isThreadSafe)) PK11_ExitSlotMonitor(slot); + pk11_CloseSession(slot,session,owner); + PORT_SetError( PK11_MapError(crv) ); + return SECFailure; + } + len = dsig->len; + crv = PK11_GETTAB(slot)->C_VerifyRecover(session,sig->data, + sig->len, dsig->data, &len); + if (!owner || !(slot->isThreadSafe)) PK11_ExitSlotMonitor(slot); + pk11_CloseSession(slot,session,owner); + dsig->len = len; + if (crv != CKR_OK) { + PORT_SetError( PK11_MapError(crv) ); + return SECFailure; + } + return SECSuccess; +} + +/* + * verify a signature from its hash. + */ +SECStatus +PK11_Verify(SECKEYPublicKey *key, SECItem *sig, SECItem *hash, void *wincx) +{ + PK11SlotInfo *slot = key->pkcs11Slot; + PK11SlotInfo *tmpslot = key->pkcs11Slot; + CK_OBJECT_HANDLE id = key->pkcs11ID; + CK_MECHANISM mech = {0, NULL, 0 }; + PRBool owner = PR_TRUE; + CK_SESSION_HANDLE session; + CK_RV crv; + + mech.mechanism = pk11_mapSignKeyType(key->keyType); + + if (slot == NULL) { + if (mech.mechanism == CKM_DSA) { + slot = PK11_GetInternalSlot(); /* use internal slot for + DSA verify */ + } else { + slot = PK11_GetBestSlot(mech.mechanism,wincx); + }; + + if (slot == NULL) { + PORT_SetError( SEC_ERROR_NO_MODULE ); + return SECFailure; + } + id = PK11_ImportPublicKey(slot,key,PR_FALSE); + + } + + session = pk11_GetNewSession(slot,&owner); + if (!owner || !(slot->isThreadSafe)) PK11_EnterSlotMonitor(slot); + crv = PK11_GETTAB(slot)->C_VerifyInit(session,&mech,id); + if (crv != CKR_OK) { + if (!owner || !(slot->isThreadSafe)) PK11_ExitSlotMonitor(slot); + pk11_CloseSession(slot,session,owner); + PORT_SetError( PK11_MapError(crv) ); + return SECFailure; + } + crv = PK11_GETTAB(slot)->C_Verify(session,hash->data, + hash->len, sig->data, sig->len); + if (!owner || !(slot->isThreadSafe)) PK11_ExitSlotMonitor(slot); + pk11_CloseSession(slot,session,owner); + if (crv != CKR_OK) { + PORT_SetError( PK11_MapError(crv) ); + return SECFailure; + } + return SECSuccess; +} + +/* + * sign a hash. The algorithm is determined by the key. + */ +SECStatus +PK11_Sign(SECKEYPrivateKey *key, SECItem *sig, SECItem *hash) +{ + PK11SlotInfo *slot = key->pkcs11Slot; + CK_MECHANISM mech = {0, NULL, 0 }; + PRBool owner = PR_TRUE; + CK_SESSION_HANDLE session; + CK_ULONG len; + CK_RV crv; + + mech.mechanism = pk11_mapSignKeyType(key->keyType); + + PK11_HandlePasswordCheck(slot, key->wincx); + + session = pk11_GetNewSession(slot,&owner); + if (!owner || !(slot->isThreadSafe)) PK11_EnterSlotMonitor(slot); + crv = PK11_GETTAB(slot)->C_SignInit(session,&mech,key->pkcs11ID); + if (crv != CKR_OK) { + if (!owner || !(slot->isThreadSafe)) PK11_ExitSlotMonitor(slot); + pk11_CloseSession(slot,session,owner); + PORT_SetError( PK11_MapError(crv) ); + return SECFailure; + } + len = sig->len; + crv = PK11_GETTAB(slot)->C_Sign(session,hash->data, + hash->len, sig->data, &len); + if (!owner || !(slot->isThreadSafe)) PK11_ExitSlotMonitor(slot); + pk11_CloseSession(slot,session,owner); + sig->len = len; + if (crv != CKR_OK) { + PORT_SetError( PK11_MapError(crv) ); + return SECFailure; + } + return SECSuccess; +} + +/* + * Now SSL 2.0 uses raw RSA stuff. These next to functions *must* use + * RSA keys, or they'll fail. We do the checks up front. If anyone comes + * up with a meaning for rawdecrypt for any other public key operation, + * then we need to move this check into some of PK11_PubDecrypt callers, + * (namely SSL 2.0). + */ +SECStatus +PK11_PubDecryptRaw(SECKEYPrivateKey *key, unsigned char *data, + unsigned *outLen, unsigned int maxLen, unsigned char *enc, + unsigned encLen) +{ + PK11SlotInfo *slot = key->pkcs11Slot; + CK_MECHANISM mech = {CKM_RSA_X_509, NULL, 0 }; + CK_ULONG out = maxLen; + PRBool owner = PR_TRUE; + CK_SESSION_HANDLE session; + CK_RV crv; + + if (key->keyType != rsaKey) { + PORT_SetError( SEC_ERROR_INVALID_KEY ); + return SECFailure; + } + + /* Why do we do a PK11_handle check here? for simple + * decryption? .. because the user may have asked for 'ask always' + * and this is a private key operation. In practice, thought, it's mute + * since only servers wind up using this function */ + PK11_HandlePasswordCheck(slot, key->wincx); + session = pk11_GetNewSession(slot,&owner); + if (!owner || !(slot->isThreadSafe)) PK11_EnterSlotMonitor(slot); + crv = PK11_GETTAB(slot)->C_DecryptInit(session,&mech,key->pkcs11ID); + if (crv != CKR_OK) { + if (!owner || !(slot->isThreadSafe)) PK11_ExitSlotMonitor(slot); + pk11_CloseSession(slot,session,owner); + PORT_SetError( PK11_MapError(crv) ); + return SECFailure; + } + crv = PK11_GETTAB(slot)->C_Decrypt(session,enc, encLen, + data, &out); + if (!owner || !(slot->isThreadSafe)) PK11_ExitSlotMonitor(slot); + pk11_CloseSession(slot,session,owner); + *outLen = out; + if (crv != CKR_OK) { + PORT_SetError( PK11_MapError(crv) ); + return SECFailure; + } + return SECSuccess; +} + +/* The encrypt version of the above function */ +SECStatus +PK11_PubEncryptRaw(SECKEYPublicKey *key, unsigned char *enc, + unsigned char *data, unsigned dataLen, void *wincx) +{ + PK11SlotInfo *slot; + CK_MECHANISM mech = {CKM_RSA_X_509, NULL, 0 }; + CK_OBJECT_HANDLE id; + CK_ULONG out = dataLen; + PRBool owner = PR_TRUE; + CK_SESSION_HANDLE session; + CK_RV crv; + + if (key->keyType != rsaKey) { + PORT_SetError( SEC_ERROR_BAD_KEY ); + return SECFailure; + } + + slot = PK11_GetBestSlot(mech.mechanism, wincx); + if (slot == NULL) { + PORT_SetError( SEC_ERROR_NO_MODULE ); + return SECFailure; + } + + id = PK11_ImportPublicKey(slot,key,PR_FALSE); + + session = pk11_GetNewSession(slot,&owner); + if (!owner || !(slot->isThreadSafe)) PK11_EnterSlotMonitor(slot); + crv = PK11_GETTAB(slot)->C_EncryptInit(session,&mech,id); + if (crv != CKR_OK) { + if (!owner || !(slot->isThreadSafe)) PK11_ExitSlotMonitor(slot); + pk11_CloseSession(slot,session,owner); + PORT_SetError( PK11_MapError(crv) ); + return SECFailure; + } + crv = PK11_GETTAB(slot)->C_Encrypt(session,data,dataLen,enc,&out); + if (!owner || !(slot->isThreadSafe)) PK11_ExitSlotMonitor(slot); + pk11_CloseSession(slot,session,owner); + if (crv != CKR_OK) { + PORT_SetError( PK11_MapError(crv) ); + return SECFailure; + } + return SECSuccess; +} + + +/********************************************************************** + * + * Now Deal with Crypto Contexts + * + **********************************************************************/ + +/* + * the monitors... + */ +void +PK11_EnterContextMonitor(PK11Context *cx) { + /* if we own the session and our slot is ThreadSafe, only monitor + * the Context */ + if ((cx->ownSession) && (cx->slot->isThreadSafe)) { + /* Should this use monitors instead? */ + PR_Lock(cx->sessionLock); + } else { + PK11_EnterSlotMonitor(cx->slot); + } +} + +void +PK11_ExitContextMonitor(PK11Context *cx) { + /* if we own the session and our slot is ThreadSafe, only monitor + * the Context */ + if ((cx->ownSession) && (cx->slot->isThreadSafe)) { + /* Should this use monitors instead? */ + PR_Unlock(cx->sessionLock); + } else { + PK11_ExitSlotMonitor(cx->slot); + } +} + +/* + * Free up a Cipher Context + */ +void +PK11_DestroyContext(PK11Context *context, PRBool freeit) +{ + pk11_CloseSession(context->slot,context->session,context->ownSession); + /* initialize the critical fields of the context */ + if (context->savedData != NULL ) PORT_Free(context->savedData); + if (context->key) PK11_FreeSymKey(context->key); + if (context->param) SECITEM_FreeItem(context->param, PR_TRUE); + if (context->sessionLock) PR_DestroyLock(context->sessionLock); + PK11_FreeSlot(context->slot); + if (freeit) PORT_Free(context); +} + +/* + * save the current context. Allocate Space if necessary. + */ +static void * +pk11_saveContextHelper(PK11Context *context, void *space, + unsigned long *savedLength, PRBool staticBuffer, PRBool recurse) +{ + CK_ULONG length; + CK_RV crv; + + if (staticBuffer) PORT_Assert(space != NULL); + + if (space == NULL) { + crv =PK11_GETTAB(context->slot)->C_GetOperationState(context->session, + NULL,&length); + if (crv != CKR_OK) { + PORT_SetError( PK11_MapError(crv) ); + return NULL; + } + space = PORT_Alloc(length); + if (space == NULL) return NULL; + *savedLength = length; + } + crv = PK11_GETTAB(context->slot)->C_GetOperationState(context->session, + (CK_BYTE_PTR)space,savedLength); + if (!staticBuffer && !recurse && (crv == CKR_BUFFER_TOO_SMALL)) { + if (!staticBuffer) PORT_Free(space); + return pk11_saveContextHelper(context, NULL, + savedLength, PR_FALSE, PR_TRUE); + } + if (crv != CKR_OK) { + if (!staticBuffer) PORT_Free(space); + PORT_SetError( PK11_MapError(crv) ); + return NULL; + } + return space; +} + +void * +pk11_saveContext(PK11Context *context, void *space, unsigned long *savedLength) +{ + return pk11_saveContextHelper(context, space, + savedLength, PR_FALSE, PR_FALSE); +} + +/* + * restore the current context + */ +SECStatus +pk11_restoreContext(PK11Context *context,void *space, unsigned long savedLength) +{ + CK_RV crv; + CK_OBJECT_HANDLE objectID = (context->key) ? context->key->objectID: + CK_INVALID_KEY; + + PORT_Assert(space != NULL); + if (space == NULL) { + PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); + return SECFailure; + } + crv = PK11_GETTAB(context->slot)->C_SetOperationState(context->session, + (CK_BYTE_PTR)space, savedLength, objectID, 0); + if (crv != CKR_OK) { + PORT_SetError( PK11_MapError(crv)); + return SECFailure; + } + return SECSuccess; +} + +SECStatus pk11_Finalize(PK11Context *context); + +/* + * Context initialization. Used by all flavors of CreateContext + */ +static SECStatus +pk11_context_init(PK11Context *context, CK_MECHANISM *mech_info) +{ + CK_RV crv; + PK11SymKey *symKey = context->key; + SECStatus rv = SECSuccess; + + switch (context->operation) { + case CKA_ENCRYPT: + crv=PK11_GETTAB(context->slot)->C_EncryptInit(context->session, + mech_info, symKey->objectID); + break; + case CKA_DECRYPT: + if (context->fortezzaHack) { + CK_ULONG count = 0;; + /* generate the IV for fortezza */ + crv=PK11_GETTAB(context->slot)->C_EncryptInit(context->session, + mech_info, symKey->objectID); + if (crv != CKR_OK) break; + PK11_GETTAB(context->slot)->C_EncryptFinal(context->session, + NULL, &count); + } + crv=PK11_GETTAB(context->slot)->C_DecryptInit(context->session, + mech_info, symKey->objectID); + break; + case CKA_SIGN: + crv=PK11_GETTAB(context->slot)->C_SignInit(context->session, + mech_info, symKey->objectID); + break; + case CKA_VERIFY: + crv=PK11_GETTAB(context->slot)->C_SignInit(context->session, + mech_info, symKey->objectID); + break; + case CKA_DIGEST: + crv=PK11_GETTAB(context->slot)->C_DigestInit(context->session, + mech_info); + break; + default: + crv = CKR_OPERATION_NOT_INITIALIZED; + break; + } + + if (crv != CKR_OK) { + PORT_SetError( PK11_MapError(crv) ); + return SECFailure; + } + + /* + * handle session starvation case.. use our last session to multiplex + */ + if (!context->ownSession) { + context->savedData = pk11_saveContext(context,context->savedData, + &context->savedLength); + if (context->savedData == NULL) rv = SECFailure; + /* clear out out session for others to use */ + pk11_Finalize(context); + } + return rv; +} + + +/* + * Common Helper Function do come up with a new context. + */ +static PK11Context *pk11_CreateNewContextInSlot(CK_MECHANISM_TYPE type, + PK11SlotInfo *slot, CK_ATTRIBUTE_TYPE operation, PK11SymKey *symKey, + SECItem *param) +{ + CK_MECHANISM mech_info; + PK11Context *context; + SECStatus rv; + + context = (PK11Context *) PORT_Alloc(sizeof(PK11Context)); + if (context == NULL) { + return NULL; + } + + /* now deal with the fortezza hack... the fortezza hack is an attempt + * to get around the issue of the card not allowing you to do a FORTEZZA + * LoadIV/Encrypt, which was added because such a combination could be + * use to circumvent the key escrow system. Unfortunately SSL needs to + * do this kind of operation, so in SSL we do a loadIV (to verify it), + * Then GenerateIV, and through away the first 8 bytes on either side + * of the connection.*/ + context->fortezzaHack = PR_FALSE; + if (type == CKM_SKIPJACK_CBC64) { + if (symKey->origin == PK11_OriginFortezzaHack) { + context->fortezzaHack = PR_TRUE; + } + } + + /* initialize the critical fields of the context */ + context->operation = operation; + context->key = symKey ? PK11_ReferenceSymKey(symKey) : NULL; + context->slot = PK11_ReferenceSlot(slot); + context->session = pk11_GetNewSession(slot,&context->ownSession); + context->cx = symKey ? symKey->cx : NULL; + /* get our session */ + context->savedData = NULL; + + /* save the parameters so that some digesting stuff can do multiple + * begins on a single context */ + context->type = type; + context->param = SECITEM_DupItem(param); + context->init = PR_FALSE; + context->sessionLock = PR_NewLock(); + if ((context->param == NULL) || (context->sessionLock == NULL)) { + PK11_DestroyContext(context,PR_TRUE); + return NULL; + } + + mech_info.mechanism = type; + mech_info.pParameter = param->data; + mech_info.ulParameterLen = param->len; + PK11_EnterContextMonitor(context); + rv = pk11_context_init(context,&mech_info); + PK11_ExitContextMonitor(context); + + if (rv != SECSuccess) { + PK11_DestroyContext(context,PR_TRUE); + return NULL; + } + context->init = PR_TRUE; + return context; +} + + +/* + * put together the various PK11_Create_Context calls used by different + * parts of libsec. + */ +PK11Context * +PK11_CreateContextByRawKey(PK11SlotInfo *slot, CK_MECHANISM_TYPE type, + PK11Origin origin, CK_ATTRIBUTE_TYPE operation, SECItem *key, + SECItem *param, void *wincx) +{ + PK11SymKey *symKey; + PK11Context *context; + + /* first get a slot */ + if (slot == NULL) { + slot = PK11_GetBestSlot(type,wincx); + if (slot == NULL) { + PORT_SetError( SEC_ERROR_NO_MODULE ); + return NULL; + } + } else { + PK11_ReferenceSlot(slot); + } + + /* now import the key */ + symKey = PK11_ImportSymKey(slot, type, origin, operation, key, wincx); + if (symKey == NULL) return NULL; + + context = PK11_CreateContextBySymKey(type, operation, symKey, param); + + PK11_FreeSymKey(symKey); + PK11_FreeSlot(slot); + + return context; +} + + +/* + * Create a context from a key. We really should make sure we aren't using + * the same key in multiple session! + */ +PK11Context * +PK11_CreateContextBySymKey(CK_MECHANISM_TYPE type,CK_ATTRIBUTE_TYPE operation, + PK11SymKey *symKey, SECItem *param) +{ + PK11SymKey *newKey; + PK11Context *context; + + /* if this slot doesn't support the mechanism, go to a slot that does */ + newKey = pk11_ForceSlot(symKey,type,operation); + if (newKey == NULL) { + PK11_ReferenceSymKey(symKey); + } else { + symKey = newKey; + } + + + /* Context Adopts the symKey.... */ + context = pk11_CreateNewContextInSlot(type, symKey->slot, operation, symKey, + param); + PK11_FreeSymKey(symKey); + return context; +} + +/* + * Digest contexts don't need keys, but the do need to find a slot. + * Macing should use PK11_CreateContextBySymKey. + */ +PK11Context * +PK11_CreateDigestContext(SECOidTag hashAlg) +{ + /* digesting has to work without authentication to the slot */ + CK_MECHANISM_TYPE type; + PK11SlotInfo *slot; + PK11Context *context; + SECItem param; + + type = PK11_AlgtagToMechanism(hashAlg); + slot = PK11_GetBestSlot(type, NULL); + if (slot == NULL) { + PORT_SetError( SEC_ERROR_NO_MODULE ); + return NULL; + } + + /* maybe should really be PK11_GenerateNewParam?? */ + param.data = NULL; + param.len = 0; + + context = pk11_CreateNewContextInSlot(type, slot, CKA_DIGEST, NULL, ¶m); + PK11_FreeSlot(slot); + return context; +} + +/* + * create a new context which is the clone of the state of old context. + */ +PK11Context * PK11_CloneContext(PK11Context *old) +{ + PK11Context *newcx; + PRBool needFree = PR_FALSE; + SECStatus rv = SECSuccess; + void *data; + unsigned long len; + + newcx = pk11_CreateNewContextInSlot(old->type, old->slot, old->operation, + old->key, old->param); + if (newcx == NULL) return NULL; + + /* now clone the save state. First we need to find the save state + * of the old session. If the old context owns it's session, + * the state needs to be saved, otherwise the state is in saveData. */ + if (old->ownSession) { + PK11_EnterContextMonitor(old); + data=pk11_saveContext(old,NULL,&len); + PK11_ExitContextMonitor(old); + needFree = PR_TRUE; + } else { + data = old->savedData; + len = old->savedLength; + } + + if (data == NULL) { + PK11_DestroyContext(newcx,PR_TRUE); + return NULL; + } + + /* now copy that state into our new context. Again we have different + * work if the new context owns it's own session. If it does, we + * restore the state gathered above. If it doesn't, we copy the + * saveData pointer... */ + if (newcx->ownSession) { + PK11_EnterContextMonitor(newcx); + rv = pk11_restoreContext(newcx,data,len); + PK11_ExitContextMonitor(newcx); + } else { + PORT_Assert(newcx->savedData != NULL); + if ((newcx->savedData == NULL) || (newcx->savedLength < len)) { + PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); + rv = SECFailure; + } else { + PORT_Memcpy(newcx->savedData,data,len); + newcx->savedLength = len; + } + } + + if (needFree) PORT_Free(data); + + if (rv != SECSuccess) { + PK11_DestroyContext(newcx,PR_TRUE); + return NULL; + } + return newcx; +} + +/* + * save the current context state into a variable. Required to make FORTEZZA + * work. + */ +SECStatus +PK11_SaveContext(PK11Context *cx,unsigned char *save,int *len, int saveLength) +{ + unsigned char * data = NULL; + CK_ULONG length = saveLength; + + if (cx->ownSession) { + PK11_EnterContextMonitor(cx); + data = (unsigned char*)pk11_saveContextHelper(cx,save,&length, + PR_FALSE,PR_FALSE); + PK11_ExitContextMonitor(cx); + if (data) *len = length; + } else if (saveLength >= cx->savedLength) { + data = (unsigned char*)cx->savedData; + if (cx->savedData) { + PORT_Memcpy(save,cx->savedData,cx->savedLength); + } + *len = cx->savedLength; + } + return (data != NULL) ? SECSuccess : SECFailure; +} + +/* + * restore the context state into a new running context. Also required for + * FORTEZZA . + */ +SECStatus +PK11_RestoreContext(PK11Context *cx,unsigned char *save,int len) +{ + SECStatus rv = SECSuccess; + if (cx->ownSession) { + PK11_EnterContextMonitor(cx); + pk11_Finalize(cx); + rv = pk11_restoreContext(cx,save,len); + PK11_ExitContextMonitor(cx); + } else { + PORT_Assert(cx->savedData != NULL); + if ((cx->savedData == NULL) || (cx->savedLength < (unsigned) len)) { + PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); + rv = SECFailure; + } else { + PORT_Memcpy(cx->savedData,save,len); + cx->savedLength = len; + } + } + return rv; +} + +/* + * This is to get FIPS compliance until we can convert + * libjar to use PK11_ hashing functions. It returns PR_FALSE + * if we can't get a PK11 Context. + */ +PRBool +PK11_HashOK(SECOidTag algID) { + PK11Context *cx; + + cx = PK11_CreateDigestContext(algID); + if (cx == NULL) return PR_FALSE; + PK11_DestroyContext(cx, PR_TRUE); + return PR_TRUE; +} + + + +/* + * start a new digesting or Mac'ing operation on this context + */ +SECStatus PK11_DigestBegin(PK11Context *cx) +{ + CK_MECHANISM mech_info; + SECStatus rv; + + if (cx->init == PR_TRUE) { + return SECSuccess; + } + + /* + * make sure the old context is clear first + */ + PK11_EnterContextMonitor(cx); + pk11_Finalize(cx); + + mech_info.mechanism = cx->type; + mech_info.pParameter = cx->param->data; + mech_info.ulParameterLen = cx->param->len; + rv = pk11_context_init(cx,&mech_info); + PK11_ExitContextMonitor(cx); + + if (rv != SECSuccess) { + return SECFailure; + } + cx->init = PR_TRUE; + return SECSuccess; +} + +SECStatus +PK11_HashBuf(SECOidTag hashAlg, unsigned char *out, unsigned char *in, + int32 len) { + PK11Context *context; + unsigned int max_length; + unsigned int out_length; + SECStatus rv; + + context = PK11_CreateDigestContext(hashAlg); + if (context == NULL) return SECFailure; + + rv = PK11_DigestBegin(context); + if (rv != SECSuccess) { + PK11_DestroyContext(context, PR_TRUE); + return rv; + } + + rv = PK11_DigestOp(context, in, len); + if (rv != SECSuccess) { + PK11_DestroyContext(context, PR_TRUE); + return rv; + } + + /* we need the output length ... maybe this should be table driven...*/ + switch (hashAlg) { + case SEC_OID_SHA1: max_length = SHA1_LENGTH; break; + case SEC_OID_MD2: max_length = MD2_LENGTH; break; + case SEC_OID_MD5: max_length = MD5_LENGTH; break; + default: max_length = 16; break; + } + + rv = PK11_DigestFinal(context,out,&out_length,max_length); + PK11_DestroyContext(context, PR_TRUE); + return rv; +} + + +/* + * execute a bulk encryption operation + */ +SECStatus +PK11_CipherOp(PK11Context *context, unsigned char * out, int *outlen, + int maxout, unsigned char *in, int inlen) +{ + CK_RV crv = CKR_OK; + CK_ULONG length = maxout; + CK_ULONG offset =0; + PK11SymKey *symKey = context->key; + SECStatus rv = SECSuccess; + unsigned char *saveOut = out; + unsigned char *allocOut = NULL; + + /* if we ran out of session, we need to restore our previously stored + * state. + */ + PK11_EnterContextMonitor(context); + if (!context->ownSession) { + rv = pk11_restoreContext(context,context->savedData, + context->savedLength); + if (rv != SECSuccess) { + PK11_ExitContextMonitor(context); + return rv; + } + } + + /* + * The fortezza hack is to send 8 extra bytes on the first encrypted and + * loose them on the first decrypt. + */ + if (context->fortezzaHack) { + unsigned char random[8]; + if (context->operation == CKA_ENCRYPT) { + PK11_ExitContextMonitor(context); + rv = PK11_GenerateRandom(random,sizeof(random)); + PK11_EnterContextMonitor(context); + + /* since we are offseting the output, we can't encrypt back into + * the same buffer... allocate a temporary buffer just for this + * call. */ + allocOut = out = (unsigned char*)PORT_Alloc(maxout); + if (out == NULL) { + PK11_ExitContextMonitor(context); + return SECFailure; + } + crv = PK11_GETTAB(context->slot)->C_EncryptUpdate(context->session, + random,sizeof(random),out,&length); + + out += length; + maxout -= length; + offset = length; + } else if (context->operation == CKA_DECRYPT) { + length = sizeof(random); + crv = PK11_GETTAB(context->slot)->C_DecryptUpdate(context->session, + in,sizeof(random),random,&length); + inlen -= length; + in += length; + context->fortezzaHack = PR_FALSE; + } + } + + switch (context->operation) { + case CKA_ENCRYPT: + length = maxout; + crv=PK11_GETTAB(context->slot)->C_EncryptUpdate(context->session, + in, inlen, out, &length); + length += offset; + break; + case CKA_DECRYPT: + length = maxout; + crv=PK11_GETTAB(context->slot)->C_DecryptUpdate(context->session, + in, inlen, out, &length); + break; + default: + crv = CKR_OPERATION_NOT_INITIALIZED; + break; + } + + if (crv != CKR_OK) { + PORT_SetError( PK11_MapError(crv) ); + *outlen = 0; + rv = SECFailure; + } else { + *outlen = length; + } + + if (context->fortezzaHack) { + if (context->operation == CKA_ENCRYPT) { + PORT_Assert(allocOut); + PORT_Memcpy(saveOut, allocOut, length); + PORT_Free(allocOut); + } + context->fortezzaHack = PR_FALSE; + } + + /* + * handle session starvation case.. use our last session to multiplex + */ + if (!context->ownSession) { + context->savedData = pk11_saveContext(context,context->savedData, + &context->savedLength); + if (context->savedData == NULL) rv = SECFailure; + + /* clear out out session for others to use */ + pk11_Finalize(context); + } + PK11_ExitContextMonitor(context); + return rv; +} + +/* + * execute a digest/signature operation + */ +SECStatus +PK11_DigestOp(PK11Context *context, const unsigned char * in, unsigned inLen) +{ + CK_RV crv = CKR_OK; + SECStatus rv = SECSuccess; + + /* if we ran out of session, we need to restore our previously stored + * state. + */ + context->init = PR_FALSE; + PK11_EnterContextMonitor(context); + if (!context->ownSession) { + rv = pk11_restoreContext(context,context->savedData, + context->savedLength); + if (rv != SECSuccess) { + PK11_ExitContextMonitor(context); + return rv; + } + } + + switch (context->operation) { + /* also for MAC'ing */ + case CKA_SIGN: + crv=PK11_GETTAB(context->slot)->C_SignUpdate(context->session, + (unsigned char *)in, + inLen); + break; + case CKA_VERIFY: + crv=PK11_GETTAB(context->slot)->C_VerifyUpdate(context->session, + (unsigned char *)in, + inLen); + break; + case CKA_DIGEST: + crv=PK11_GETTAB(context->slot)->C_DigestUpdate(context->session, + (unsigned char *)in, + inLen); + break; + default: + crv = CKR_OPERATION_NOT_INITIALIZED; + break; + } + + if (crv != CKR_OK) { + PORT_SetError( PK11_MapError(crv) ); + rv = SECFailure; + } + + /* + * handle session starvation case.. use our last session to multiplex + */ + if (!context->ownSession) { + context->savedData = pk11_saveContext(context,context->savedData, + &context->savedLength); + if (context->savedData == NULL) rv = SECFailure; + + /* clear out out session for others to use */ + pk11_Finalize(context); + } + PK11_ExitContextMonitor(context); + return rv; +} + +/* + * Digest a key if possible./ + */ +SECStatus +PK11_DigestKey(PK11Context *context, PK11SymKey *key) +{ + CK_RV crv = CKR_OK; + SECStatus rv = SECSuccess; + PK11SymKey *newKey = NULL; + + /* if we ran out of session, we need to restore our previously stored + * state. + */ + if (context->slot != key->slot) { + newKey = pk11_CopyToSlot(context->slot,CKM_SSL3_SHA1_MAC,CKA_SIGN,key); + } else { + newKey = PK11_ReferenceSymKey(key); + } + + context->init = PR_FALSE; + PK11_EnterContextMonitor(context); + if (!context->ownSession) { + rv = pk11_restoreContext(context,context->savedData, + context->savedLength); + if (rv != SECSuccess) { + PK11_ExitContextMonitor(context); + PK11_FreeSymKey(newKey); + return rv; + } + } + + + if (newKey == NULL) { + crv = CKR_KEY_TYPE_INCONSISTENT; + if (key->data.data) { + crv=PK11_GETTAB(context->slot)->C_DigestUpdate(context->session, + key->data.data,key->data.len); + } + } else { + crv=PK11_GETTAB(context->slot)->C_DigestKey(context->session, + newKey->objectID); + } + + if (crv != CKR_OK) { + PORT_SetError( PK11_MapError(crv) ); + rv = SECFailure; + } + + /* + * handle session starvation case.. use our last session to multiplex + */ + if (!context->ownSession) { + context->savedData = pk11_saveContext(context,context->savedData, + &context->savedLength); + if (context->savedData == NULL) rv = SECFailure; + + /* clear out out session for others to use */ + pk11_Finalize(context); + } + PK11_ExitContextMonitor(context); + if (newKey) PK11_FreeSymKey(newKey); + return rv; +} + +/* + * externally callable version of the lowercase pk11_finalize(). + */ +SECStatus +PK11_Finalize(PK11Context *context) { + SECStatus rv; + + PK11_EnterContextMonitor(context); + rv = pk11_Finalize(context); + PK11_ExitContextMonitor(context); + return rv; +} + +/* + * clean up a cipher operation, so the session can be used by + * someone new. + */ +SECStatus +pk11_Finalize(PK11Context *context) +{ + CK_ULONG count = 0; + CK_RV crv; + + if (!context->ownSession) { + return SECSuccess; + } + + switch (context->operation) { + case CKA_ENCRYPT: + crv=PK11_GETTAB(context->slot)->C_EncryptFinal(context->session, + NULL,&count); + break; + case CKA_DECRYPT: + crv = PK11_GETTAB(context->slot)->C_DecryptFinal(context->session, + NULL,&count); + break; + case CKA_SIGN: + crv=PK11_GETTAB(context->slot)->C_SignFinal(context->session, + NULL,&count); + break; + case CKA_VERIFY: + crv=PK11_GETTAB(context->slot)->C_VerifyFinal(context->session, + NULL,count); + break; + case CKA_DIGEST: + crv=PK11_GETTAB(context->slot)->C_DigestFinal(context->session, + NULL,&count); + break; + default: + crv = CKR_OPERATION_NOT_INITIALIZED; + break; + } + + if (crv != CKR_OK) { + PORT_SetError( PK11_MapError(crv) ); + return SECFailure; + } + return SECSuccess; +} + +/* + * Return the final digested or signed data... + * this routine can either take pre initialized data, or allocate data + * either out of an arena or out of the standard heap. + */ +SECStatus +PK11_DigestFinal(PK11Context *context,unsigned char *data, + unsigned int *outLen, unsigned int length) +{ + CK_ULONG len; + CK_RV crv; + SECStatus rv; + + + /* if we ran out of session, we need to restore our previously stored + * state. + */ + PK11_EnterContextMonitor(context); + if (!context->ownSession) { + rv = pk11_restoreContext(context,context->savedData, + context->savedLength); + if (rv != SECSuccess) { + PK11_ExitContextMonitor(context); + return rv; + } + } + + len = length; + switch (context->operation) { + case CKA_SIGN: + crv=PK11_GETTAB(context->slot)->C_SignFinal(context->session, + data,&len); + break; + case CKA_VERIFY: + crv=PK11_GETTAB(context->slot)->C_VerifyFinal(context->session, + data,len); + break; + case CKA_DIGEST: + crv=PK11_GETTAB(context->slot)->C_DigestFinal(context->session, + data,&len); + break; + case CKA_ENCRYPT: + crv=PK11_GETTAB(context->slot)->C_EncryptFinal(context->session, + data, &len); + break; + case CKA_DECRYPT: + crv = PK11_GETTAB(context->slot)->C_DecryptFinal(context->session, + data, &len); + break; + default: + crv = CKR_OPERATION_NOT_INITIALIZED; + break; + } + PK11_ExitContextMonitor(context); + + *outLen = (unsigned int) len; + context->init = PR_FALSE; /* allow Begin to start up again */ + + + if (crv != CKR_OK) { + PORT_SetError( PK11_MapError(crv) ); + return SECFailure; + } + return SECSuccess; +} + +/**************************************************************************** + * + * Now Do The PBE Functions Here... + * + ****************************************************************************/ + +SECAlgorithmID * +PK11_CreatePBEAlgorithmID(SECOidTag algorithm, int iteration, SECItem *salt) +{ + SECAlgorithmID *algid; + + algid = SEC_PKCS5CreateAlgorithmID(algorithm, salt, iteration); + return algid; +} + +PK11SymKey * +PK11_PBEKeyGen(PK11SlotInfo *slot, SECAlgorithmID *algid, SECItem *pwitem, + PRBool faulty3DES, void *wincx) +{ + /* pbe stuff */ + CK_PBE_PARAMS *pbe_params; + CK_MECHANISM_TYPE type; + SECItem *mech; + PK11SymKey *symKey; + + mech = PK11_ParamFromAlgid(algid); + type = PK11_AlgtagToMechanism(SECOID_FindOIDTag(&algid->algorithm)); + if(faulty3DES && (type == CKM_NETSCAPE_PBE_SHA1_TRIPLE_DES_CBC)) { + type = CKM_NETSCAPE_PBE_SHA1_FAULTY_3DES_CBC; + } + if(mech == NULL) { + return NULL; + } + + pbe_params = (CK_PBE_PARAMS *)mech->data; + pbe_params->pPassword = (CK_CHAR_PTR)PORT_ZAlloc(pwitem->len); + if(pbe_params->pPassword != NULL) { + PORT_Memcpy(pbe_params->pPassword, pwitem->data, pwitem->len); + pbe_params->ulPasswordLen = pwitem->len; + } else { + SECITEM_ZfreeItem(mech, PR_TRUE); + return NULL; + } + + symKey = PK11_KeyGen(slot, type, mech, 0, wincx); + + PORT_ZFree(pbe_params->pPassword, pwitem->len); + SECITEM_ZfreeItem(mech, PR_TRUE); + return symKey; +} + + +SECStatus +PK11_ImportEncryptedPrivateKeyInfo(PK11SlotInfo *slot, + SECKEYEncryptedPrivateKeyInfo *epki, SECItem *pwitem, + SECItem *nickname, SECItem *publicValue, PRBool isPerm, + PRBool isPrivate, KeyType keyType, unsigned int keyUsage, + void *wincx) +{ + CK_MECHANISM_TYPE mechanism; + SECItem *pbe_param, crypto_param; + PK11SymKey *key = NULL; + SECStatus rv = SECSuccess; + CK_MECHANISM cryptoMech, pbeMech; + CK_RV crv; + SECKEYPrivateKey *privKey = NULL; + PRBool faulty3DES = PR_FALSE; + int usageCount; + CK_KEY_TYPE key_type; + CK_ATTRIBUTE_TYPE *usage; + CK_ATTRIBUTE_TYPE rsaUsage[] = { + CKA_UNWRAP, CKA_DECRYPT, CKA_SIGN, CKA_SIGN_RECOVER }; + CK_ATTRIBUTE_TYPE dsaUsage[] = { CKA_SIGN }; + CK_ATTRIBUTE_TYPE dhUsage[] = { CKA_DERIVE }; + + if((epki == NULL) || (pwitem == NULL)) + return SECFailure; + + crypto_param.data = NULL; + + mechanism = PK11_AlgtagToMechanism(SECOID_FindOIDTag( + &epki->algorithm.algorithm)); + + switch (keyType) { + default: + case rsaKey: + key_type = CKK_RSA; + switch (keyUsage & (KU_KEY_ENCIPHERMENT|KU_DIGITAL_SIGNATURE)) { + case KU_KEY_ENCIPHERMENT: + usage = rsaUsage; + usageCount = 2; + break; + case KU_DIGITAL_SIGNATURE: + usage = &rsaUsage[2]; + usageCount = 2; + break; + case KU_KEY_ENCIPHERMENT|KU_DIGITAL_SIGNATURE: + case 0: /* default to everything */ + usage = rsaUsage; + usageCount = 4; + break; + } + break; + case dhKey: + key_type = CKK_DH; + usage = dhUsage; + usageCount = sizeof(dhUsage)/sizeof(dhUsage[0]); + break; + case dsaKey: + key_type = CKK_DSA; + usage = dsaUsage; + usageCount = sizeof(dsaUsage)/sizeof(dsaUsage[0]); + break; + } + +try_faulty_3des: + pbe_param = PK11_ParamFromAlgid(&epki->algorithm); + + key = PK11_PBEKeyGen(slot, &epki->algorithm, pwitem, faulty3DES, wincx); + if((key == NULL) || (pbe_param == NULL)) { + rv = SECFailure; + goto done; + } + + pbeMech.mechanism = mechanism; + pbeMech.pParameter = pbe_param->data; + pbeMech.ulParameterLen = pbe_param->len; + + crv = PK11_MapPBEMechanismToCryptoMechanism(&pbeMech, &cryptoMech, + pwitem, faulty3DES); + if(crv != CKR_OK) { + rv = SECFailure; + goto done; + } + + cryptoMech.mechanism = PK11_GetPadMechanism(cryptoMech.mechanism); + crypto_param.data = (unsigned char*)cryptoMech.pParameter; + crypto_param.len = cryptoMech.ulParameterLen; + + privKey = PK11_UnwrapPrivKey(slot, key, cryptoMech.mechanism, + &crypto_param, &epki->encryptedData, + nickname, publicValue, isPerm, isPrivate, + key_type, usage, usageCount, wincx); + if(privKey) { + SECKEY_DestroyPrivateKey(privKey); + privKey = NULL; + rv = SECSuccess; + goto done; + } + + /* if we are unable to import the key and the mechanism is + * CKM_NETSCAPE_PBE_SHA1_TRIPLE_DES_CBC, then it is possible that + * the encrypted blob was created with a buggy key generation method + * which is described in the PKCS 12 implementation notes. So we + * need to try importing via that method. + */ + if((mechanism == CKM_NETSCAPE_PBE_SHA1_TRIPLE_DES_CBC) && (!faulty3DES)) { + /* clean up after ourselves before redoing the key generation. */ + + PK11_FreeSymKey(key); + key = NULL; + + if(pbe_param) { + SECITEM_ZfreeItem(pbe_param, PR_TRUE); + pbe_param = NULL; + } + + if(crypto_param.data) { + SECITEM_ZfreeItem(&crypto_param, PR_FALSE); + crypto_param.data = NULL; + cryptoMech.pParameter = NULL; + crypto_param.len = cryptoMech.ulParameterLen = 0; + } + + faulty3DES = PR_TRUE; + goto try_faulty_3des; + } + + /* key import really did fail */ + rv = SECFailure; + +done: + if(pbe_param != NULL) { + SECITEM_ZfreeItem(pbe_param, PR_TRUE); + pbe_param = NULL; + } + + if(crypto_param.data != NULL) { + SECITEM_ZfreeItem(&crypto_param, PR_FALSE); + } + + if(key != NULL) { + PK11_FreeSymKey(key); + } + + return rv; +} + +/* + * import a private key info into the desired slot + */ +SECStatus +PK11_ImportPrivateKeyInfo(PK11SlotInfo *slot, SECKEYPrivateKeyInfo *pki, + SECItem *nickname, SECItem *publicValue, PRBool isPerm, + PRBool isPrivate, unsigned int keyUsage, void *wincx) +{ + CK_BBOOL cktrue = CK_TRUE; + CK_BBOOL ckfalse = CK_FALSE; + CK_OBJECT_CLASS keyClass = CKO_PRIVATE_KEY; + CK_KEY_TYPE keyType = CKK_RSA; + CK_OBJECT_HANDLE objectID; + CK_ATTRIBUTE theTemplate[20]; + int templateCount = 0; + SECStatus rv = SECFailure; + SECKEYLowPrivateKey *lpk = NULL; + const SEC_ASN1Template *keyTemplate, *paramTemplate; + void *paramDest = NULL; + PRArenaPool *arena; + CK_ATTRIBUTE *attrs; + CK_ATTRIBUTE *signedattr = NULL; + int signedcount = 0; + CK_ATTRIBUTE *ap; + SECItem *ck_id = NULL; + + arena = PORT_NewArena(2048); + if(!arena) { + return SECFailure; + } + + /* need to change this to use RSA/DSA keys */ + lpk = (SECKEYLowPrivateKey *)PORT_ArenaZAlloc(arena, + sizeof(SECKEYLowPrivateKey)); + if(lpk == NULL) { + goto loser; + } + lpk->arena = arena; + + attrs = theTemplate; + switch(SECOID_GetAlgorithmTag(&pki->algorithm)) { + case SEC_OID_PKCS1_RSA_ENCRYPTION: + keyTemplate = SECKEY_RSAPrivateKeyTemplate; + paramTemplate = NULL; + paramDest = NULL; + lpk->keyType = rsaKey; + keyType = CKK_RSA; + break; + case SEC_OID_ANSIX9_DSA_SIGNATURE: + if(!publicValue) { + goto loser; + } + keyTemplate = SECKEY_DSAPrivateKeyExportTemplate; + paramTemplate = SECKEY_PQGParamsTemplate; + paramDest = &(lpk->u.dsa.params); + lpk->keyType = dsaKey; + keyType = CKK_DSA; + break; + case SEC_OID_X942_DIFFIE_HELMAN_KEY: + if(!publicValue) { + goto loser; + } + keyTemplate = SECKEY_DHPrivateKeyExportTemplate; + paramTemplate = NULL; + paramDest = NULL; + lpk->keyType = dhKey; + keyType = CKK_DH; + break; + + default: + keyTemplate = NULL; + paramTemplate = NULL; + paramDest = NULL; + break; + } + + if(!keyTemplate) { + goto loser; + } + + /* decode the private key and any algorithm parameters */ + rv = SEC_ASN1DecodeItem(arena, lpk, keyTemplate, &pki->privateKey); + if(rv != SECSuccess) { + goto loser; + } + if(paramDest && paramTemplate) { + rv = SEC_ASN1DecodeItem(arena, paramDest, paramTemplate, + &(pki->algorithm.parameters)); + if(rv != SECSuccess) { + goto loser; + } + } + + PK11_SETATTRS(attrs, CKA_CLASS, &keyClass, sizeof(keyClass) ); attrs++; + PK11_SETATTRS(attrs, CKA_KEY_TYPE, &keyType, sizeof(keyType) ); attrs++; + PK11_SETATTRS(attrs, CKA_TOKEN, isPerm ? &cktrue : &ckfalse, + sizeof(CK_BBOOL) ); attrs++; + PK11_SETATTRS(attrs, CKA_SENSITIVE, isPrivate ? &cktrue : &ckfalse, + sizeof(CK_BBOOL) ); attrs++; + PK11_SETATTRS(attrs, CKA_PRIVATE, isPrivate ? &cktrue : &ckfalse, + sizeof(CK_BBOOL) ); attrs++; + + switch (lpk->keyType) { + case rsaKey: + PK11_SETATTRS(attrs, CKA_UNWRAP, (keyUsage & KU_KEY_ENCIPHERMENT) ? + &cktrue : &ckfalse, sizeof(CK_BBOOL) ); attrs++; + PK11_SETATTRS(attrs, CKA_DECRYPT, (keyUsage & KU_DATA_ENCIPHERMENT) ? + &cktrue : &ckfalse, sizeof(CK_BBOOL) ); attrs++; + PK11_SETATTRS(attrs, CKA_SIGN, (keyUsage & KU_DIGITAL_SIGNATURE) ? + &cktrue : &ckfalse, sizeof(CK_BBOOL) ); attrs++; + PK11_SETATTRS(attrs, CKA_SIGN_RECOVER, + (keyUsage & KU_DIGITAL_SIGNATURE) ? + &cktrue : &ckfalse, sizeof(CK_BBOOL) ); attrs++; + ck_id = PK11_MakeIDFromPubKey(&lpk->u.rsa.modulus); + if (ck_id == NULL) { + goto loser; + } + PK11_SETATTRS(attrs, CKA_ID, ck_id->data,ck_id->len); attrs++; + if (nickname) { + PK11_SETATTRS(attrs, CKA_LABEL, nickname->data, nickname->len); attrs++; + } + signedattr = attrs; + PK11_SETATTRS(attrs, CKA_MODULUS, lpk->u.rsa.modulus.data, + lpk->u.rsa.modulus.len); attrs++; + PK11_SETATTRS(attrs, CKA_PUBLIC_EXPONENT, + lpk->u.rsa.publicExponent.data, + lpk->u.rsa.publicExponent.len); attrs++; + PK11_SETATTRS(attrs, CKA_PRIVATE_EXPONENT, + lpk->u.rsa.privateExponent.data, + lpk->u.rsa.privateExponent.len); attrs++; + PK11_SETATTRS(attrs, CKA_PRIME_1, + lpk->u.rsa.prime1.data, + lpk->u.rsa.prime1.len); attrs++; + PK11_SETATTRS(attrs, CKA_PRIME_2, + lpk->u.rsa.prime2.data, + lpk->u.rsa.prime2.len); attrs++; + PK11_SETATTRS(attrs, CKA_EXPONENT_1, + lpk->u.rsa.exponent1.data, + lpk->u.rsa.exponent1.len); attrs++; + PK11_SETATTRS(attrs, CKA_EXPONENT_2, + lpk->u.rsa.exponent2.data, + lpk->u.rsa.exponent2.len); attrs++; + PK11_SETATTRS(attrs, CKA_COEFFICIENT, + lpk->u.rsa.coefficient.data, + lpk->u.rsa.coefficient.len); attrs++; + break; + case dsaKey: + /* To make our intenal PKCS #11 module work correctly with + * our database, we need to pass in the public key value for + * this dsa key. We have a netscape only CKA_ value to do this. + * Only send it to internal slots */ + if (PK11_IsInternal(slot)) { + PK11_SETATTRS(attrs, CKA_NETSCAPE_DB, + publicValue->data, publicValue->len); attrs++; + } + PK11_SETATTRS(attrs, CKA_SIGN, &cktrue, sizeof(CK_BBOOL)); attrs++; + PK11_SETATTRS(attrs, CKA_SIGN_RECOVER, &cktrue, sizeof(CK_BBOOL)); attrs++; + if(nickname) { + PK11_SETATTRS(attrs, CKA_LABEL, nickname->data, nickname->len); + attrs++; + } + ck_id = PK11_MakeIDFromPubKey(publicValue); + if (ck_id == NULL) { + goto loser; + } + PK11_SETATTRS(attrs, CKA_ID, ck_id->data,ck_id->len); attrs++; + signedattr = attrs; + PK11_SETATTRS(attrs, CKA_PRIME, lpk->u.dsa.params.prime.data, + lpk->u.dsa.params.prime.len); attrs++; + PK11_SETATTRS(attrs,CKA_SUBPRIME,lpk->u.dsa.params.subPrime.data, + lpk->u.dsa.params.subPrime.len); attrs++; + PK11_SETATTRS(attrs, CKA_BASE, lpk->u.dsa.params.base.data, + lpk->u.dsa.params.base.len); attrs++; + PK11_SETATTRS(attrs, CKA_VALUE, lpk->u.dsa.privateValue.data, + lpk->u.dsa.privateValue.len); attrs++; + break; + case dhKey: + /* To make our intenal PKCS #11 module work correctly with + * our database, we need to pass in the public key value for + * this dh key. We have a netscape only CKA_ value to do this. + * Only send it to internal slots */ + if (PK11_IsInternal(slot)) { + PK11_SETATTRS(attrs, CKA_NETSCAPE_DB, + publicValue->data, publicValue->len); attrs++; + } + PK11_SETATTRS(attrs, CKA_DERIVE, &cktrue, sizeof(CK_BBOOL)); attrs++; + if(nickname) { + PK11_SETATTRS(attrs, CKA_LABEL, nickname->data, nickname->len); + attrs++; + } + ck_id = PK11_MakeIDFromPubKey(publicValue); + if (ck_id == NULL) { + goto loser; + } + PK11_SETATTRS(attrs, CKA_ID, ck_id->data,ck_id->len); attrs++; + signedattr = attrs; + PK11_SETATTRS(attrs, CKA_PRIME, lpk->u.dh.prime.data, + lpk->u.dh.prime.len); attrs++; + PK11_SETATTRS(attrs, CKA_BASE, lpk->u.dh.base.data, + lpk->u.dh.base.len); attrs++; + PK11_SETATTRS(attrs, CKA_VALUE, lpk->u.dh.privateValue.data, + lpk->u.dh.privateValue.len); attrs++; + break; + /* what about fortezza??? */ + default: + PORT_SetError(SEC_ERROR_BAD_KEY); + goto loser; + } + templateCount = attrs - theTemplate; + PR_ASSERT(templateCount <= sizeof(theTemplate)/sizeof(CK_ATTRIBUTE)); + signedcount = attrs - signedattr; + + for (ap=signedattr; signedcount; ap++, signedcount--) { + pk11_SignedToUnsigned(ap); + } + + rv = PK11_CreateNewObject(slot, CK_INVALID_SESSION, + theTemplate, templateCount, isPerm, &objectID); + + if (ck_id) { + SECITEM_ZfreeItem(ck_id, PR_TRUE); + } + +loser: + if (lpk!= NULL) { + SECKEY_LowDestroyPrivateKey(lpk); + } + + return rv; +} + +SECKEYPrivateKeyInfo * +PK11_ExportPrivateKeyInfo(CERTCertificate *cert, void *wincx) +{ + return NULL; +} + +static int +pk11_private_key_encrypt_buffer_length(SECKEYPrivateKey *key) + +{ + CK_ATTRIBUTE rsaTemplate = { CKA_MODULUS, NULL, 0 }; + CK_ATTRIBUTE dsaTemplate = { CKA_PRIME, NULL, 0 }; + CK_ATTRIBUTE_PTR pTemplate; + CK_RV crv; + int length; + + if(!key) { + return -1; + } + + switch (key->keyType) { + case rsaKey: + pTemplate = &rsaTemplate; + break; + case dsaKey: + case dhKey: + pTemplate = &dsaTemplate; + break; + case fortezzaKey: + default: + pTemplate = NULL; + } + + if(!pTemplate) { + return -1; + } + + crv = PK11_GetAttributes(NULL, key->pkcs11Slot, key->pkcs11ID, + pTemplate, 1); + if(crv != CKR_OK) { + PORT_SetError( PK11_MapError(crv) ); + return -1; + } + + length = pTemplate->ulValueLen; + length *= 10; + + if(pTemplate->pValue != NULL) { + PORT_Free(pTemplate->pValue); + } + + return length; +} + +SECKEYEncryptedPrivateKeyInfo * +PK11_ExportEncryptedPrivateKeyInfo(PK11SlotInfo *slot, SECOidTag algTag, + SECItem *pwitem, CERTCertificate *cert, int iteration, void *wincx) +{ + SECKEYEncryptedPrivateKeyInfo *epki = NULL; + SECKEYPrivateKey *pk; + PRArenaPool *arena = NULL; + SECAlgorithmID *algid; + CK_MECHANISM_TYPE mechanism; + SECItem *pbe_param = NULL, crypto_param; + PK11SymKey *key = NULL; + SECStatus rv = SECSuccess; + CK_MECHANISM pbeMech, cryptoMech; + CK_RV crv; + SECItem encryptedKey = {siBuffer,NULL,0}; + int encryptBufLen; + + if(!pwitem) + return NULL; + + crypto_param.data = NULL; + + arena = PORT_NewArena(2048); + epki = (SECKEYEncryptedPrivateKeyInfo *)PORT_ArenaZAlloc(arena, + sizeof(SECKEYEncryptedPrivateKeyInfo)); + if(epki == NULL) { + rv = SECFailure; + goto loser; + } + epki->arena = arena; + algid = SEC_PKCS5CreateAlgorithmID(algTag, NULL, iteration); + if(algid == NULL) { + rv = SECFailure; + goto loser; + } + + mechanism = PK11_AlgtagToMechanism(SECOID_FindOIDTag(&algid->algorithm)); + pbe_param = PK11_ParamFromAlgid(algid); + pbeMech.mechanism = mechanism; + pbeMech.pParameter = pbe_param->data; + pbeMech.ulParameterLen = pbe_param->len; + key = PK11_PBEKeyGen(slot, algid, pwitem, PR_FALSE, wincx); + + if((key == NULL) || (pbe_param == NULL)) { + rv = SECFailure; + goto loser; + } + + crv = PK11_MapPBEMechanismToCryptoMechanism(&pbeMech, &cryptoMech, + pwitem, PR_FALSE); + if(crv != CKR_OK) { + rv = SECFailure; + goto loser; + } + cryptoMech.mechanism = PK11_GetPadMechanism(cryptoMech.mechanism); + crypto_param.data = (unsigned char *)cryptoMech.pParameter; + crypto_param.len = cryptoMech.ulParameterLen; + + pk = PK11_FindKeyByAnyCert(cert, wincx); + if(pk == NULL) { + rv = SECFailure; + goto loser; + } + + encryptBufLen = pk11_private_key_encrypt_buffer_length(pk); + if(encryptBufLen == -1) { + rv = SECFailure; + goto loser; + } + encryptedKey.len = (unsigned int)encryptBufLen; + encryptedKey.data = (unsigned char *)PORT_ZAlloc(encryptedKey.len); + if(!encryptedKey.data) { + rv = SECFailure; + goto loser; + } + + /* we are extracting an encrypted privateKey structure. + * which needs to be freed along with the buffer into which it is + * returned. eventually, we should retrieve an encrypted key using + * pkcs8/pkcs5. + */ + PK11_EnterSlotMonitor(pk->pkcs11Slot); + crv = PK11_GETTAB(pk->pkcs11Slot)->C_WrapKey(pk->pkcs11Slot->session, + &cryptoMech, key->objectID, pk->pkcs11ID, encryptedKey.data, + (CK_ULONG_PTR)(&encryptedKey.len)); + PK11_ExitSlotMonitor(pk->pkcs11Slot); + if(crv != CKR_OK) { + rv = SECFailure; + goto loser; + } + + if(!encryptedKey.len) { + rv = SECFailure; + goto loser; + } + + rv = SECITEM_CopyItem(arena, &epki->encryptedData, &encryptedKey); + if(rv != SECSuccess) { + goto loser; + } + + rv = SECOID_CopyAlgorithmID(arena, &epki->algorithm, algid); + +loser: + if(pbe_param != NULL) { + SECITEM_ZfreeItem(pbe_param, PR_TRUE); + pbe_param = NULL; + } + + if(crypto_param.data != NULL) { + SECITEM_ZfreeItem(&crypto_param, PR_FALSE); + crypto_param.data = NULL; + } + + if(key != NULL) { + PK11_FreeSymKey(key); + } + + if(rv == SECFailure) { + if(arena != NULL) { + PORT_FreeArena(arena, PR_TRUE); + } + epki = NULL; + } + + return epki; +} + + +/* + * This is required to allow FORTEZZA_NULL and FORTEZZA_RC4 + * working. This function simply gets a valid IV for the keys. + */ +SECStatus +PK11_GenerateFortezzaIV(PK11SymKey *symKey,unsigned char *iv,int len) +{ + CK_MECHANISM mech_info; + CK_ULONG count = 0; + CK_RV crv; + SECStatus rv = SECFailure; + + mech_info.mechanism = CKM_SKIPJACK_CBC64; + mech_info.pParameter = iv; + mech_info.ulParameterLen = len; + + /* generate the IV for fortezza */ + PK11_EnterSlotMonitor(symKey->slot); + crv=PK11_GETTAB(symKey->slot)->C_EncryptInit(symKey->slot->session, + &mech_info, symKey->objectID); + if (crv == CKR_OK) { + PK11_GETTAB(symKey->slot)->C_EncryptFinal(symKey->slot->session, + NULL, &count); + rv = SECSuccess; + } + PK11_ExitSlotMonitor(symKey->slot); + return rv; +} + +SECKEYPrivateKey * +PK11_UnwrapPrivKey(PK11SlotInfo *slot, PK11SymKey *wrappingKey, + CK_MECHANISM_TYPE wrapType, SECItem *param, + SECItem *wrappedKey, SECItem *label, + SECItem *idValue, PRBool perm, PRBool sensitive, + CK_KEY_TYPE keyType, CK_ATTRIBUTE_TYPE *usage, int usageCount, + void *wincx) +{ + CK_BBOOL cktrue = CK_TRUE; + CK_BBOOL ckfalse = CK_FALSE; + CK_OBJECT_CLASS keyClass = CKO_PRIVATE_KEY; + CK_ATTRIBUTE keyTemplate[15] ; + int templateCount = 0; + CK_OBJECT_HANDLE privKeyID; + CK_MECHANISM mechanism; + CK_ATTRIBUTE *attrs = keyTemplate; + SECItem *param_free = NULL, *ck_id; + CK_RV crv; + CK_SESSION_HANDLE rwsession; + PK11SymKey *newKey = NULL; + int i; + + if(!slot || !wrappedKey || !idValue) { + /* SET AN ERROR!!! */ + return NULL; + } + + ck_id = PK11_MakeIDFromPubKey(idValue); + if(!ck_id) { + return NULL; + } + + PK11_SETATTRS(attrs, CKA_TOKEN, perm ? &cktrue : &ckfalse, + sizeof(cktrue)); attrs++; + PK11_SETATTRS(attrs, CKA_CLASS, &keyClass, sizeof(keyClass)); attrs++; + PK11_SETATTRS(attrs, CKA_KEY_TYPE, &keyType, sizeof(keyType)); attrs++; + PK11_SETATTRS(attrs, CKA_PRIVATE, sensitive ? &cktrue : &ckfalse, + sizeof(cktrue)); attrs++; + PK11_SETATTRS(attrs, CKA_SENSITIVE, sensitive ? &cktrue : &ckfalse, + sizeof(cktrue)); attrs++; + PK11_SETATTRS(attrs, CKA_LABEL, label->data, label->len); attrs++; + PK11_SETATTRS(attrs, CKA_ID, ck_id->data, ck_id->len); attrs++; + for (i=0; i < usageCount; i++) { + PK11_SETATTRS(attrs, usage[i], &cktrue, sizeof(cktrue)); attrs++; + } + + if (PK11_IsInternal(slot)) { + PK11_SETATTRS(attrs, CKA_NETSCAPE_DB, idValue->data, + idValue->len); attrs++; + } + + templateCount = attrs - keyTemplate; + PR_ASSERT(templateCount <= (sizeof(keyTemplate) / sizeof(CK_ATTRIBUTE)) ); + + mechanism.mechanism = wrapType; + if(!param) param = param_free= PK11_ParamFromIV(wrapType, NULL); + if(param) { + mechanism.pParameter = param->data; + mechanism.ulParameterLen = param->len; + } else { + mechanism.pParameter = NULL; + mechanism.ulParameterLen = 0; + } + + if (wrappingKey->slot != slot) { + newKey = pk11_CopyToSlot(slot,wrapType,CKA_WRAP,wrappingKey); + } else { + newKey = PK11_ReferenceSymKey(wrappingKey); + } + + if (newKey) { + if (perm) { + rwsession = PK11_GetRWSession(slot); + } else { + rwsession = slot->session; + } + crv = PK11_GETTAB(slot)->C_UnwrapKey(rwsession, &mechanism, + newKey->objectID, + wrappedKey->data, + wrappedKey->len, keyTemplate, + templateCount, &privKeyID); + + if (perm) PK11_RestoreROSession(slot, rwsession); + PK11_FreeSymKey(newKey); + } else { + crv = CKR_FUNCTION_NOT_SUPPORTED; + } + + if(ck_id) { + SECITEM_FreeItem(ck_id, PR_TRUE); + ck_id = NULL; + } + + if (crv != CKR_OK) { + /* we couldn't unwrap the key, use the internal module to do the + * unwrap, then load the new key into the token */ + PK11SlotInfo *int_slot = PK11_GetInternalSlot(); + + if (int_slot && (slot != int_slot)) { + SECKEYPrivateKey *privKey = PK11_UnwrapPrivKey(int_slot, + wrappingKey, wrapType, param, wrappedKey, label, + idValue, PR_FALSE, PR_FALSE, + keyType, usage, usageCount, wincx); + if (privKey) { + SECKEYPrivateKey *newPrivKey = pk11_loadPrivKey(slot,privKey, + NULL,perm,sensitive); + SECKEY_DestroyPrivateKey(privKey); + PK11_FreeSlot(int_slot); + return newPrivKey; + } + } + if (int_slot) PK11_FreeSlot(int_slot); + PORT_SetError( PK11_MapError(crv) ); + return NULL; + } + return PK11_MakePrivKey(slot, nullKey, PR_FALSE, privKeyID, wincx); +} + +#define ALLOC_BLOCK 10 + +/* + * Now we're going to wrap a SECKEYPrivateKey with a PK11SymKey + * The strategy is to get both keys to reside in the same slot, + * one that can perform the desired crypto mechanism and then + * call C_WrapKey after all the setup has taken place. + */ +SECStatus +PK11_WrapPrivKey(PK11SlotInfo *slot, PK11SymKey *wrappingKey, + SECKEYPrivateKey *privKey, CK_MECHANISM_TYPE wrapType, + SECItem *param, SECItem *wrappedKey, void *wincx) +{ + PK11SlotInfo *privSlot = privKey->pkcs11Slot; /* The slot where + * the private key + * we are going to + * wrap lives. + */ + PK11SymKey *newSymKey = NULL; + SECKEYPrivateKey *newPrivKey = NULL; + SECItem *param_free = NULL; + CK_ULONG len = wrappedKey->len; + CK_MECHANISM mech; + CK_RV crv; + + if (!privSlot || !PK11_DoesMechanism(privSlot, wrapType)) { + /* Figure out a slot that does the mechanism and try to import + * the private key onto that slot. + */ + PK11SlotInfo *int_slot = PK11_GetInternalSlot(); + + privSlot = int_slot; /* The private key has a new home */ + newPrivKey = pk11_loadPrivKey(privSlot,privKey,NULL,PR_FALSE,PR_FALSE); + if (newPrivKey == NULL) { + PK11_FreeSlot (int_slot); + return SECFailure; + } + privKey = newPrivKey; + } + + if (privSlot != wrappingKey->slot) { + newSymKey = pk11_CopyToSlot (privSlot, wrapType, CKA_WRAP, + wrappingKey); + wrappingKey = newSymKey; + } + + if (wrappingKey == NULL) { + if (newPrivKey) { + SECKEY_DestroyPrivateKey(newPrivKey); + } + return SECFailure; + } + mech.mechanism = wrapType; + if (!param) { + param = param_free = PK11_ParamFromIV(wrapType, NULL); + } + if (param) { + mech.pParameter = param->data; + mech.ulParameterLen = param->len; + } else { + mech.pParameter = NULL; + mech.ulParameterLen = 0; + } + + PK11_EnterSlotMonitor(privSlot); + crv = PK11_GETTAB(privSlot)->C_WrapKey(privSlot->session, &mech, + wrappingKey->objectID, + privKey->pkcs11ID, + wrappedKey->data, &len); + PK11_ExitSlotMonitor(privSlot); + + if (newSymKey) { + PK11_FreeSymKey(newSymKey); + } + if (newPrivKey) { + SECKEY_DestroyPrivateKey(newPrivKey); + } + + if (crv != CKR_OK) { + PORT_SetError( PK11_MapError(crv) ); + return SECFailure; + } + + wrappedKey->len = len; + return SECSuccess; +} + +void +PK11_SetFortezzaHack(PK11SymKey *symKey) { + symKey->origin = PK11_OriginFortezzaHack; +} + diff --git a/security/nss/tests/ssl/ssl.sh b/security/nss/tests/ssl/ssl.sh new file mode 100755 index 000000000..9b151a097 --- /dev/null +++ b/security/nss/tests/ssl/ssl.sh @@ -0,0 +1,313 @@ +#! /bin/ksh +# +# This is just a quick script so we can still run our testcases. +# Longer term we need a scriptable test environment.. +# +. ../common/init.sh +CURDIR=`pwd` +PORT=${PORT-8443} + +# Test case files +SSLCOV=${CURDIR}/sslcov.txt +SSLAUTH=${CURDIR}/sslauth.txt +SSLSTRESS=${CURDIR}/sslstress.txt +REQUEST_FILE=${CURDIR}/sslreq.txt + +#temparary files +TMP=${TMP-/tmp} +PWFILE=${TMP}/tests.pw.$$ +CERTSCRIPT=${TMP}/tests_certs.$$ +NOISE_FILE=${TMP}/tests_noise.$$ +SERVEROUTFILE=${TMP}/tests_server.$$ +SERVERPID=${TMP}/tests_pid.$$ + +TEMPFILES="${PWFILE} ${CERTSCRIPT} ${SERVEROUTFILE} ${NOISE_FILE} ${SERVERPID}" + +none=1 +coverage=0 +auth=0 +stress=0 +certs=1 +fileout=0 + +for i in $* +do + case $i in + [aA][lL]*) + none=0; coverage=1; auth=1; stress=1;; + [aA][uU]*) + none=0; auth=1;; + [Nn][Oo][aA][uU]*) + auth=0;; + [Cc][Oo]*) + none=0; coverage=1;; + [Nn][Oo][Cc][Oo]*) + coverage=0;; + [Cc][Ee]*) + none=0; certs=1;; + [Nn][Oo][Cc][Ee]*) + certs=0;; + [Ss]*) + none=0; stress=1;; + [Nn][Oo][Ss]*) + stress=0;; + f) + fileout=1; + esac +done + +if [ $none -eq 1 ]; then + coverage=1 + auth=1 + stress=1 +fi + + +# +# should also try to kill any running server +# +trap "rm -f ${TEMPFILES}; exit" 2 3 + +if [ $certs -eq 1 ]; then +# Generate noise for our CA cert. +# +# NOTE: these keys are only suitable for testing, as this whole thing bypasses +# the entropy gathering. Don't use this method to generate keys and certs for +# product use or deployment. +# +ps -efl > ${NOISE_FILE} 2>&1 +ps aux >> ${NOISE_FILE} 2>&1 +netstat >> ${NOISE_FILE} 2>&1 +date >> ${NOISE_FILE} 2>&1 + +# +# build the TEMP CA used for testing purposes +# +echo "<TABLE BORDER=1><TR><TH COLSPAN=3>Certutil Tests</TH></TR>" >> ${RESULTS} +echo "<TR><TH width=500>Test Case</TH><TH width=50>Result</TH></TR>" >> ${RESULTS} +CADIR=${HOSTDIR}/CA +echo "********************** Creating a CA Certificate **********************" +if [ ! -d ${CADIR} ]; then + mkdir -p ${CADIR} +fi +cd ${CADIR} +echo nss > ${PWFILE} +echo " certutil -N -d . -f ${PWFILE}" +certutil -N -d . -f ${PWFILE} + +echo initialized +echo 5 > ${CERTSCRIPT} +echo 9 >> ${CERTSCRIPT} +echo n >> ${CERTSCRIPT} +echo y >> ${CERTSCRIPT} +echo 3 >> ${CERTSCRIPT} +echo n >> ${CERTSCRIPT} +echo 5 >> ${CERTSCRIPT} +echo 6 >> ${CERTSCRIPT} +echo 7 >> ${CERTSCRIPT} +echo 9 >> ${CERTSCRIPT} +echo n >> ${CERTSCRIPT} +echo "certutil -S -n \"TestCA\" -s \"CN=NSS Test CA, O=BOGUS NSS, L=Mountain View, ST=California, C=US\" -t \"CTu,CTu,CTu\" -v 60 -x -d . -1 -2 -5 -f ${PWFILE} -z ${NOISE_FILE}" +certutil -S -n "TestCA" -s "CN=NSS Test CA, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -t "CTu,CTu,CTu" -v 60 -x -d . -1 -2 -5 -f ${PWFILE} -z ${NOISE_FILE} < ${CERTSCRIPT} + +if [ $? -ne 0 ]; then + echo "<TR><TD>Creating CA Cert</TD><TD bgcolor=red>Failed</TD><TR>" >> ${RESULTS} +else + echo "<TR><TD>Creating CA Cert</TD><TD bgcolor=lightGreen>Passed</TD><TR>" >> ${RESULTS} +fi + +echo "**************** Creating Client CA Issued Certificate ****************" +netstat >> ${NOISE_FILE} 2>&1 +date >> ${NOISE_FILE} 2>&1 +CLIENTDIR=${HOSTDIR}/client +if [ ! -d ${CLIENTDIR} ]; then + mkdir -p ${CLIENTDIR} +fi +cd ${CLIENTDIR} +echo " certutil -N -d . -f ${PWFILE}" +certutil -N -d . -f ${PWFILE} +if [ $? -ne 0 ]; then + CERTFAILED=${CERTFAILED-"Init DB"} +fi +echo "Import the root CA" +echo " certutil -L -n \"TestCA\" -r -d ../CA > root.cert" +certutil -L -n "TestCA" -r -d ../CA > root.cert +if [ $? -ne 0 ]; then + CERTFAILED=${CERTFAILED-"Export Root"} +fi +echo " certutil -A -n \"TestCA\" -t \"TC,TC,TC\" -f ${PWFILE} -d . -i root.cert" +certutil -A -n "TestCA" -t "TC,TC,TC" -f ${PWFILE} -d . -i root.cert +if [ $? -ne 0 ]; then + CERTFAILED=${CERTFAILED-"Import Root"} +fi +echo "Generate a Certificate request" +echo " certutil -R -s \"CN=Test User, O=BOGUS Netscape, L=Mountain View, ST=California, C=US\" -d . -f ${PWFILE} -z ${NOISE_FILE} -o req" +certutil -R -s "CN=Test User, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -d . -f ${PWFILE} -z ${NOISE_FILE} -o req +if [ $? -ne 0 ]; then + CERTFAILED=${CERTFAILED-"Generate Request"} +fi +echo "Sign the Certificate request" +echo "certutil -C -c "TestCA" -m 3 -v 60 -d ../CA -f ${PWFILE} -i req -o user.cert" +certutil -C -c "TestCA" -m 3 -v 60 -d ../CA -i req -o user.cert -f ${PWFILE} +if [ $? -ne 0 ]; then + CERTFAILED=${CERTFAILED-"Sign User Cert"} +fi +echo "Import the new Cert" +echo "certutil -A -n \"TestUser\" -t \"u,u,u\" -d . -f ${PWFILE} -i user.cert" +certutil -A -n "TestUser" -t "u,u,u" -d . -f ${PWFILE} -i user.cert +if [ $? -ne 0 ]; then + CERTFAILED=${CERTFAILED-"Import User"} +fi +if [ -n "${CERTFAILED}" ]; then + echo "<TR><TD>Creating User Cert</TD><TD bgcolor=red>Failed ($CERTFAILED)</TD><TR>" >> ${RESULTS} +else + echo "<TR><TD>Creating User Cert</TD><TD bgcolor=lightGreen>Passed</TD><TR>" >> ${RESULTS} +fi + +echo "***** Creating Server CA Issued Certificate for ${HOST}.${DOMSUF} *****" +netstat >> ${NOISE_FILE} 2>&1 +date >> ${NOISE_FILE} 2>&1 +SERVERDIR=${HOSTDIR}/server +if [ ! -d ${SERVERDIR} ]; then + mkdir -p ${SERVERDIR} +fi +cd ${SERVERDIR} +cp ../CA/*.db . +echo "certutil -S -n \"${HOST}.${DOMSUF}\" -s \"CN=${HOST}.${DOMSUF}, O=BOGUS Netscape, L=Mountain View, ST=California, C=US\" -t \"Pu,Pu,Pu\" -c "TestCA" -v 60 -d . -f ${PWFILE} -z ${NOISE_FILE}" +certutil -S -n "${HOST}.${DOMSUF}" -s "CN=${HOST}.${DOMSUF}, O=BOGUS Netscape, L=Mountain View, ST=California, C=US" -t "Pu,Pu,Pu" -c "TestCA" -m 1 -v 60 -d . -f ${PWFILE} -z ${NOISE_FILE} +if [ $? -ne 0 ]; then + echo "<TR><TD>Creating Server Cert</TD><TD bgcolor=red>Failed</TD><TR>" >> ${RESULTS} +else + echo "<TR><TD>Creating Server Cert</TD><TD bgcolor=lightGreen>Passed</TD><TR>" >> ${RESULTS} +fi +echo "</TABLE><BR>" >> ${RESULTS} + +rm -f ${TEMPFILES} +fi + + +# OK now lets run the tests.... +if [ $coverage -eq 1 ]; then +echo "********************* SSL Cipher Coverage ****************************" +echo "<TABLE BORDER=1><TR><TH COLSPAN=3>SSL Cipher Coverage</TH></TR>" >> ${RESULTS} +echo "<TR><TH width=500>Test Case</TH><TH width=50>Result</TH></TR>" >> ${RESULTS} +cd ${CLIENTDIR} + cat ${SSLCOV} | while read tls param testname +do + if [ $tls != "#" ]; then + echo "********************* $testname ****************************" + TLS_FLAG=-T + if [ $tls = "TLS" ]; then + TLS_FLAG="" + fi + sparam="" + if [ ${param} = "i" ]; then + sparam='-c i' + fi + echo "selfserv -v -p ${PORT} -d ${SERVERDIR} -n ${HOST}.${DOMSUF} -i ${SERVERPID} -w nss ${sparam} & " + if [ ${fileout} -eq 1 ]; then + selfserv -v -p ${PORT} -d ${SERVERDIR} -n ${HOST}.${DOMSUF} -i ${SERVERPID} -w nss ${sparam} > ${SERVEROUTFILE} 2>&1 & + else + selfserv -v -p ${PORT} -d ${SERVERDIR} -n ${HOST}.${DOMSUF} -w nss ${sparam} -i ${SERVERPID} & + fi + sleep 10 + + tstclnt -p ${PORT} -h ${HOST} -c ${param} ${TLS_FLAG} -f -d . < ${REQUEST_FILE} + if [ $? -ne 0 ]; then + echo "<TR><TD>"${testname}"</TD><TD bgcolor=red>Failed</TD><TR>" >> ${RESULTS} + else + echo "<TR><TD>"${testname}"</TD><TD bgcolor=lightGreen>Passed</TD><TR>" >> ${RESULTS} + fi + ${KILL} `cat ${SERVERPID}` + wait `cat ${SERVERPID}` + if [ ${fileout} -eq 1 ]; then + cat ${SERVEROUTFILE} + fi + ${SLEEP} + fi +done + +echo "</TABLE><BR>" >> ${RESULTS} +fi + +if [ $auth -eq 1 ]; then +echo "********************* SSL Client Auth ****************************" +cd ${CLIENTDIR} +echo "<TABLE BORDER=1><TR><TH COLSPAN=3>SSL Client Authentication</TH></TR>" >> ${RESULTS} +echo "<TR><TH width=500>Test Case</TH><TH width=50>Result</TH></TR>" >> ${RESULTS} + +cat ${SSLAUTH} | while read value sparam cparam testname +do + if [ $value != "#" ]; then + echo "***** $testname ****" + sparam=`echo $sparam | sed -e 's;_; ;g'` + cparam=`echo $cparam | sed -e 's;_; ;g'` + echo "selfserv -v -p ${PORT} -d ${SERVERDIR} -n ${HOST}.${DOMSUF} -w nss ${sparam} -i ${SERVERPID} &" + if [ ${fileout} -eq 1 ]; then + selfserv -v -p ${PORT} -d ${SERVERDIR} -n ${HOST}.${DOMSUF} -w nss ${sparam} -i ${SERVERPID} > ${SERVEROUTFILE} 2>&1 & + else + selfserv -v -p ${PORT} -d ${SERVERDIR} -n ${HOST}.${DOMSUF} -w nss ${sparam} -i ${SERVERPID} & + fi + sleep 10 + pwd + echo "tstclnt -p ${PORT} -h ${HOST} -f -d ${CLIENTDIR} ${cparam}" + tstclnt -p ${PORT} -h ${HOST} -f -d ${CLIENTDIR} ${cparam} < ${REQUEST_FILE} + rc=$? +echo "Return code = $rc expected value = ${value} " + if [ $rc -ne ${value} ]; then + echo "<TR><TD>"${testname}"</TD><TD bgcolor=red>Failed</TD><TR>" >> ${RESULTS} + else + echo "<TR><TD>"${testname}"</TD><TD bgcolor=lightGreen>Passed</TD><TR>" >> ${RESULTS} + fi + ${KILL} `cat ${SERVERPID}` + wait `cat ${SERVERPID}` + if [ ${fileout} -eq 1 ]; then + cat ${SERVEROUTFILE} + fi + ${SLEEP} + fi +done + +echo "</TABLE><BR>" >> ${RESULTS} +fi + + +if [ $stress -eq 1 ]; then +echo "********************* Stress Test ****************************" +cd ${CLIENTDIR} +echo "<TABLE BORDER=1><TR><TH COLSPAN=3>SSL Stress Test</TH></TR>" >> ${RESULTS} +echo "<TR><TH width=500>Test Case</TH><TH width=50>Result</TH></TR>" >> ${RESULTS} + +cat ${SSLSTRESS} | while read value sparam cparam testname +do + if [ $value != "#" ]; then + echo "********************* $testname ****************************" + sparam=`echo $sparam | sed -e 's;_; ;g'` + cparam=`echo $cparam | sed -e 's;_; ;g'` + echo "selfserv -p ${PORT} -d ${SERVERDIR} -n ${HOST}.${DOMSUF} -w nss ${sparam} -i ${SERVERPID} &" + if [ ${fileout} -eq 1 ]; then + selfserv -p ${PORT} -d ${SERVERDIR} -n ${HOST}.${DOMSUF} -w nss ${sparam} -i ${SERVERPID} > ${SERVEROUTFILE} 2>&1 & + else + selfserv -p ${PORT} -d ${SERVERDIR} -n ${HOST}.${DOMSUF} -w nss ${sparam} -i ${SERVERPID} & + fi + sleep 10 + + strsclnt -p ${PORT} ${HOST} -d . -w nss $cparam + if [ $? -ne $value ]; then + echo "<TR><TD>"${testname}"</TD><TD bgcolor=red>Failed</TD><TR>" >> ${RESULTS} + else + echo "<TR><TD>"${testname}"</TD><TD bgcolor=lightGreen>Passed</TD><TR>" >> ${RESULTS} + fi + ${KILL} `cat ${SERVERPID}` + wait `cat ${SERVERPID}` + if [ ${fileout} -eq 1 ]; then + cat ${SERVEROUTFILE} + fi + ${SLEEP} + fi +done + +echo "</TABLE><BR>" >> ${RESULTS} +fi + +rm -f ${TEMPFILES} diff --git a/security/nss/tests/ssl/sslauth.txt b/security/nss/tests/ssl/sslauth.txt index e6beda10f..0c1c25fd9 100644 --- a/security/nss/tests/ssl/sslauth.txt +++ b/security/nss/tests/ssl/sslauth.txt @@ -5,17 +5,17 @@ # return server client Test Case name # value params params # ------ ------ ------ --------------- - 0 -r -w_nss TLS Request don't require client auth (client does not provide auth) - 0 -r -n_TestUser_-w_bogus TLS Request don't require client auth (bad password) - 0 -r -n_TestUser_-w_nss TLS Request don't require client auth (client auth) - 0 -r_-r -w_nss TLS Require client auth (client does not provide auth) + -eq -r -w_nss TLS Request don't require client auth (client does not provide auth) + -eq -r -n_TestUser_-w_bogus TLS Request don't require client auth (bad password) + -eq -r -n_TestUser_-w_nss TLS Request don't require client auth (client auth) + -eq -r_-r -w_nss TLS Require client auth (client does not provide auth) # this one should fail - 254 -r_-r -n_TestUser_-w_bogus TLS Require client auth (bad password) - 0 -r_-r -n_TestUser_-w_nss TLS Require client auth (client auth) - 0 -r -T_-w_nss SSL3 Request don't require client auth (client does not provide auth) - 0 -r -T_-n_TestUser_-w_bogus SSL3 Request don't require client auth (bad password) - 0 -r -T_-n_TestUser_-w_nss SSL3 Request don't require client auth (client auth) - 0 -r_-r -T_-w_nss SSL3 Require client auth (client does not provide auth) + -ne -r_-r -n_TestUser_-w_bogus TLS Require client auth (bad password) + -eq -r_-r -n_TestUser_-w_nss TLS Require client auth (client auth) + -eq -r -T_-w_nss SSL3 Request don't require client auth (client does not provide auth) + -eq -r -T_-n_TestUser_-w_bogus SSL3 Request don't require client auth (bad password) + -eq -r -T_-n_TestUser_-w_nss SSL3 Request don't require client auth (client auth) + -eq -r_-r -T_-w_nss SSL3 Require client auth (client does not provide auth) # this one should fail - 254 -r_-r -T_-n_TestUser_-w_bogus SSL3 Require client auth (bad password) - 0 -r_-r -T_-n_TestUser_-w_nss SSL3 Require client auth (client auth) + -ne -r_-r -T_-n_TestUser_-w_bogus SSL3 Require client auth (bad password) + -eq -r_-r -T_-n_TestUser_-w_nss SSL3 Require client auth (client auth) diff --git a/security/nss/tests/ssl/sslstress.txt b/security/nss/tests/ssl/sslstress.txt new file mode 100644 index 000000000..456431355 --- /dev/null +++ b/security/nss/tests/ssl/sslstress.txt @@ -0,0 +1,14 @@ +# +# This file defines the tests for client auth. +# +# expected +# return server client Test Case name +# value params params +# ------ ------ ------ --------------- + 0 _ -c_1000_-C_A Stress SSL2 RC4 128 with MD5 + 0 _ -c_1000_-C_A Stress SSL3 RC4 128 with MD5 +# 0 _ -c_1000_-C_c Stress TLS RC4 128 with MD5 +# +# add client auth versions here... +# +# 0 -r -n_"Test_User"_-w_bogus TLS Request don't require client auth (bad password) |